Top 10 signs your computer may be part of a Botnet

There are few signs that indicate your computer is part of a botnet that might not be indicating something else. Any malware can cause almost all of the same symptoms that a bot can. Sometimes conflicts between programs or corrupted files can cause the same symptoms as well, but still, there are some signs that should not be ignored. So, in no particular order…

1)    Your fan kicks into overdrive when your computer is idle
This can indicate that a program is running without your knowledge and using a fair amount of resources. Of course this could also be a bunch of Microsoft updates being installed. Another problem that can cause the fan to kick in like that is excessive dirt in the computer or a failing CPU fan.

2)    Your computer takes a long time to shut down, or won’t shut down properly
Oftentimes malicious software has bugs in it that can cause a variety of symptoms, including long shut down times of a failure to shut down. Unfortunately, operating system bugs and conflicts with legitimate programs may cause the same symptom.

3)    You see a list of outbound Wall posts you didn’t send on your Facebook page (see example)

There are few reasons other than malicious software or having your account hacked that would cause this problem. If you see this happening, you definitely want to change your password and make sure you computer is not infected. Best to make sure your computer is not infected before changing your password!!! Don’t use your Facebook password on multiple sites!!!

4)    Programs are running very slowly
This can be a sign that hidden programs are using a lot of your computer’s resources. This also can be a sign of other problems. On Windows systems if there are 10,000 files or more in a single directory it can really bring a system to a crawl.

5)    You cannot download operating system updates
This is a symptom you cannot ignore. Even if it isn’t a bot or other malware, if you don’t keep your system patched your computer probably will get infected.

6)    You cannot download antivirus software updates / visit vendors’ websites
Malware often tries to prevent antivirus software from running or being installed. An inability to update your antivirus software or visit the vendor’s web site is a pretty strong indicator of malware.

7)    Internet access slows to a crawl
If a bot is using your computer to send massive amounts of spam or participate in an attack against other computers, or to upload or download a lot of data it can make your internet access very slow.

8)    Your friends and family have received e-mail message from you that you did not send
This can be a sign of a bot, other malicious software, or that your webmail account has been hacked.

9)    You receive pop-up windows and advertisements even when you are not using a web browser
While this is a classic sign of adware, bots can install adware on your computer. You definitely want to get this problem taken care of.

10)    Windows Task manager shows programs with very cryptic names or descriptions (the highlighted line is the example – taken from a Koobface infected system – user’s name was removed for privacy)
 

Using task manager requires some skill and research. Sometimes legitimate software uses cryptic names as well. An entry in task manager is generally not enough to identify a program as being bad. This can help you find bad programs, but many additional steps must be performed to validate you findings. Killing processes and deleting files or registry entries because you “think” it is a bot or other malware can result in the inability to even boot your computer. Be very careful of making assumptions and acting on them.

ESET Research Team