University of DuhokFaculty Of Science Computer Department

Submitted by: Dler Omer Ahmad Mamand

HOW TO KNOW YOUR COMPUTER

HAS BEEN ATTACKED

Step 1

Msconfig

Step 2

Step 3

start run regedit HKEY_LOCAL_MACHINE Software Microsoft window current Version run

Regedit

1. First make sure that how many users’ accounts are there in your computer

2. Find out if there are any unknown accounts with higher privileges.

3. Someone may create a user account without your knowledge and can use that account to access your system from a remote location.

User Account

4. Go to the control panel5. open the user accounts and check if the

user is turned off and if there is any other account that you did not create.

6. Delete any unknown account except known account

User Account

User Account

User Account

System.ini

Is not Hacked

Is HackedTimer=timer.drv*** *** ***

Net User

Go to the the run Write cmd Write netstate –ano watch state established and pid number Go to the task manager Go to process look the pid number Right click to the pid open file location and

delete this server or vires

Netstat -ano

Process Red color : finish the work Process green color :is hacked and continue Process Yellow color : hacked and changed

port and server

TCP View

TCP View is application :is check computer

TCP View

THANK YOU ANY

QUATION?