I Am Seeing Hkey_current_user Chinese Characters On My Regedit - Should I Be Worried?
I am having this doubt that my system has been hacked into. I notice huge drops in free hard disk space for a while and then the space returns to near old values. A few days ago, when I clicked "my computer", I saw the properties of the computer instead of "my computer". SThe start menu showed me the same thing. I rebooted my system and things became normal. All my browsers hang for a while. Additionally, sometimes my FB login page looks weird and unlike the regular page (browser injection?)
If you in any way suspect that your system has been hacked first as you see hkey_current_user Chinese characters and foremost you should focus on backing up your data. Chances are you are going to have to wipe your entire system and start over, and you don't know how long you will be able to use your system.
- Once you have safeguarded your data there are some avenues for investigation I would pursue:
- Look at what is taking up space on your disk. Try and save some of it externally. There are few good reasons that your free space usage would see-saw like that
- Do a packet capture on your network interface and see what your system is contacting. Filter out what is genuine, and look up some of the rest to see if any are known c&c hosts for botnets
Of course, if your system has been taken over there's nothing you can do to gain 100% assurance that you've fixed it, as these days malware tends to be extremely persistent. Investigating these things tends to be more of an academic exercise, to find out what has taken over and understand it. You can sink a lot of time on investigation with no result, if it were me I'd back up my critical data and rebuild.