# How to Check Computer for Security Issues



## ilovecats88 (Aug 16, 2012)

I use Windows Defender for my online safety, but I was wondering what all can I do to protect my computer itself from being hacked, and how I can check if someone has already hacked it. Are there any programs to check for malicious software that exists offline, as well as online? I previously downloaded System Look per a suggestion on here, so if there's anything that I can type in there I can scan for, please let me know as well. Is there a command prompt(s) I can use for these checks? Also, I noticed in my registry, there are file names for a company I used to work for, and I only ever did my work online, so I'd like to know how they got there, and how to delete all the registry files I no longer need, like the work ones, for programs I no longer use, etc. I am on Windows 8.1. Thank you!


----------



## Cookiegal (Aug 27, 2003)

I don't recommend using SystemLook on your own looking for things as you will quickly get into trouble if you start deleting files and registry keys that way. Even if you know the name of a malware file and look for it, there could be a legitimate file with the same name so you should only use that under the guidance of a Malware Specialist. When looking for malware the file size, date of creation/modifciation, signature, location and other things factor in when determining whether it's malware or not.

If you want your system checked for malware then I can transfer this to the Virus & Other Malware Removal forum for checking by one of our Malware Specialists. Otherwise, we only recommend running tools that are available to the public without guideance such as online virus scanners, AdwCleaner, MalwareBytes, SuperAntiSpyware and things of that nature.

Deleting registry files can be tricky and dangerous as well. Unless you suspect they are causing problems I'd recommend leaving them alone. Perhaps you can post a few samples of these keys without showing the name of the company.


----------



## lunarlander (Sep 22, 2007)

The way to protect yourself from getting hacked is to have a hardened system. A hardened system is setup using Least Privilege and minimization as guide lines. 

Least privilege means giving out the very least privilege to an account so that it can only do the things it is meant to do. So you create accounts for each task you want to do: Banking, Games, Blogging, Surfing and so on. And for each account you only allow those few programs that the account is meant to run. For the Banking account, you go to Quicken Accounting App, Properties > Security tab and remove the Users group. Then add only the Banking account name and give it Read, Read & Execute rights. Do the same for your browser (you have to use the browser to check bank balances online), Doing so enables you to track deviance, so lets say you one day find that your banking account is using OneDrive, then clearly something is not right. The simplest form of implementing Least Privilege is not to use the admin account for everyday things, only sign in to the admin account when you want to install programs, change networking etc.

Minimization means to eliminate features from Windows which you never/currently use. Programmers make programming bugs, that is a certainty. And some of those bugs are security holes. If you delete that program or disable it, then the bug will not come back to haunt you. Hackers use security bugs to attack a system. You see mentions online about exploits and hacker attacks; all those exploits are are snippets of code that attack specific programs which in turn opens a command prompt to the hacker, giving him full access to your computer. So lets say you have installed some extension to Chrome which you won't need anymore, it is best to remove it. Or if you never use Skype, then uninstall it in Settings > Apps. (note: Skype is actually attackable. A hacker has demonstrated it to me; you don't even have to be on a call, just have it running waiting for a call and bam! the hacker is inside your computer) If in addition you are using your admin account, the hacker gains absolute full control, and she can even kick you out by changing your password 

Two very simple security concepts. But they have far reaching implications.


----------



## zebanovich (Mar 2, 2019)

Turning you PC into a security fortress is not trivial thing to do,
depends on what kind of activity you do online.

Instead I'll just post few links as introduction for knowledge gathering:

Securing your browser:
https://www.us-cert.gov/publications/securing-your-web-browser

Privacy:
https://prism-break.org/en/

Encryption:
https://www.gpg4win.org/

Passwords:
https://pwsafe.org/
This guy explains a bit more about password safe
https://www.schneier.com/academic/passsafe/

Virus checking:
https://www.virustotal.com/gui/home/upload

Mail:
https://prxbx.com/email/

Windows Firewall:
https://docs.microsoft.com/en-us/pr.../it-pro/windows-server-2003/cc779199(v=ws.10)

That should be enough for start, but not even close to complete!

The best thing you can do to gain trust in your PC is by first fresh installing OS.
and start changing your habits, because computer user, that is you will first harm it self.
Start educating yourself reading articles, be up to date and that's it.


----------



## Cookiegal (Aug 27, 2003)

Areslane,

I've edited your post for language. Please be more careful in the future as this is a family friendly web site.


----------



## xerses (Jul 14, 2017)

You could install Syshardener or OSAmor,not for now,but for future protection.
I have Bitdefender Total Security+Syshardener+OSAmor.
For on demand scanning: HitmanPro+Emsisoft Emergency Kit & Norton Power Eraser.
It is only my way to keep safe along with common sense.
Kind Regards Xerses.


----------



## ilovecats88 (Aug 16, 2012)

These are all good tips, thanks! I'm going to see if I can do a fresh install of Windows on my computer and do the user group rules.


----------



## ilovecats88 (Aug 16, 2012)

Cookiegal said:


> I don't recommend using SystemLook on your own looking for things as you will quickly get into trouble if you start deleting files and registry keys that way. Even if you know the name of a malware file and look for it, there could be a legitimate file with the same name so you should only use that under the guidance of a Malware Specialist. When looking for malware the file size, date of creation/modifciation, signature, location and other things factor in when determining whether it's malware or not.
> 
> If you want your system checked for malware then I can transfer this to the Virus & Other Malware Removal forum for checking by one of our Malware Specialists. Otherwise, we only recommend running tools that are available to the public without guideance such as online virus scanners, AdwCleaner, MalwareBytes, SuperAntiSpyware and things of that nature.
> 
> Deleting registry files can be tricky and dangerous as well. Unless you suspect they are causing problems I'd recommend leaving them alone. Perhaps you can post a few samples of these keys without showing the name of the company.


I installed MalwareBytes, and it did find something called Coupon Printer which I quarantined, so thank you for the recommendation!


----------



## Cookiegal (Aug 27, 2003)

I would also look in installed programs and see if you spot anything referring to Coupon Printer there.

Then I also recommend you download and run MalwareBytes AdwCleaner (which is different from the MalwareBytes Free you already ran) just to be sure there wasn't anything missed.

https://www.malwarebytes.com/adwcleaner/


----------



## Cookiegal (Aug 27, 2003)

That makes no sense at all. Many users have little or no knowledge of how to harden an OS.


----------



## Cookiegal (Aug 27, 2003)

This thread is not about that your problems. We are helping a user here so please do not interject unless you have something helpful to add.


----------



## ilovecats88 (Aug 16, 2012)

I think a troll is in our midst. If you don't have something helpful to add, why comment? Like, I would love to know how to harden my OS, but you didn't give me any information whatsoever.


----------



## Cookiegal (Aug 27, 2003)

I deleted them as a spammer so no need to dwell on that.

Did you run AdwCleaner as I suggested and if so did it find anything?


----------



## ilovecats88 (Aug 16, 2012)

Cookiegal said:


> I deleted them as a spammer so no need to dwell on that.
> 
> Did you run AdwCleaner as I suggested and if so did it find anything?


Not yet, I did install that second program for MalwareBytes that I think you suggested? But whenever I click on it, it doesn't load anything?


----------



## Cookiegal (Aug 27, 2003)

Is the icon on your desktop?

Did you double-click the icon to open the interface?


----------



## ilovecats88 (Aug 16, 2012)

Cookiegal said:


> Is the icon on your desktop?
> 
> Did you double-click the icon to open the interface?


Oops, my bad, I meant I installed the MalwareBytes AdwCleaner. I ran MalwareBytes after installing it, and the odd thing is is that I can't seem to find the AdwCleaner anywhere on my system.


----------



## Cookiegal (Aug 27, 2003)

Where do your downloads normally go? Many go to a downloads folder unless you have indicated you want downloads to go elsewhere.


----------



## ilovecats88 (Aug 16, 2012)

Cookiegal said:


> Where do your downloads normally go? Many go to a downloads folder unless you have indicated you want downloads to go elsewhere.


They usually go to downloads. I did download and run the program, but it seemed like it did nothing when I clicked on it, and now I can't find any evidence of it on my computer. I do have Malwarebytes itself though.


----------



## Cookiegal (Aug 27, 2003)

It doesn't take long for that program to run probably less than a minute.

Please try to download it again but put it on the desktop. Then double-click the program to run it.


----------



## ilovecats88 (Aug 16, 2012)

Cookiegal said:


> It doesn't take long for that program to run probably less than a minute.
> 
> Please try to download it again but put it on the desktop. Then double-click the program to run it.


I finally found it and ran the program. It detected PUP.Optional.Legacy, PUP.Optional.MySearch, and then it also removed some HP bloatware from my computer. I decided to restore HP Coolsense, as it helps control the temperature of my laptop. Should I restore any other of the HP preinstalled programs it removed? The programs it removed include the following: HealthCheck, MediaSmart, RegistrationService, SupportAssist, and LenovoPowerDVD (I don't need this as my laptop doesn't even have a disk drive).

Thanks for all your help!


----------



## Cookiegal (Aug 27, 2003)

Iit would have been better to post what was found before taking action on the findings. I don't think you need any of those but they could have been left alone. You can restore them if you want but you can also install them from the website if they're needed for any reason.


----------



## ilovecats88 (Aug 16, 2012)

Cookiegal said:


> Iit would have been better to post what was found before taking action on the findings. I don't think you need any of those but they could have been left alone. You can restore them if you want but you can also install them from the website if they're needed for any reason.


Here are the findings:
# -------------------------------
# Malwarebytes AdwCleaner 8.0.2.0
# -------------------------------
# Build: 01-27-2020
# Database: 2020-01-24.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 02-08-2020
# Duration: 00:00:48
# OS: Windows 8.1
# Scanned: 34824
# Detected: 35

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.Legacy C:\ProgramData\AVG Security Toolbar

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Legacy HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
PUP.Optional.Legacy HKLM\Software\AVG Secure Search

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

PUP.Optional.Legacy https://mysearch.avg.com/?cid={9A207801-6006-4FC9-BDCD-5076954966FB}&mid=e1c262a580d047cc9d5575147094670b-b5d43b4715065e377872600f8a5b4343ca3fc05f&lang=en&ds=AVG&coid=avgtbavg&cmpid=0615piz&pr=fr&d=2015-11-19 10:44:52&v=4.2.0.886&pid=wtu&sg=&sap=hp
PUP.Optional.MySearch https://mysearch.avg.com/?cid={9A207801-6006-4FC9-BDCD-5076954966FB}&mid=e1c262a580d047cc9d5575147094670b-b5d43b4715065e377872600f8a5b4343ca3fc05f&lang=en&ds=AVG&coid=avgtbavg&cmpid=0615piz&pr=fr&d=2015-11-19 10:44:52&v=4.2.0.886&pid=wtu&sg=&sap=hp

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

Preinstalled.HPCoolSense Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP COOLSENSE
Preinstalled.HPCoolSense Folder C:\Users\Hotspot\AppData\Local\HEWLETT-PACKARD\HP COOLSENSE
Preinstalled.HPCoolSense Folder C:\Users\computer\AppData\Local\HEWLETT-PACKARD\HP COOLSENSE
Preinstalled.HPCoolSense Registry HKLM\Software\Classes\CLSID\{224695A4-BD5E-4C38-B354-A4C828E61BF7}
Preinstalled.HPCoolSense Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{8704FEEF-A6A8-4E7E-B124-BD6122C66E2C}
Preinstalled.HPHealthCheck Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{6F340107-F9AA-47C6-B54C-C3A19F11553F}
Preinstalled.HPMediaSmart Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C710CC50-87CB-410D-B8E2-4D98A4E46B15}
Preinstalled.HPMediaSmart Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MirageAgent
Preinstalled.HPMediaSmart Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}
Preinstalled.HPMediaSmart Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{01FB4998-33C4-4431-85ED-079E3EEFE75D}
Preinstalled.HPMediaSmart Task C:\Windows\System32\Tasks\MIRAGEAGENT
Preinstalled.HPRegistrationService Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP REGISTRATION SERVICE
Preinstalled.HPRegistrationService Folder C:\ProgramData\HEWLETT-PACKARD\HP REGISTRATION SERVICE
Preinstalled.HPRegistrationService Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C2E428EB-116E-41C0-9E84-B22DE9CCA42F}
Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT SOLUTIONS
Preinstalled.HPSupportAssistant Folder C:\ProgramData\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder C:\Users\Hotspot\AppData\Local\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder C:\Users\Hotspot\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Classes\CLSID\{335F9A62-FE4B-40CD-B4ED-BB4DE21DC95D}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{335F9A62-FE4B-40CD-B4ED-BB4DE21DC95D}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{C0ABBA07-B636-47B8-B9E1-BB96D7CD4831}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{55065080-504F-43BB-BE00-36B80D7D39A5}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}
Preinstalled.LenovoPowerDVD Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|RemoteControl10

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########


----------



## Cookiegal (Aug 27, 2003)

That's fine. Since they've all been removed though you can let us know of any problems occur where you might need any of the pre-installed stuff but many people uninstall those things which are commonly referred to a bloatware.


----------



## getrex (Oct 16, 2018)

Cookiegal said:


> I don't recommend using SystemLook on your own looking for things as you will quickly get into trouble if you start deleting files and registry keys that way. Even if you know the name of a malware file and look for it, there could be a legitimate file with the same name so you should only use that under the guidance of a Malware Specialist. When looking for malware the file size, date of creation/modifciation, signature, location and other things factor in when determining whether it's malware or not.
> 
> If you want your system checked for malware then I can transfer this to the Virus & Other Malware Removal forum for checking by one of our Malware Specialists. Otherwise, we only recommend running tools that are available to the public without guideance such as online virus scanners, AdwCleaner, MalwareBytes, SuperAntiSpyware and things of that nature.
> 
> Deleting registry files can be tricky and dangerous as well. Unless you suspect they are causing problems I'd recommend leaving them alone. Perhaps you can post a few samples of these keys without showing the name of the company.


Confirm! I've already encountered this at work.


----------

