What To Do if you have been Hacked or Infected

Although I am writing this primarily for home computer users, many of the same principles apply for business networks. However, in a business environment, your IT department should handle cleaning the infection and checking the network for additional problems.

The Symptoms

How do you know if your computer has been compromised? It may be obvious - your computer might be displaying the incorrect pages when you browse the web, or it may be more subtle - your computer may be running slowly. I have had some friends tell me recently that their web-based accounts were hacked, but had not been accessed from any computer other than their own (possible keylogger).

Cleansing

The first step is to remove any and all hostile software that may be on your computer. This includes viruses if you have been infected, and backdoors if you have been hacked. If your computer is compromised, assume that your antivirus software was compromised as well. Uninstall it. From a clean (unaffected) computer, download the latest version of Avast Antivirus, AVG, or whatever antivirus software you have a license for, and burn the software onto a CD. From the CD, install the software on the affected computer. Update the software, run a full scan, reboot, scan again, until you are clear.

Securing

Once your computer is clean, you will need to secure the computer so this does not happen again. Download and install a high end firewall application (if you are looking for something free, Zone Alarm is one of the best free firewalls). Also, find and install a quality anti-spyware application.

Mitigation

Now that your computer is cleaned up and secured, it is time to mitigate the damage that could have been caused by the compromise. The first step is to secure your network. If you have any computers on the same network as the compromised computer, uninstall and reinstall the antivirus software, and rescan those systems to make sure any viruses were not transferred between systems. Also, any external backup media you use MUST be scanned before it is reused.
Finally, change all of your passwords on the compromised system, as well as all passwords that you used while using that computer. This includes all web-based e-mail systems such as GMail, social networks like Facebook and MySpace, your bank if you use online banking, etc. If your PIN number for any of your credit cards was on the computer, change the pin number. If any of your credit card numbers were stored on the computer, notify the banks that issued the cards.