Regedit shows hkey_current_user Chinese characters in my system - Should I be worried?

674    Asked by AmyAvery in Cyber Security , Asked on Mar 14, 2022

 I suspect that my system has been hacked into. I see huge drops in free hard disk space for a while and then the space returns to near old values. A few days ago, when I clicked "my computer", I saw the properties of the computer instead of "my computer". Start menu showed me the same thing. I rebooted my system and things became normal. All my browsers hang for a while. Additionally, sometimes my FB login page looks weird and unlike the regular page (browser injection?) Then, there are these chinese alphabets in the attached image:


HKEY_CLASSES_ROOT

Is it possible that my system is infected with some stealthy malware? If yes, how do I check if it is really malware?


I am worried to death now. All the paid av, sandboxing, no-scripting finally might have amounted to nothing.

Answered by Andrea Bailey

If you in any way suspect that your system has been hacked and that is why you can see hmey_current_user Chinese characters first and foremost you should focus on backing up your data. Chances are you are going to have to wipe your entire system and start over, and you don't know how long you will be able to use your system.


Once you have safeguarded your data there are some avenues for investigation I would pursue:

Look at what is taking up space on your disk. Try and save some of it externally. There are few good reasons that your free space usage would see-saw like that Do a packet capture on your network interface and see what your system is contacting. Filter out what is genuine, and look up some of the rest to see if any are known c&c hosts for botnets Of course, if your system has been taken over there's nothing you can do to gain 100% assurance that you've fixed it, as these days malware tends to be extremely persistent. Investigating these things tends to be more of an academic exercise, to find out what has taken over and understand it. You can sink a lot of time on investigation with no result, if it were me I'd back up my critical data and rebuild.



Your Answer

Interviews

Parent Categories