Sometimes your system can be compromised, and there is no obvious indications that anything has occurred. Recently, however, we have seen cases of systems being hacked, when there was obvious indications that something had occurred.
When a user first logs in for the day, and their desktop has been changed, or new programs have been installed, that should be a red flag. While it is true that many larger companies will do updates after hours, if no one has said anything about it ahead of time, the user needs to alert their supervisor immediately.
What I have seen includes the desktop icons have been re-arranged. New icons on the desktop, especially ones for remote control such as VNC (Virtual Network Connection) and some of its variants. It could be just about anything that is just different.
If that occurs, the machine should be shut down immediately, and reported to a supervisor, or the IT department. If it is a case of legitimate changes having been made, there is no harm, and the machine can be brought back into service. If the changes are not legitimate, then by shutting down the potential for additional damages, such as stealing information, or participating in a botnet, are prevented while a course of action is determined.
At CCS we are very familiar with issues like this. Contact our support department if you suspect your have been hacked and your IT department is not familiar with this issue.