What to do if you suspect someone else is in control of your computer.
I get variations on this question often.
Someone believes their computer is being controlled remotely without their consent, or they believe their activities are being monitored in detail, or they believe their files and other information are being stolen or manipulated by others with malicious intent.
The bottom line is, they’re convinced someone is spying on them — or worse.
What happens next is… complicated.
Become a Patron of Ask Leo! and go ad-free!
Someone is in my computer!
By far the most common situation is that your computer is not being remotely controlled and you’re not being spied on. Much more common is that software, accounts, or equipment are not behaving as expected for more mundane reasons. The same basic security you should already be following still applies. If you do determine that you are being spied on, then locating trustworthy help for diagnosis and repair is critical.
Getting help
I need to start by saying that if this is actually happening to you, I cannot help you. This requires a level of access I don’t have and — quite honestly — a skill set I don’t have either.
But wait!
Before you run away, I definitely have some things for you to consider, steps to take, and advice to give if you believe yourself in this situation.
It may not all be what you want to hear, but it’s important to take the time to consider the situation carefully.
Most of the time, it’s a false alarm
Nine times out of ten, there is no one controlling your computer but you. No one is spying on you personally and no one is manipulating your files or email.
90% of the time, there’s nothing going on at all.1
Unfortunately, by the time people reach out with this question, that’s not the answer they want to hear. They’re absolutely convinced there’s something nefarious going on. Someone is out to get them. Someone is stalking them, spying on them, or out to cause them trouble.
I’ll say it again: nine times out of ten, those people are wrong.
What I see happening instead is confusion. A program didn’t behave as expected. An account password seemed to have been changed. A file or an email was lost. A mouse pointer started moving on its own. The computer started typing text all on its own. All of those scenarios have mundane explanations that are more likely than a malicious attack.
Without having a reasonable explanation for why those things are happening, it’s easy to jump to the conclusion that someone’s spying on you or taking over your computer.
Being certain is exceptionally difficult
Here’s the real problem: it’s very difficult to know absolutely what’s happening.
I can’t prove to you someone is not looking. Just like I can’t prove to you that your computer is not infected with malware, just like I can’t prove that my machine is not infected. I can’t prove a negative.
Nine times out of ten, however, on closer examination, more usual explanations for the behaviors you’re seeing become apparent. For example:
- You used a program in some wrong way.
- You typed in the wrong password.
- You accidentally deleted a file.
- You’re looking in the wrong place.
- You have a filtered view of some sort set on your email.
- Your mouse is dirty, or the surface it’s on is dirty or not mouse-friendly.
- You might even have accidentally turned on dictation to start the computer typing what (it thinks) you say.
All of those scenarios and many more are significantly more likely than someone gaining access to your computer and controlling it remotely in a way you would notice.
In fact, if you were actually being spied on, there’s a good chance you would never notice because true spyware, malware, and remote-control tools do a great job of hiding themselves.
Just because you have no explanation or can’t conceive of an alternate explanation doesn’t mean such an explanation doesn’t exist. More often than not, it does.
What to do Step 1: how to stay safe
So, how do you protect yourself?
It starts with the same old basics you’re probably tired of hearing:
- Use up-to-date security software.
- Keep your system and software as up-to-date as possible.
- Use strong passwords everywhere, and two-factor authentication whenever offered.
- Educate yourself to be on the lookout for phishing attempts, and never open attachments in email that you weren’t expecting or aren’t 100% certain are legitimate.
- Back up regularly.
- Secure your hardware.
That last one warrants some extra attention here.
What to do Step 2: secure your hardware
It’s critical that you follow all those steps above not just to prevent someone from spying on you, which is generally unlikely, but to keep your computer safe from all online threats — a much more common problem.
However, if you believe you’re worth being spied on, then that “secure your hardware” advice goes double for you. Specifically: never let anyone you don’t trust touch your computer or have access to your online accounts.
If someone you don’t trust has had access to your computer, or, as is also common, set up your computer and acts as your tech support:
- Stop using that computer (or account, or internet connection, or whatever the untrustworthy person has access to).
- Find someone you do trust to help secure your computer.
Which leads to the next step.
What to do Step 3: get help
If you are being spied on, manipulated, gaslighted, or harassed through your technology, it’s critical you get qualified, trustworthy help.
That generally means finding someone local or contacting a knowledgeable friend or family member. Remember, in this scenario, trust is more important than deep technical knowledge. Both are important, but without trust, all the technical knowledge in the world is for naught.
If you can’t find someone you trust who can help you, then to put it bluntly, you’re on your own. That means you’ll need to learn how to:
- Understand what it takes to keep a system secure. This is no small task.
- Install the operating system from scratch (the only way to make sure it’s not been tampered with).
- Install and configure appropriate security software and network configurations.
- Configure your online accounts for maximum security.
- Know what to look for when you suspect something is wrong. Don’t assume the worst, but do learn how to rule out the likely before jumping to conclusions.
Those are the steps you’ll need to take on your own if you have no one to turn to.
Do this
Don’t panic. Don’t jump to conclusions.
Do look for more mundane explanations for whatever behavior has you concerned that someone is in control of your computer.
Do run full anti-malware scans using your up-to-date security software.
Do review Internet Safety: 7 Steps to Keeping Your Computer Safe on the Internet. It applies in all situations where you’re concerned about your system’s security.
And if, indeed, you’re certain that you’re being spied on, or that your system is being remotely controlled, seek out trustworthy assistance from someone who can carefully examine, diagnose, and repair your system.
Podcast audio
Related Video
Footnotes & References
1: No, I don’t have data to cite here, other than my own experience answering questions for close to 20 years. I’m tempted to say the actual figure is closer to 99%.
If you suspect someone is controlling your computer remotely, and especially if it’s in real time, there is one thing you can try that should be obvious… but isn’t:
Unplug from the Internet and see what happens. By this, I mean physically unplugging the computer from your modem or router. Then see if the suspect behavior continues. No one can directly control your computer if they cannot connect to it!
Unfortunately, the key word here is directly — this advice takes no account of indirect control. In other words, if there’s malware involved, it’s a completely different story. Even then, however, disconnection may make a difference: just like any other software, malware can only do what it’s been programmed to do — its ability to respond appropriately to your actions will be limited.
So my advice, if you suspect direct outside control, would be to disconnect & see what happens. It’s by no means definitive, but if you suspicion is correct, you’ll at least have locked the person out!
Yep, as you say “ Do look for more mundane explanations for whatever behavior has you concerned that someone is in control of your computer.”.
The pointer on my laptop was suddenly no longer under my control and started moving windows around. I was about to start changing critical passwords when I realised that my grandson was playing with my wireless mouse in the next room…
Unplugging the Ethernet cable won’t help because your computer will reconnect to the internet via Wi-Fi in most instances. It would be better to turn off your router to ensure you’re completely disconnected from the internet. Then try to determine if someone is connected remotely.
“in most instances” — I disagree. Most computers do NOT have both ethernet and Wi-Fi. I know many do — including my own desktop — but honestly, if you have wired ethernet and are using it, then either you should disable the Wi-Fi anyway (so as not to accidentally use a slower connection), or you’ll not have configured it to access your Access Point, in which case it’s not connected by default.
I am surprised that you did not suggest disconnecting from the internet. Obviously if you are not connected and the behaviour still continues then no one can be remotely controlling your machine. That will ease their mind and then they can look at all your suggestions like dirty mouse, etc. and figure it out.
I also expected that you would suggest restoring from a backup prior to this happening, if indeed someone is remotely controlling your machine. If they gained access through malicious software, then restoring from a backup should get rid of the malicious software, right? (assuming you go to an early enough backup and that could be difficult figuring out sometimes)
Hi Leo,
This Twitter troll, {link removed} has a habit of semi-doxing people who challenge him/her online. He knows the location of people online. It looks as if he’s a hacker because I’ve noticed people delete their accounts. How can a Twitter user know where people live. He/she has displayed postal codes and and city locations. How?
It’s not possible. Twitter doesn’t reveal users’ IP numbers, and even if they did, an IP address doesn’t reveal more than your ISP and general location which can be off by up to hundreds of kilometers.
What Can People Tell from My IP Address?
Finding the Owner of an IP Address
As Mark points out, you can’t get this from just the IP address, and Twitter doesn’t expose that anyway. My guess is that he’s also using some form of data collection (reviewing people’s social media where they often just publicly share the information he can then parrot back to them), or social engineering to get them to do so.
There’s quite a few people using scare tactics these days, preying on people’s gut instinct to avoid trouble. And not just internet on the phone too. Canada has been plagued with scam phone calls pretending to the CRA (equivalent to IRS for you Yankees) or Employment and Social Development (people who hand out social insurance numbers … equivalent to social security numbers) threatening to take legal action/issue arrest warrants if you don’t call them back immediately and negotiate a settlement. It’s amazing how many people fall for these scams out of fear of not wanting to cross the government without thinking that this is not the way the government operates (at least in Canada, you can’t pay your tax bill with iTunes gift cards, a popular payment method in the scam).
I see this as just another one of those, trying to scare people in to doing something.
Fortunately for me, I have never observed any phenomena that led me to believe that someone is remotely controlling my computer. First, I keep my computers as up to date as possible. Next, I practice Cognitive Security (a term I concocted that means being skeptically conscious/aware). Finally, I am a student of everything related to my computer. I understand how a Network works, and the protocols for wired and wireless connections. I also understand the fundamentals of how my computer works although I am not a trained technician.
I built this desktop PC with components I chose in 2021. I originally installed Windows 10, then upgraded to Windows 11 (my new PC meets Windows 11’s requirements). A while after the upgrade, my new wireless mouse began to act erratically, the pointer would ‘get stuck’ from time to time. This did not happen in Windows 10. I removed/reinstalled the mouse device (and drivers) using Device Manager and rebooted. No change. I tested the mouse on another PC. The problem did not occur on that PC. I reconnected the mouse to my desktop, and it continued to intermittently get stuck. I decided to revert to Windows 10 to see if the problem persisted. It was too late to revert, so I performed a clean install of Windows 10-21H2. Problem solved. I never did find out what caused the mouse issues, and now that patch Tuesday is here, after updating, I will retry Windows 11 again because I like the new interface, and if the mouse issue returns, I’ll first try to fix Windows using DISM from a command prompt (a step I forgot to take before) and if that fails, I’ll revert back to Windows 10 (before it’s too late this time). I suspect (with no tangible evidence) that the Windows 11 mouse driver (or something related to it) got corrupted before, so I’ll soon see what I’ll see.
Ernie
That mouse problem sounds like the mouse driver is incompatible with Windows 11. When that happens, you can go to the mouse manufacturers website and look for an updated driver. That’s not guaranteed to work as the manufacturer may not have updated the driver, but it’s worth a try.
Thanks for the response, Mark. I tried getting a new driver form Logitech’s website before reverting back to Window 10 – no joy there either. February’s Patch Tuesday has come, and I did re-install Windows 11. The mouse seemed to work O.K., but now the Microsoft Defender Dashboard is missing. When I click its icon in the task bar (the overflow corner? where does Microsoft get these names anyway?), I get a notification that I need to download an app . . .
It’s back to Windows 10 until next month. The trouble is, I really like the new user interface and I look forward to using many of the new/improved features that come with Windows 11 (particularly Notepad’s new dark mode, etc.). I really do wish that Microsoft had spent the time required to get Windows 11’s foundation right before they shipped it. New features are nice, but system wide stability is a must. If you ask me, an OS is a bit like a house. If the foundation is not solid and stable, the rest of the structure will crumble sooner or later.
My2Cents,
Ernie
“Cognitive Security”
Hi, Leo! If you like the term, feel free to use it 🙂
Ernie
Several Windows update scenarios can stall out your computer and make it behave erratically or very slowly. This usually happens because of stagnant use over a period of time when updates are offered or when prompts to update are ignored for too long. The obvious fix is to let the computer run overnight and then run update again and again until all of the updates are fully completed.
I would, and have, go into services and disable “remote registry”, at least that should stop the chance of someone taking over your computer. I also disable “retail demo service” and “routing and remote access”.
I am surprised that no-one has yet mentioned ‘Restore’ which, if I suspected that my laptop has been compromised, would be my first step and restore to a point before you realised that there was a problem.
I received a notification stating my computer was at another address, not mine my lap top is at my home . I contacted my anti-virus and they said someone was in control of my lap top. That’s about all they said . I said it shows the address of where it was located ,and I did a Google search of the address, which showed names of these people and have There phone numbers ,but again no help how or what to do
I’ve been hacked by the same person whom I gave remote access to for over 13 years! When my FB account was taken over I looked on line for help, he never left! It’s evolved into a location hacking. I’ve gotten new computers AND cell phones and they are immediately hacked. I’m using a friend’s device to share this story because he can find me in other public places as well. It’s a revenge hacking for trying to expose him on social media. He’s also taken all my email addresses preventing me from contacting anyone. The cops won’t help me, I’ve also contacted news media stations. I will leave one of my email addresses, but I can’t access it. This will most likely leave my friends device at risk, but people need to realize how dangerous location hacking really is!
Unfortunately I can only refer you to step 3, above: get help from someone you trust.
I am having problems with someone messing with my computer, when this happens which is every time I log onto my Windows 10 computer, someone is making weird stuff happen on my computer. Flashes , pages loading over top of pages, which I have to keep hitting the X off button to get the pages back down to the first screen. Another thing is, when I go to my email the person has put a stop to my email page, I do not have any control over my email. I have to completely shut down my computer when all this is taking place. Please help me to know what to do to get rid of this intruder. Thank you.
Another thing may be is to mention that the task bar (NEW WINDOW) will light up every time this person is controlling my computer. I will right click on the task bar and when that new window is lit up he or she is on my computer.
What ever page I am on and reading online, the person will make the page jump down to the bottom of the screen. Giving me no control over the pages. I cannot make my page move back to the top like it was. I just have to shut down my computer when this happens.
As the article outlines, this is rarely “someone” doing something. There are many more benign possibilities. Please read the article.
Is this on a laptop? If so, it might be a problem with the trackpad. I’d go to Device Manager (press Windows Key, type “Device” and click “Device Manager” when it appears.
Right-click “Mice and other pointing devices”
Right-click on the trackpad setting and click “Update driver”.
You can also disable the trackpad and see if it works well with a mouse.
If that fails, go to the laptop manufacturer’s website and see if there is an updated driver. I usually do that before using the device manager.
Another possible cause might be if you are using a wireless mouse. Electrical interference can cause things like that.
It may be none of those things. In that case, see this article:
Five Steps to Repair Windows 10 Without Losing Programs
Mark Jacobs, I do not have a laptop, my computer is a desktop computer (Home). I am still experiencing the same problem, my intruder is making things happen on my desktop computer. It is making me very upset. How in the world can I get this to stop happening? I have McAfee Anti Virus on my computer, every time I do a scan, it says I am virus free. Thank you for any help in this matter.
Mark Jacobs, I do have a wireless mouse, but it doesn’t seem like it would be the problem that I am faced with. Thanks.
Try it with a USB mouse. If that doesn’t work, it might be a software or other hardware issue.
Five Steps to Repair Windows 10 Without Losing Programs
I was hit by Windows Defender Trojan. I took my laptop to a repair shop. Cost$120.00 to wipe the hard drive. Brought it home, and was going to down load Windows. A text came on the screen? Told me to insert a flash drive. I did, then it told me to insert a C D drive. I returned it to the shop. Cost $50.00 to wipe hard drive for Pin Number Harddrive. Brought it home, something felt wrong. I put it in the closet. After a month I got it out and everything was back on it. So is thier a is there a reason for this?
There’s just no way to know with the information at hand. Sorry.
Leo,
You’ll be glad that you retired in 2001. Somewhere around 2007, things began syncing. People change emails and the changes connect to the email you already received and read. You go back to it these days and changes have been made. There are a bunch of other strange syncing things going on these days as well.