HOW TO Recover from a Hacking Attack

Before you recover from a Hacking attack, you must check my previous post on how to check if your Computer has been hacked. You can apply different methods to recover from a hacking attack. This usually depends on the magnitude of infection and the files infected.

Let me share a personal tip with you. I always prefer not to store my important files in the partition where Windows has been installed. The reason behind this is very simple. All the programs that you install in Windows are installed in the same partition as that of Windows. For example, if you have installed Windows in C:/ all the programs would be installed in C:/Program Files or sometimes just C:/ So now I have only the program files and Windows in C:/ If my PC gets infected, the malware would be installed in C:/ and not in any other partition. If I am unable to figure out the infected files, I would simply re-install Windows on the same partition (C:/) All I lose is the installed programs. Being a geek, I love to have the set up files in another partition, so it just takes a few minutes for me to install those programs back. Al other important files which were saved in the other partition remain in the same location uninfected :)

Trace Infected Files

Tracing infected files is very easy. You can scan your PC with Anti Virus or Anti Trojan program which will list out all the infected files. Be sure not to fix those errors, as this might be a hindrance in further inspection of infection. Locate the malware files and copy them into a password-protected compressed file (zip file). Make sure you don’t run those files. Attach the password-protected zip file to an email and submit it to Anit-malware vendors.  Click here to submit the suspected malware file This link will submit the file to 36 Anti-malware vendors. Alternatively, you can search for those files in Google and find out what it is and how dangerous it is. Also scan the file online through Virus total.

Reset Hosts Files

In case the malware is from sources like Facebook or any other social networking sites, you need to check your Hosts files. I had been a victim of such malware earlier and had to re-install Windows as I consider this is the best option to recover from a Keylogger attack. When such Malware affects your computer, you may not be able to access secure websites, or websites with secure connection i.e, https:// and you may have get a warning which says that the site is not safe! In such cases, you can follow the steps listed here.

Download and Run HijackThis (HJT) (Free)

Download HijackThis

After you install HijackThis, run a scan and save the log file. Do not fix anything using HijackThis as there may be many unnecessary findings. Copy the contents from the log file and do a search in Google again. Hopefully you will know which file is meant for what and hence trace the malware.

Backup Data Using Linux [Serious Cases]

Now, if none of the above steps have worked and the attack seems to be very serious one and if you are unable to logon to Windows, Linux is for your help. The best part of this is that Linux can read the same file system as that of Windows. You need to create a bootable disk of Ubuntu on some other computer and boot your PC using the bootable disk. In this case you need to boot the CD before hard disk. The instructions for this are given here.

Back up files using Linux

Once you have installed Ubuntu, you can choose Ubuntu when you restart your PC. Click on “Places” to access your Hard Disk and save your important files to a removable storage such as an USB Stick.

You can also decant data onto a DVD using a program called Brasero. Click ‘Applications | Sound and video | Brasero Disk Burner’. Select a data project from the list, then drag your files and folders onto Brasero’s interface. Once you’re done, insert a blank DVD and click ‘Burn’.

Disinfecting Or Re-installing Windows

If you are sure that the infection or the attack on your PC is because of a software you have installed, you can rol back Windows to a previous stage easily. Head over to the Control Panel and click on System Restore. This will restore your computer to an earlier stage and hence make it uninfected.

If rolling back does not help, the only option left is to re-install Windows and return it to factory condition. I consider this as the best option as Windows in factory condition will perform much better than the present condition. You have a backup of your important files anyway ;)

If you face any other issues, feel free to comment below :)

  • http://powerpointfinder.com Sahil Kotak

    Won’t it be good to just format the current installation and install a new OS back again?

    • http://www.blogotechblog.com Lalit Indoria

      Yes, that is the best option and I have mentioned it in the last :)

  • http://techatlast.com Olawale Daniel

    Awesome guide…many people have been suffering from site attack and that’s why you need to protect your site but in a situation where you’ve experienced hacking attempts or your site is being hacked – using these tips will help you get everything back to normal.

    Thanks for sharing this information :)