Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

How do I clean up after someone's broken into my computer?

My computers’ security has been compromised. How can I rid my
computer of a remote intruder. I’ve had this computer for about 5 or 6 years.
… I found out about the nefarious activities only after the person left my
company. Although I can’t think of anything of value, this person is extremely
clever and smart. If getting rid of my computer and replacing it with a new one
is the only way to unequivocally extract this ‘spectator’ I’ll do it in a
heartbeat. However – what safeguards must be in place from day
1 with a new computer to prevent the same thing from happening again, plus
prevent any and all intrusions imparting absolute confidence in the security of
my personal computer?

A tricky problem, to be sure. Someone breaks in, you know they’re smart, but
you don’t what they did. Can you clean up and how do you keep it from
happening again?

The news really isn’t good.

Become a Patron of Ask Leo! and go ad-free!

There’s a school of thought that says if your computer has been compromised,
you have really only one option: reformat. That’s a drastic step, but if your
intruder is as adept as you indicate, it may be the best approach. If they’re
really good, they could leave hooks that you could never find.

In your shoes, I’d do the following:

  • disconnect from the net

  • reformat/rebuild the machine

  • rename the administrator account and give it a strong password

  • get thee behind a firewall, and avoid opening any incoming ports you don’t
    absolutely have to.

  • make sure to get ALL the latest security patches.

  • USE the administrator account as little as possible. Create user level
    accounts for actual day-to-day usage. Again, strong passwords all around.

  • Turn off all unnecessary services; Remote Desktop being the most

  • Consider an outgoing firewall (something like ZoneAlarm) to trap and/or
    monitor outgoing traffic.

  • Lastly: remember physical security. Another old adage is that if it’s not
    physically secure, it’s not secure. If someone can walk up to it, insert a
    floppy and reboot, then all the other security is for naught.

Readers: do you have additional tips for security? Add your comments

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

22 comments on “How do I clean up after someone's broken into my computer?”

  1. One tip you left out, which helps a little with physical security–set a BIOS password. Also, if you are worried about booting from a floppy, some BIOS’s have a setting to disallow booting from a floppy or they at least allow you to specify booting from the hard drive first.

  2. Never mind cleaning up, you have had that computer for 5 or 6 years, its prehistoric!

    Do yourself a favour, give the old one to charity, or sell it on ebay, and get a new one. You will thank yourself for doing so. The difference will be huge, it will be soooo much faster you wont believe it.

    Submit your blogs for free, find great blog sites.

  3. If you value the data on the machine, then a reformat is your ONLY option. Otherwise the intruder could have loaded a “rootkit” (look it up on google), which is essentially impossible to find. At this point, you don’t own your computer, the bad guys own your machine, and you’ll never be able to get rid of them (short of a reformat). They can use your machine to send spam, they can use your machine to attack other people, they can use your machine to host kiddy porn (and then you’ve got to explain to the police what the kiddy porn was doing on your computer (this is a very real threat, it’s happened in the past (see: for details)).

    The list of things that a sophisticated hacker can do to make your life unpleasant is quite large.

    Btw, Leo’s list of “day 1” suggestions is quite good (as always).

    [editted link through redirector – ln]

  4. Anti-Burn Proceedures for the sake of those at disarray of a smart hacker:

    Change your IP Address.

    Don’t BackUp if you think it’s tainted —
    Get some reliable help to sort through your current -vs- backups… try to rebuild from BU.
    — Some are familiar with a BU Plan and some aren’t — Depending on security issues; contact several security persons about this issue, then decide how you’re going to proceed.
    ***For those that don’t know – Don’t trust just a few others – Do your homework.

    Your best defense: BackUp often, and in different areas/formats!

  5. If you donate your PC, make sure that you remove the hard drive if you have personal info on it. Information is not necessarily deleted from a hard drive just because you hit the delete button

  6. can you help me beacuase someone has changed my password and my secret question. i would get a new account but i havnt saved my addys and i have loads what do i do?

  7. best advice is to download: zone alarm, adaware, and spybot search and destroy, and nortan anti virus. Disconnect from the internet take of any programs or folders that u dont need anymore of look a lil sus. Install all those programs and set them up, change your ip address. Download all the latest updates then back ofline and scan your computer clean. Also try and back up those valuable files.If u do want a new computer get 1 then load all that stuff onto it so that they cant access it again. If they continually do it and you cant fix it theres allways the good old baseball bat visit them aproach :P

  8. Is it easy for someone to brake in my email account and change the password? I’m trying to get in my yahoo account when I know that I have the password and id. It does not work….I think someone has changed my password but, how. Would they have to be a computer genious to change it?

  9. Hi
    I have a friend who I trusted to help me with my computer, he usually comes and helps when ever I have a problem, recently I find out that he know how to get into someone elses computer and see their bussines camara, now he can see whats going on from his home, I my self have a web cam and I wonder if he could have acces to my computer and know everything I do or write in my comp from his home. He was here last week and did something in the computer.
    I dont want to acuse him of something if Im not sure.
    I really apreciate if someone can help me

  10. Someone I know has broken into my email and sent trashy emails using my name. Also they are sending emails trying to distroy my business saying items have been recalled. How do I catch them after the fact. Is there a way to get the IP number from the computer they used so I can prove they were the sabatogers.

  11. A person I trusted a lot has a lot of computer knowledge. He works in a data center. He has opened an email address at my work to make it look like it was done on my computer, under my other user IDs, which were mine. HE wrote himself emails and turned me in to HR for a “hostile work environment”. I am really worried because he had both of my laptops for a few days each and now he is mad at me and seeking revenge. Is it possible for him to have gained remote access into my laptops to send futher emails that appear to be me? I also found my firewalls were off and I have an unsecure wireless network I used for a while. I am really scared. I am now being investigated at work and I know his knowledge and anger will get me fired. How do I prove my innocence with someone who had total electronic access and ability to set me up?

  12. Hi, I have a small company. I fired someone the other day, and they used our compnay password to take down a few job ads that we had up on our job board. Do you know the law pertaining to this kind of behavior? I know it’s criminal behvior, but is it worth trying to put the person in jail?

    Hash: SHA1

    “Is is worth it?” – that’s not a question I can answer.
    That’s something you want to ask an attorney.


    Version: GnuPG v1.4.7 (MingW32)


  14. I have also had my aol,gmail email accounts hacked by someone that was very close to me. If she had access to my laptop in my home could she have gotten the passwords that way. I did have a couple of my accounts the the passwords remembered on my old laptop. She has been sending nasty emails from one of my email accounts also how do i find out where these emails were sent from? It was an aol account that she had access to of mine. I have the emails in the sent box im trying to find out where they were sent from the ip information?
    Any help would be appreciated.

  15. I too had my computer access compromised as a remote user on the company’s PC in my home. Someone hijacked my e-mail address, both personal and my work Lotus Notes accounts, andn were sending damaging e-mails to others with my address. I have always used either Verizon or Comcast high-speed, but I was pushed to try “remote access,” which I believe was constantly trying to be setup on the PC, which would not work. I could not stay connected at all, until I put a router between my cable modem and the PC, but then I was “slammed” every 15 minutes until I took the router off. Because of all this, my work reputation has been ruined, my skill reputation has been ruined, and I am finding it extremely difficult to rebuild my reputation. I have been “black-balled” out of the business that I was in, and now can only find part-time work doing menial tasks in the same field; however, my bosses have perceived me to be unintelligent. I will graduate with a bachelor’s degree in a technology field, and actually have an associate degree in a technology field. HELP! HOW DO I REINVENT MYSELF AND REGAIN MY WORK REPUTATION SO THAT I CAN FIND A DECENT JOB? Will I need to completely start over? I have been sent into almost finanacial ruin because of these lies and underhanded tactics at my former employer. The techs at work were constantly “reformatting” the PC, which was work’s, but I couldn’t even do my job — it was like there were constantly two people (at least) connected on with me at all times. My cable company administrator told me that he was watching my connection and help me one time when the PC “crashed.” We found some kind of ancient NT error — it took down everything. After I didn’t have to connect to that employer anymore, IMMEDIATELY my problems disappeared.

  16. I work in an office and i have found that a person who has adminstrator access has went into my computer over ridded my codes and taken away a programme that was set up on my system . He did this when i was on my day off. Should he have come and said he wanted to go into my computer , and explained why he was taking this programme away as this programme was part of my job. Our firm is closing down due to retirement , but surely he just cannot go in without saying. He could have waited till i returned the next day and i would have let him in under my codes. Why have personnel coeds if someone can just go in and over ride them, when they want to.

    Administrative access is administrative access, and this serves as a good reminder that your work computer does not belong to you.


  17. I have a question. I think someone might be looking at my email files using Outlook web access. I believe they already have teh usernames and passwords.
    Is there a way to track who is looking at my messages?

    You’d have to check with your email service provider.


  18. This is not a comment, but a question and im on my wits end… So my ex-hubbs and i are divorced for over 3 years, we have to communicate because of the child we have together, however i noticed at first that some emails between me and him dissapeard from my email account.. first i was like damn i must have deleted them in accident, then more and more disapeared… now he seems to know on social sites what i post etc… even though we blocked each other and my profile is on private..and we also do not have any friends in common… i recently had my email account suspended etc because of weird activity.. was able to get it back.. the list of things is long, now my question is, i know my ex is a IT specialist and works for a internet security firm, i am almost certain he hacked into my computer thrue my ip adress, is there a way i can find this out for sure? and if, what can i do to stop it and / or prevent it from happening again…


Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.