15 Ways to Tell if Your Computer has a Virus / 15 Signs that Your Windows PC is Infected with Malware
- Slow Computer
- Too Many Ads
- Pop-up Windows
- Locked/Encrypted Files and Folders
- Homepage, New Tab Page, and Search Engines Hijacked/Websites Redirected
- Accounts Hacked
- System Crashes
- Fake Sent Mails
- New Unknown Icons
- Internet Data Usage Surge
- Hard Disk Activity Surge
- Antivirus and Firewall Turned Off
- Access to Windows System Tools Disabled
- Infected Removable or External Storage Devices
1. Slow Computer
A malware attack is not the only cause for a slow PC, and not all malware slow down your PC. Each malicious program is created to perform a specific task, and those that are meant to disturb, disrupt or destroy the normal working of the computer will do that.
Your computer will only be slow when it is using the hardware resources to and beyond their limits. If you are really low on system resources then your PC will feel slow even while without any running any programs. On the other hand, if it’s a fairly new computer, and runs fine most of the time, but has suddenly become unusable then there are chances of a malware attack.
With the rise of the blockchain technology and various cryptocurrencies based on it, a new type of malware has started appearing, it is the Cryptocurrency Mining Malware. Cryptojacking is kind of malware or hacker attack where a hacker infects computers with mining malware, and then uses the processing power of these compromised computers to mine cryptocurrency (digital currency) on his behalf.
2. Too Many Ads
Almost all of the websites on the Internet, and some free programs or free versions of paid programs display a limited amount of ads to generate money from their services and products. But, if you find your computer bombarded with ads from all sides, then there is something wrong.
Adware can be categorized into two categories – Good Adware and Bad Adware. A Good Adware is a program that displays ads in the program. These programs do not deal with any type of malicious activities; clicking on the ads displayed in program windows takes you to the legitimate websites. For example, if a free program is displaying an ad, promo, or offer about a pro, premium, or paid version of that program, then clicking on that Ad will just take you to their website where you can purchase that software.
On the other hand, a Bad Adware is a program that integrates harmful adware modules in its installer and program files. One example is Orbit Downloader with OpenCandy.
These adware modules can perform various harmful activities such as collecting and transmitting the user data in the background without user’s consent, installing additional modules, installing sponsored PUPs/PUAs, etc. The most visible damage done by these programs is the changes made in the web browsers. These programs change the Homepage, New Tab Page, Search Engine for all the web browsers installed on the system. They are also capable of adding web browser items such as Toolbars, Plug-ins, Add-ons, Extensions, and BHOs.
3. Pop-up Windows
If you see a lot of automatic computer scans and scan results showing that your computer is severely infected with deadly malware, and you need to purchases this software to remove these malware from your computer then you have been infected with a Rogueware. A Rogueware is a malware masquerading as an antimalware.
A Rogueware tries to make its victims believe that his computer is infected with malware by showing fake scans, fake scan results, and fake malware. It then tries to persuade the user to purchase the software to clean his infected computer.
A Rogueware is more annoying than dangerous. It continuously shows various pop-up windows, alert boxes, messages in notification box, etc. It does not stop at just one purchase, the main aim of a Rogueware is leading its victims to a special malicious website, and then stealing their bank account and card details.
If you are seeing a lot of Toolbars in your web browsers that you don’t remember installing yourself, then it’s time to run a scan.
These Toolbars come under the category of Potentially Unwanted Programs (PUPs) or Potentially Unwanted Applications (PUAs). A PUP or PUA could be anything from a program that may be useful to somebody else but not to you, to a malicious software leaking your information to its creator.
It’s important to know the origin of these Toolbars because sometimes they lead you to malicious websites through the bookmarks, search box, and other advertisements listed on them.
5. Locked/Encrypted Files and Folders
There is one type of Malware whose presence you’ll never miss, and that is called a Ransomware. Most of the Ransomware notify their victims in a straight-forward way that their files have been encrypted, and they need to pay ransom to get them back. But there are some that like to improvise a little; they display messages like they are the FBI, and they have encrypted your computer and files because some illegal data was stored on it, or illegal activities we performed on it, and now the user needs to pay a specific sum of money as fine to get the files back.
A Ransomware is the most logical types of Malware; it will not destroy your files for any stupid reason, and it does not slow down the computer, or steal user data. It’s philosophy is simple. It just takes the files hostage by encrypting them, and then demands a ransom to decrypt them.
6. Homepage, New Tab Page, and Search Engines Hijacked /Websites Redirected
The most used software type is a Web browser. Tempering with the web browser makes it easy for the hacker to take control of the system in a number of ways. There are various things that can be accomplished by controlling or hijacking the web browser settings.
The first target of Browser Hijackers is the Hosts file, a file that acts as mini DNS for your computer. A Hosts file contains a list of IP Addresses and their corresponding website names (domain names).
Malware change the addresses mentioned in the Hosts file such as localhost. They also add additional entries for some of the most popular sites in order to redirect these websites to other malicious IP address (websites). For example, if the IP address of Google is 18.104.22.168, and the malware creator wants to redirect you to a malicious website whose IP address is 22.214.171.124. Then, all he has to do is add an entry of google.com with 126.96.36.199 in the Hosts file. The next time you enter google.com in your web browser, you will be redirected to the server of the malicious website mentioned in the Hosts file, and not to the servers of google.com.
Similarly, the Browser Hijackers change the homepage, new tab page, and default search engines of web browsers to generate traffic for a particular website, or to lead users to malicious or phishing websites.
7. Accounts Hacked
If you are unable to access your online or offline accounts that require a username and password, then this could be because of the presence of a Keylogger or a Spyware on your computer. These programs do not interrupt the normal operations of Windows; you may not even notice any changes in the system performance with these malware running in the background. These programs log your keystrokes i.e., everything you type, and then send these log files to their creator, Hacker or Cyber-criminal. So, if your accounts are compromised then that could be the result of a Spyware or a Keylogger working on your system. Find and remove all malware by scanning your computer, and then change all of your passwords.
8. System Crashes
Viruses infect files, delete, and modify files rendering system unusable and unbootable. If the files infected are Windows system files, or the files required for booting, then your computer may not be able to boot. In case of an infected, deleted, or modified program file, some of the programs may not run properly; the programs that are able to start may crash suddenly. Windows and programs not responding, freezing, hanging, sudden system shutdowns, and Blue Screen of Death (BSOD) are some of the examples of a System crash.
A System crash could happen due to various reasons such as program incompatibility, low hardware resources, power cuts, etc. Running a full system scan can tell you if the crash was due to malware or not.
9. Fake Sent Mails
Malware have been using the “social network” way before the inception or popularity of the modern social networking websites. Some types of Malware use Emails, Social Networking websites, and Networking devices to spread. If you notice any posts on your media dashboards, walls, homepages, etc. that you don’t remember posting yourself. Or, if you find out about some unusual emails sent from your email mailboxes that you did not send yourself, then your computer could be infected.
Worms and other kinds of malware such as Trojan Horse, Ransomware, Bots, etc. that have the capabilities of a Worm use the Internet connections to propagate automatically.
10. New Unknown Program Icons
Most of the Malware like to work in the background. But there are those that put themselves right in front of the user, and they do that for a reason.
So, the new unknown icons means the shortcuts placed by malicious programs on your Desktop. This is another method used by malware to infect computers. A relatively unknown program, which itself is not infected, is downloaded on the user machine. This program downloads the actual malware that helps the hacker take control of the system. The newly downloaded files could be any kind of malware and perform any type of action. The program that is placed in front of users, and which downloads the actual is known as Trojan Downloader.
Creating a new program in not the only method used by these Trojan Downloaders. Instead of creating a completely new program, most of the times, the hackers use tools like file binders, crypters, spoofers, pumpers, icon changer, etc. to attach the malicious software (malware) or malicious code (malcode) into a legitimate file such as a software executable, video, audio, image files, documents, etc. The output file extension, size, icon, etc. all can be customized. The aim of the malware creators is to create a fully undetectable file (FUD) that will not be detected by Antimalware programs.
11. Internet Data Usage Surge
Another way that you can use to identify if there is something wrong with the system protection is by looking for any sudden surge in the Internet data usage.
Your computer could be used by malware to perform Denial of Service (DoS) or Distributed Denial of Service (DDoS) attacks on websites and servers. Or, the malware could download additional tools in the background to damage. Certain types of malware send sensitive user information from the user computer to the programmer.
If you notice high network activity even when you are not using Internet then a malicious software such as Adware, Spyware, or Keylogger could be running in the background and transferring data from your computer to the Internet and vice-versa.
First, make sure that no legitimate software or app is running and using the data in the background. Windows itself sends some data in the background through Telemetry. Windows could be using the Internet for various other purposes such as downloading Updates, sending Error Reports, etc. All of the applications installed on your system also download and install Updates. Then, there are those apps and software that never actually shut down when you click the big red close button. They are always running in the background.
You can use your firewall, a network monitor software, or the pre-installed Resource Monitor tool to find the processes using the Internet.
12. Hard Disk Activity Surge
If you suddenly find yourself low on disk space or notice more than usual hard disk activity then a malware infection could be the reason behind this.
Some types of Malware such as Worms create copies of themselves in each folder of each drive or partition. Each of these copies has the same size. Depending upon the number of drives, partitions, and folders in your computer, you may lose a random amount of your disk space to these Worms.
13. Antivirus and Firewall Turned Off
So logically, what’s the first thing that a virus should do after entering a system? Disable the Antivirus, that’s right! If you notice that your antivirus, firewall, and other security software products are turned off, and you definitely did not disable them, then there could be a malware on your system. Most of the security programs have different icons for their enabled and disabled state. So, if your security software is disabled, you would notice it immediately from its disabled icon on the Notification area of the Taskbar.
Many Antivirus programs have a self-protection setting, which, basically, lets you set a password for the settings section of that program. Next time onwards, when you want to make a change to the settings of that program, you would first need to enter the password to unlock the program. If your antivirus, firewall, and other software have this program-password-protection option, then make use of it.
14. Access to Various Windows System Tools Disabled
One thing that many malicious programs do is disable the user access to those Windows System Tools that could be used in attempting any kind of recovery from a virus attack. Windows has multiple tools that are used for managing processes, Windows behaviour, and other system-level operations. These are – Task Manager, Registry Editor, Local Group Policy Editor, System Configuration, and Control Panel; the access to these and other similar programs in disabled by malware to prevent the user from attempting recovery from within Windows.
You can use an external recovery environment such as a bootable Antivirus USB/CD Rescue Disk to perform a full system scan, and then delete the detected malware, and any temporary files.
15. Infected Removable or External Storage Devices
If your removable or external storage devices such as USB flash drive, memory card, or external hard disk drive are infected, then chances are that your PC is also infected with Malware. Having an Antivirus installed on your computer does not guarantee complete protection from all threats. Even the best antivirus is not able to detect all of the malware. So, if a friend tells you that the antivirus installed on his/her computer detected a malware on your storage devices, then you should scan your computer with a second opinion malware scanner and removal tool.
There could be two scenarios here – One is that your Antivirus failed to that malware, and two is that the malware detected on the other computer was a False Positive. The results of the second opinion malware scanner will clear everything.