What should I do if I think my computer has been hacked?
Disconnect from the internet immediately, run a malware scan, change all passwords from a separate device, and consider reinstalling the operating system if you cannot be certain the machine is clean.
Last reviewed: 10 June 2026
Explanation
Discovering or suspecting that your computer has been compromised is alarming, but acting systematically limits the damage. The first step is isolation: disconnect from Wi-Fi and remove any ethernet cable. This cuts the attacker's live access and prevents further data exfiltration or remote commands while you investigate.
Boot from a trusted malware scanner. On Windows, Microsoft Defender Offline or Malwarebytes Premium can run a scan from outside the normal OS environment, making it harder for rootkits to hide. On Mac, Malwarebytes also provides good coverage. If you cannot boot normally, a bootable USB scanner is an option. Document anything the scanner finds.
Change your passwords — starting with your email account and any banking accounts — from a different, known-clean device (your phone on mobile data, not Wi-Fi routed through the compromised machine). Enable two-factor authentication. Revoke active sessions on your email and any financial accounts so any session cookies the attacker captured are invalidated.
If the malware was extensive or you cannot be confident the scan found everything (ransomware, rootkits, and advanced persistent threats can be hard to fully remove), the safest and cleanest solution is reinstalling the operating system from scratch. Back up important documents — ideally scan them for malware before restoring — but do not restore from an image backup created while the machine was compromised.
Common red flags
- Your computer is running unusually slowly or fan is constantly running when the device should be idle
- Unknown programs appear in your task manager or startup items
- Files have been encrypted and you see a ransom demand
- Your cursor moves or applications open without you touching the input devices
- Your security software was disabled or cannot update
- Friends report receiving suspicious emails or messages from your address
What to do now
- Immediately disconnect from the internet — unplug ethernet and turn off Wi-Fi
- Run a malware scan from a reputable security tool (Malwarebytes, Microsoft Defender Offline)
- From a clean separate device, change passwords for email, banking, and other key accounts
- Revoke all active sessions on your email and financial accounts
- Enable two-factor authentication on accounts that don't have it
- If you cannot be certain the machine is fully clean, back up only your data files and reinstall the OS
- Report any financial theft to your bank and national cybercrime authority
Frequently asked questions
My files have been encrypted and I'm being asked to pay a ransom — should I pay?
Law enforcement agencies generally advise against paying, as payment funds criminal operations and doesn't guarantee file recovery. Check nomoreransom.org for free decryption tools for known ransomware families before considering any other action.
After reinstalling Windows, do I need to worry about BIOS-level malware?
UEFI/BIOS-level firmware malware is extremely rare and typically used only in state-level espionage. For the vast majority of people, a clean OS reinstall provides complete remediation.