Don’t panic if you think your computer is infected with malware. Follow this guide instead.
If a ransom note suddenly appears on your PC screen, your PC has been hacked. But computer attacks are not always so drastic and clear-cut.
For the less obvious cases, you’ll need a finer sense and the right know-how. A quick solution is running a quick scan with your antivirus program of choice. If the tool detects a pest, then the matter is taken care of.
But sometimes the antivirus program doesn’t always locate the malicious code… and yet Windows behaves strangely. This is where you need to take a closer look at the symptoms.
1. Program and system react slowly
Symptom: The system suddenly runs in a sluggish manner. Programs boot up at a snail’s pace. CPU utilization (see below in the Investigation section) is at 100 percent.
Harmless causes: There are several harmless causes for a CPU utilization of 100 percent. Usually, a legitimate program is just working through a computationally intensive task. This can be the compression of a video or a complex image management task. On older PCs, even the playback of HD videos leads to high CPU load.
A second harmless possibility is a Windows 10 bug, which is already several years old. The Windows 10 task manager shows a load of 100 percent, although the CPU isn’t working that much. A third (but not so harmless) cause is bugs in programs or even in a Windows tool that claims the maximum CPU power for itself.
the best antivirus for most people
Norton 360 Deluxe
Dangerous causes: Alarm bells should be going off when the high CPU load is caused by ransomware. This encrypts all user files on the PC and then displays a blackmail message. With a large amount of data, the encryption process can take several hours.
Less dramatic but still undesirable are crypto-jackers (also called mining malware). These are malware that abuse your PC to calculate a digital currency, usually moneros. You can find a technical analysis of such malware here.
Investigation: The first thing you should look at is the task manager (press CTRL+SHIFT+ESC at the same time and click on More Details). Here you can sort the individual processes according to their CPU load. This way you can quickly identify the process, i.e. the program that’s sucking power out of the PC. If the display here is ambiguous, use the alternative task manager Process Explorer.
And, of course, a virus check with a second virus scanner is always a good idea. However, there are fewer and fewer antivirus tools that can be used in parallel with an installed antivirus program. Norton’s Power Eraser is recommended.
Solution: If you have found something that’s impacting the CPU load, Google the name of the process and add 100 percent CPU. You will most likely find a solution on the internet. If the task is causing trouble because of a bug, a program update usually helps. However, if a virus is behind the high load, clean it up with an antivirus program.
Caution: When searching the internet for a process name, you will usually come across cleaning instructions that recommend the use of shareware. Be careful here. Most of the time, these cleaning tools aren’t necessary because free antivirus software does the same job. The advertised shareware, on the other hand, either demands a high price or displays a bunch of advertising.
Browser: If the internet browser is the culprit for CPU load, then a crypto-jacker has probably spread itself in there. This uses your PC to quietly process cryptocurrency, or digital money. The solution here is simple. The mining code usually stops working as soon as you leave the website and close the corresponding browser tab. However, if the hostile code is in a browser extension, you must uninstall it. Our fourth tip explains how to track down rogue extensions.
2. The hard drive LED flashes like crazy
Symptom: Your hard drive’s LED lights up unusually often. If it’s an older HDD, the drive noise of the magnetic disks and the read/write heads can also be heard.
Harmless causes: There are a number of legitimate tools that cause intensive HDD use. These include the Windows index service, which you can configure under Windows Logo > Settings > Search > Search Windows. Or the antivirus program is currently performing a complete scan and is therefore causing the hard disk to work harder.
Dangerous causes: Among the most dangerous causes are, again, ransomware that encrypts all your data and then demand payment. In rare cases, spy code could be active on your computer and the attacker is currently searching through all your files.
Investigation: The best way to find out which program is causing the current load on the hard disk is to use the Windows resource monitor. First, press the key combination Windows-R and enter resmon in the run line. Switch to the Disk tab and click on Total to sort the active processes according to their read/write activity.
Ransomware is easily noticed by the fact that its read activity is about the same as its write activity. The index service or the virus scanner, on the other hand, shows a high read share with a very low write activity.
Solution: If you’ve identified a process as the culprit for the hard disk activity, you can obtain information about it on the internet. You can also end the identified process directly in the resource monitor. All you need to do is click on the process with the right mouse button in the Task Manager and select End Process.
If a suspicious program appears to be a virus, you can also upload the file to www.virustotal.com. There it will be checked for more than 50 viruses.
3. Surfing and streaming start getting weird
Symptom: Internet surfing falters, streaming videos keep stopping, and copies on your own network take half an eternity.
Harmless causes: In most cases, either your own Wi-Fi is causing problems or your internet connection is lame. It could also be a large upload or download is taking place. A large upload happens, for example, when you back up photos, videos, or other data to the cloud.
Dangerous cause: In very rare cases, your PC may be infected by malware and the attacker is copying large amounts of data to the internet.
Investigation: First, you should look in the resource monitor under the Network tab to see if a single task is causing a high network load. Next, test the Wi-Fi. To do this, connect your computer to the router by cable as a test. Finally, check your internet connection.
If your problem is that a certain website does not respond or responds slowly, a test with the service Down for Everyone or Just Me will help.
Solution: If your internet connection is slow, a quick call to your internet provider should help. If the slow network load is caused by a single process, upload the program to www.virustotal.com to test it for viruses.
4. Unwanted advertising in your browser or PC
Symptom: Windows with advertisements suddenly appear on your PC or your browser displays even more advertising than it did a short time ago.
Harmless cause: You’re on a website that displays an unusual amount of advertising. Perhaps it tricks the browser into opening new windows with more advertising.
Dangerous cause: Adware has permanently installed itself on your PC and now you’re getting constant advertisements. This can even be expensive if the adware pretends to be a virus warning and recommends a paid tool as a solution.
Investigation: Start a search with an anti-adware program. For example, the free Adwcleaner is recommended. If you suspect that the adware could be in your browser, then the following quick test is worthwhile. Start the browser without browser extensions. You can do this with Firefox via Menu Icon > Help > Troubleshooting Mode and then click Restart.
You can also start Firefox in safe mode by holding down the Shift key while you start the browser.
In Google Chrome, it’s more difficult to deactivate extensions. You can open a Chrome window without or almost without extensions via Menu Icon > New Incognito Window. Then close the other Chrome window.
In Edge, you can use the same trick and start a new browser window without extensions with Menu icon > New Inprivate Window.
Solution: If Adwcleaner has found the problem, it will remove the adware in the internet browser.
5. Android behaves strangely
Symptom: Your Android smartphone suddenly displays advertising windows or becomes unusually warm without a running app.
Harmless cause: You have installed an ad-financed app that displays ads more or less often.
Dangerous cause: You’ve installed adware that continuously displays advertisements. In rare cases, it might also be malicious code that tries to steal your online banking data.
Investigation: Use an antivirus app. For example, the free app Sophos Intercept X is recommended.
Solution: If the Sophos app finds malware, it can usually remove it.