What to do if you suspect someone else is in control of your computer.
I get variations on this question often.
Someone believes their computer is being controlled remotely without their consent, or they believe their activities are being monitored in detail, or they believe their files and other information are being stolen or manipulated by others with malicious intent.
The bottom line is, they’re convinced someone is spying on them — or worse.
What happens next is… complicated.
Become a Patron of Ask Leo! and go ad-free!
Someone is in my computer!
By far the most common situation is that your computer is not being remotely controlled and you’re not being spied on. Much more common is that software, accounts, or equipment are not behaving as expected for more mundane reasons. The same basic security you should already be following still applies. If you do determine that you are being spied on, then locating trustworthy help for diagnosis and repair is critical.
Getting help
I need to start by saying that if this is actually happening to you, I cannot help you. This requires a level of access I don’t have and — quite honestly — a skill set I don’t have either.
But wait!
Before you run away, I definitely have some things for you to consider, steps to take, and advice to give if you believe yourself in this situation.
It may not all be what you want to hear, but it’s important to take the time to consider the situation carefully.
Most of the time, it’s a false alarm
Nine times out of ten, there is no one controlling your computer but you. No one is spying on you personally and no one is manipulating your files or email.
90% of the time, there’s nothing going on at all.1
Unfortunately, by the time people reach out with this question, that’s not the answer they want to hear. They’re absolutely convinced there’s something nefarious going on. Someone is out to get them. Someone is stalking them, spying on them, or out to cause them trouble.
I’ll say it again: nine times out of ten, those people are wrong.
What I see happening instead is confusion. A program didn’t behave as expected. An account password seemed to have been changed. A file or an email was lost. A mouse pointer started moving on its own. The computer started typing text all on its own. All of those scenarios have mundane explanations that are more likely than a malicious attack.
Without having a reasonable explanation for why those things are happening, it’s easy to jump to the conclusion that someone’s spying on you or taking over your computer.
Being certain is exceptionally difficult
Here’s the real problem: it’s very difficult to know absolutely what’s happening.
I can’t prove to you someone is not looking. Just like I can’t prove to you that your computer is not infected with malware, just like I can’t prove that my machine is not infected. I can’t prove a negative.
Nine times out of ten, however, on closer examination, more usual explanations for the behaviors you’re seeing become apparent. For example:
- You used a program in some wrong way.
- You typed in the wrong password.
- You accidentally deleted a file.
- You’re looking in the wrong place.
- You have a filtered view of some sort set on your email.
- Your mouse is dirty, or the surface it’s on is dirty or not mouse-friendly.
- You might even have accidentally turned on dictation to start the computer typing what (it thinks) you say.
All of those scenarios and many more are significantly more likely than someone gaining access to your computer and controlling it remotely in a way you would notice.
In fact, if you were actually being spied on, there’s a good chance you would never notice because true spyware, malware, and remote-control tools do a great job of hiding themselves.
Just because you have no explanation or can’t conceive of an alternate explanation doesn’t mean such an explanation doesn’t exist. More often than not, it does.
What to do Step 1: how to stay safe
So, how do you protect yourself?
It starts with the same old basics you’re probably tired of hearing:
- Use up-to-date security software.
- Keep your system and software as up-to-date as possible.
- Use strong passwords everywhere, and two-factor authentication whenever offered.
- Educate yourself to be on the lookout for phishing attempts, and never open attachments in email that you weren’t expecting or aren’t 100% certain are legitimate.
- Back up regularly.
- Secure your hardware.
That last one warrants some extra attention here.
What to do Step 2: secure your hardware
It’s critical that you follow all those steps above not just to prevent someone from spying on you, which is generally unlikely, but to keep your computer safe from all online threats — a much more common problem.
However, if you believe you’re worth being spied on, then that “secure your hardware” advice goes double for you. Specifically: never let anyone you don’t trust touch your computer or have access to your online accounts.
If someone you don’t trust has had access to your computer, or, as is also common, set up your computer and acts as your tech support:
- Stop using that computer (or account, or internet connection, or whatever the untrustworthy person has access to).
- Find someone you do trust to help secure your computer.
Which leads to the next step.
What to do Step 3: get help
If you are being spied on, manipulated, gaslighted, or harassed through your technology, it’s critical you get qualified, trustworthy help.
That generally means finding someone local or contacting a knowledgeable friend or family member. Remember, in this scenario, trust is more important than deep technical knowledge. Both are important, but without trust, all the technical knowledge in the world is for naught.
If you can’t find someone you trust who can help you, then to put it bluntly, you’re on your own. That means you’ll need to learn how to:
- Understand what it takes to keep a system secure. This is no small task.
- Install the operating system from scratch (the only way to make sure it’s not been tampered with).
- Install and configure appropriate security software and network configurations.
- Configure your online accounts for maximum security.
- Know what to look for when you suspect something is wrong. Don’t assume the worst, but do learn how to rule out the likely before jumping to conclusions.
Those are the steps you’ll need to take on your own if you have no one to turn to.
Do this
Don’t panic. Don’t jump to conclusions.
Do look for more mundane explanations for whatever behavior has you concerned that someone is in control of your computer.
Do run full anti-malware scans using your up-to-date security software.
Do review Internet Safety: 7 Steps to Keeping Your Computer Safe on the Internet. It applies in all situations where you’re concerned about your system’s security.
And if, indeed, you’re certain that you’re being spied on, or that your system is being remotely controlled, seek out trustworthy assistance from someone who can carefully examine, diagnose, and repair your system.
Podcast audio
Related Video
Footnotes & References
1: No, I don’t have data to cite here, other than my own experience answering questions for close to 20 years. I’m tempted to say the actual figure is closer to 99%.
If you suspect someone is controlling your computer remotely, and especially if it’s in real time, there is one thing you can try that should be obvious… but isn’t:
Unplug from the Internet and see what happens. By this, I mean physically unplugging the computer from your modem or router. Then see if the suspect behavior continues. No one can directly control your computer if they cannot connect to it!
Unfortunately, the key word here is directly — this advice takes no account of indirect control. In other words, if there’s malware involved, it’s a completely different story. Even then, however, disconnection may make a difference: just like any other software, malware can only do what it’s been programmed to do — its ability to respond appropriately to your actions will be limited.
So my advice, if you suspect direct outside control, would be to disconnect & see what happens. It’s by no means definitive, but if you suspicion is correct, you’ll at least have locked the person out!
Yep, as you say “ Do look for more mundane explanations for whatever behavior has you concerned that someone is in control of your computer.”.
The pointer on my laptop was suddenly no longer under my control and started moving windows around. I was about to start changing critical passwords when I realised that my grandson was playing with my wireless mouse in the next room…
Unplugging the Ethernet cable won’t help because your computer will reconnect to the internet via Wi-Fi in most instances. It would be better to turn off your router to ensure you’re completely disconnected from the internet. Then try to determine if someone is connected remotely.
“in most instances” — I disagree. Most computers do NOT have both ethernet and Wi-Fi. I know many do — including my own desktop — but honestly, if you have wired ethernet and are using it, then either you should disable the Wi-Fi anyway (so as not to accidentally use a slower connection), or you’ll not have configured it to access your Access Point, in which case it’s not connected by default.
I am surprised that you did not suggest disconnecting from the internet. Obviously if you are not connected and the behaviour still continues then no one can be remotely controlling your machine. That will ease their mind and then they can look at all your suggestions like dirty mouse, etc. and figure it out.
I also expected that you would suggest restoring from a backup prior to this happening, if indeed someone is remotely controlling your machine. If they gained access through malicious software, then restoring from a backup should get rid of the malicious software, right? (assuming you go to an early enough backup and that could be difficult figuring out sometimes)
Hi Leo,
This Twitter troll, {link removed} has a habit of semi-doxing people who challenge him/her online. He knows the location of people online. It looks as if he’s a hacker because I’ve noticed people delete their accounts. How can a Twitter user know where people live. He/she has displayed postal codes and and city locations. How?
It’s not possible. Twitter doesn’t reveal users’ IP numbers, and even if they did, an IP address doesn’t reveal more than your ISP and general location which can be off by up to hundreds of kilometers.
What Can People Tell from My IP Address?
Finding the Owner of an IP Address
As Mark points out, you can’t get this from just the IP address, and Twitter doesn’t expose that anyway. My guess is that he’s also using some form of data collection (reviewing people’s social media where they often just publicly share the information he can then parrot back to them), or social engineering to get them to do so.
There’s quite a few people using scare tactics these days, preying on people’s gut instinct to avoid trouble. And not just internet on the phone too. Canada has been plagued with scam phone calls pretending to the CRA (equivalent to IRS for you Yankees) or Employment and Social Development (people who hand out social insurance numbers … equivalent to social security numbers) threatening to take legal action/issue arrest warrants if you don’t call them back immediately and negotiate a settlement. It’s amazing how many people fall for these scams out of fear of not wanting to cross the government without thinking that this is not the way the government operates (at least in Canada, you can’t pay your tax bill with iTunes gift cards, a popular payment method in the scam).
I see this as just another one of those, trying to scare people in to doing something.
Nine times out of ten when the computer is not doing what it should, or that windows properties are going haywire, it is the Microsoft server reaching out to you to encourage you to upgrade, so you can contribute to its coffers on a regular basis…think Office 365.
I have a 1300-page word processed log on Microsoft server harassment, 8000 screenshots, and 700 videos to evidence this. I am taking Microsoft to court. So, please inform yourself minimally before writing articles that mislead the readers of your blog
That’s an unfounded conspiracy theory.
You haven’t seen a single piece of the thousands of pieces of evidence I have collected, in accordance with the laws of evidence stated by the courts, but you already have the answer to my 7 years of harassment. How much weightage should I give to your considered response! I can tell you are a been-there-done-that guy who has all the answers.
While I don’t agree with your premise, I look forward to the results of your court case. Please share it when complete.
I have already sent you my Attorney brief as an attachment to an email some 5-6 months ago. Please search your server for it, and you are likely to reconsider your premise.
Thank you.
As I said, please report back with the results of your lawsuit.
I wrote you a response, but Microsoft is not allowing it to be posted. I have sent you another brief this morning, which has been mangled by Microsoft and does not reflect the original document. Please read it for what it is worth.
Thank you.
Fortunately for me, I have never observed any phenomena that led me to believe that someone is remotely controlling my computer. First, I keep my computers as up to date as possible. Next, I practice Cognitive Security (a term I concocted that means being skeptically conscious/aware). Finally, I am a student of everything related to my computer. I understand how a Network works, and the protocols for wired and wireless connections. I also understand the fundamentals of how my computer works although I am not a trained technician.
I built this desktop PC with components I chose in 2021. I originally installed Windows 10, then upgraded to Windows 11 (my new PC meets Windows 11’s requirements). A while after the upgrade, my new wireless mouse began to act erratically, the pointer would ‘get stuck’ from time to time. This did not happen in Windows 10. I removed/reinstalled the mouse device (and drivers) using Device Manager and rebooted. No change. I tested the mouse on another PC. The problem did not occur on that PC. I reconnected the mouse to my desktop, and it continued to intermittently get stuck. I decided to revert to Windows 10 to see if the problem persisted. It was too late to revert, so I performed a clean install of Windows 10-21H2. Problem solved. I never did find out what caused the mouse issues, and now that patch Tuesday is here, after updating, I will retry Windows 11 again because I like the new interface, and if the mouse issue returns, I’ll first try to fix Windows using DISM from a command prompt (a step I forgot to take before) and if that fails, I’ll revert back to Windows 10 (before it’s too late this time). I suspect (with no tangible evidence) that the Windows 11 mouse driver (or something related to it) got corrupted before, so I’ll soon see what I’ll see.
Ernie
That mouse problem sounds like the mouse driver is incompatible with Windows 11. When that happens, you can go to the mouse manufacturers website and look for an updated driver. That’s not guaranteed to work as the manufacturer may not have updated the driver, but it’s worth a try.
Thanks for the response, Mark. I tried getting a new driver form Logitech’s website before reverting back to Window 10 – no joy there either. February’s Patch Tuesday has come, and I did re-install Windows 11. The mouse seemed to work O.K., but now the Microsoft Defender Dashboard is missing. When I click its icon in the task bar (the overflow corner? where does Microsoft get these names anyway?), I get a notification that I need to download an app . . .
It’s back to Windows 10 until next month. The trouble is, I really like the new user interface and I look forward to using many of the new/improved features that come with Windows 11 (particularly Notepad’s new dark mode, etc.). I really do wish that Microsoft had spent the time required to get Windows 11’s foundation right before they shipped it. New features are nice, but system wide stability is a must. If you ask me, an OS is a bit like a house. If the foundation is not solid and stable, the rest of the structure will crumble sooner or later.
My2Cents,
Ernie
“Cognitive Security”
Hi, Leo! If you like the term, feel free to use it :)
Ernie
Several Windows update scenarios can stall out your computer and make it behave erratically or very slowly. This usually happens because of stagnant use over a period of time when updates are offered or when prompts to update are ignored for too long. The obvious fix is to let the computer run overnight and then run update again and again until all of the updates are fully completed.
I would, and have, go into services and disable “remote registry”, at least that should stop the chance of someone taking over your computer. I also disable “retail demo service” and “routing and remote access”.
I am surprised that no-one has yet mentioned ‘Restore’ which, if I suspected that my laptop has been compromised, would be my first step and restore to a point before you realised that there was a problem.