Check If Your Desktop Is Infected & Follow-Up Actions

This module is designed for non-technical users to help identify, contain, and recover from potential computer infections or hacks. Technology can be confusing, but securing your data does not have to be.

What you will learn:

  • How to tell the difference between a real virus and a "fake" scam pop-up.
  • What to do immediately if you think you are hacked.
  • How to secure your accounts and prevent future attacks.

Click "1. Signs of Infection" in the top menu to get started.

Step 1: Signs of Infection

Not every computer glitch is a hack. Learn to distinguish between real threats and common annoyances.

⚠️ Common Scam: The "Browser Notification"

Scenario: You see pop-ups in the corner of your screen saying "System Infected" or "McAfee Expired," even when your browser is closed.

The Truth: This is rarely a virus. You likely accidentally clicked "Allow Notifications" on a shady website.

The Fix: Go to Browser Settings > Privacy > Site Settings > Notifications. Remove suspicious websites.

💡 The Nuclear Option: If finding the bad site is too hard, go to your Browser Settings and search for "Reset". This restores default settings, disabling annoying extensions and clearing bad permissions without deleting your saved passwords or bookmarks.

Real Red Flags

  • Unexpected Slowness: Extremely high fan noise when you are doing nothing.
  • New Extensions: Toolbars or default search engines you didn't install.
  • Mouse/Cursor Moving: Without you touching it (Immediate physical disconnect required).
  • Account Alerts: Emails saying "New login from" that wasn't you.

How to Check Safely

1. Windows Users

A "Quick Scan" is good, but malware can sometimes hide from it while Windows is running. Instead, use the Microsoft Defender Offline scan.

Open Windows Security > Virus & threat protection > Scan options > select Microsoft Defender Offline scan. This will reboot your PC and scan it *before* Windows fully loads, stopping stubborn viruses dead in their tracks.

2. macOS Users

Your Mac has an invisible guard called XProtect that runs automatically. You cannot "open" it. For a manual check, download the free version of Malwarebytes for Mac to scan your system safely.

Step 2: Immediate Actions

If you confirmed a threat, act fast. Above all, don't panic.

1. Disconnect Immediately

Unplug your Ethernet cable or turn off Wi-Fi. This is the absolute best first step. It physically stops the malware from sending your private data to the hacker or downloading ransomware.

2. The "Full Screen" Scam Freeze

If your browser suddenly freezes with a loud siren noise and a big red screen telling you to call "Microsoft/Apple Support", DO NOT CALL THE NUMBER. It is just a webpage script trying to scare you, not a real hack.

Fix: Force close the browser.

  • Windows: Press Alt + F4, or use Ctrl+Shift+Esc to open Task Manager and end the task.
  • Mac: Press Cmd + Option + Esc to Force Quit.

3. Safe Mode

Restarting in Safe Mode loads only essential files, preventing viruses from running.

  • Windows: Hold Shift while clicking Restart > Troubleshoot > Startup Settings.
  • Mac (Intel processors): Shut down, turn it back on, and hold Shift immediately until you see the login window.
  • Mac (Apple Silicon M1/M2/M3/M4): Shut down. Press and hold the Power button until you see "Loading startup options". Select your main disk, press and hold Shift, and click "Continue in Safe Mode".

Step 3: Recovery & Prevention

Once the threat is removed, you must secure your data against future attacks.

1. Two-Factor Authentication (2FA) - Crucial Update

Passwords are no longer enough to protect you. You must turn on Two-Factor Authentication (sometimes called MFA) for your Email and Financial accounts.

This requires a second step—like a code sent to your phone or an authenticator app—to log in. Even if a hacker guesses your password, they cannot get into your account without holding your physical phone.

2. Password Security & Signing Out

Use a trusted password manager like Bitwarden, 1Password, or the built-in Apple/Google managers to generate unique passwords for every site. Avoid reusing the same password.

Important: Changing a password does not always kick the hacker out immediately. Always look for a button in your account security settings that says "Sign out of all devices" or "Revoke all active sessions".

3. Have I Been Pwned?

Most "hacks" happen because a company you bought something from years ago had a data breach. To check if your passwords have been leaked online, visit the safe, free website haveibeenpwned.com. Type in your email; if it shows up in red, change the passwords for those specific compromised websites immediately.

4. Check Email Forwarding Rules

Hackers often set up hidden "Rules" to forward a copy of your incoming emails (like password reset links) directly to them. Go to your Email Settings > Forwarding/Filters and delete any rules you did not personally create.

5. Defeating Ransomware with Offline Backups

If your files are encrypted (Ransomware), do not pay the ransom. It funds criminals and rarely gets your files back. The only true way to beat ransomware is with an Offline Backup.

Buy an external USB hard drive, back up your important documents, and—most importantly—unplug the drive when it is done. If it stays plugged into the computer, the virus will infect your backup too.

📝 Knowledge Check

Test what you've learned. Click the option you think is correct.


Q1: A pop-up appears in the corner of your screen saying "Virus Detected! Click here to fix." What is the most likely cause?

Q2: You suspect you are actively being hacked. What is the very first physical step you should take?

Q3: After removing malware and changing your email password, what sneaky setting must you check in your email account?

Q4: Your browser suddenly freezes, a loud siren noise plays, and a big red screen tells you to call "Apple/Microsoft Support". What do you do?

Q5: You discover your files are encrypted (Ransomware) and a note demands $500. What is the ultimate defense against this?