Regaining Control of Your PC After a Hack Attack

Man looking at computer in despair
uniquely india/Getty Images
Was this page helpful?

Hackers and malware seem to be lurking in every corner of the Internet these days. Clicking  a link, opening an email attachment, or sometimes, just being on the network can result in your system getting hacked or becoming infected with malware.

What Should You do When You Find Out That Your System Has Been Infected?

Let’s look at several steps you should consider taking if your computer has been hacked and/or infected.

ISOLATE The Infected Computer:

Before any more damage can be done to your system and its data, you need to take it COMPLETELY Offline. Don’t rely on just disabling the network via software either, you need to physically remove the network cable from the computer and disable the Wi-Fi connection by turning off the physical Wi-Fi switch and/or by removing the Wi-Fi adapter (if at all possible).

The reason: you want to sever the connection between the malware and its command and control terminals in order to cut off the flow of data being taken from your computer or being sent to it. Your computer, which might be under a hacker’s control, might also be in the process of carrying out evil deeds, such as denial-of-service attacks, against other systems. Isolating your system will help protect other computers that your computer may be attempting to attack while it’s under the hacker’s control.

Prepare A Second Computer To Help With The Disinfection and Recovery Efforts

To make things easier to get your infected system back to normal, it's best to have a secondary computer that you trust which is not infected. Ensure the second computer has up-to-date antimalware software and has had a full system scan which shows no current infections. If you can get a hold of a USB drive caddy that you can move your infected computer’s hard drive to, this would be ideal.

IMPORTANT NOTE: Make sure your antimalware software is set to fully scan any drive that is newly connected to it because you don’t want to infect the computer that you’re using to fix yours. You should also never attempt to run any executable files from an infected drive when it's connected to the non-infected computer as they may be contaminated, doing so could potentially infect the other computer.

Get a Second Opinion Scanner

You’ll probably want to load a Second Opinion Malware Scanner on the non-infected computer that you’ll be using to help fix the infected one. Malwarebytes is a excellent Second Opinion Scanner to consider, there are others available as well. Check out our article on Why You Need a Second Opinion Malware Scanner for more information on this topic

Get Your Data Off The Infected Computer and Scan The Data Disk For Malware

You'll want to remove the hard drive from the infected computer and connect it to a non-infected computer as a non-bootable drive. An external USB drive caddy will help simplify this process and also not require you to open up the non-infected computer to connect the drive internally.

Once you’ve connected the drive to the trusted (non-infected) computer, scan it for malware with both the primary malware scanner and second opinion malware scanner (if you installed one).

Ensure that you are running a “full” or “deep” scan against the infected drive to make sure that all files and areas of the hard drive are scanned for threats.

Once you’ve done this, you need to backup your data from the infected drive to CD/DVD or other media. Verify that your backup is complete, and test to make sure that it worked.

Wipe and Reload The Infected Computer From a Trusted Source (After a Data Backup Has Been Verified)

Once you have a verified backup of all the data from your infected computer, you’ll need to make sure you have your OS disks and the proper license key information before you do anything further.

At this point, you will probably want to wipe the infected drive with a disk wipe utility and ensure that all areas of the drive have been wiped with certainty. Once the drive is wiped and clean, scan it again for malware before returning the previously-infected drive back to the computer from which it was taken.

Move your previously-infected drive back to it’s original computer, reload your OS from trusted media, reload all your apps, load your antimalware (and second opinion scanner) and then run a full system scan both before you reload your data, and after your data has been transferred back to the previously-infected drive.