What to do if you suspect someone else is in control of your computer.
I get variations on this question often.
Someone believes their computer is being controlled remotely without their consent, or they believe their activities are being monitored in detail, or they believe their files and other information are being stolen or manipulated by others with malicious intent.
The bottom line is, theyāre convinced someone is spying on them ā or worse.
What happens next isā¦ complicated.
Become a Patron of Ask Leo! and go ad-free!
Someone is in my computer!
By far the most common situation is that your computer is not being remotely controlled and youāre not being spied on. Much more common is that software, accounts, or equipment are not behaving as expected for more mundane reasons. The same basic security you should already be following still applies. If you do determine that you are being spied on, then locating trustworthy help for diagnosis and repair is critical.
Getting help
I need to start by saying that if this is actually happening to you, I cannot help you. This requires a level of access I donāt have and ā quite honestly ā a skill set I donāt have either.
But wait!
Before you run away, I definitely have some things for you to consider, steps to take, and advice to give if you believe yourself in this situation.
It may not all be what you want to hear, but itās important to take the time to consider the situation carefully.
Most of the time, itās a false alarm
Nine times out of ten, there is no one controlling your computer but you. No one is spying on you personally and no one is manipulating your files or email.
90% of the time, thereās nothing going on at all.1
Unfortunately, by the time people reach out with this question, thatās not the answer they want to hear. Theyāre absolutely convinced thereās something nefarious going on. Someone is out to get them. Someone is stalking them, spying on them, or out to cause them trouble.
Iāll say it again: nine times out of ten, those people are wrong.
What I see happening instead is confusion. A program didnāt behave as expected. An account password seemed to have been changed. A file or an email was lost. A mouse pointer started moving on its own. The computer started typing text all on its own. All of those scenarios have mundane explanations that are more likely than a malicious attack.
Without having a reasonable explanation for why those things are happening, itās easy to jump to the conclusion that someoneās spying on you or taking over your computer.
Being certain is exceptionally difficult
Hereās the real problem: itās very difficult to know absolutelyĀ whatās happening.
I canāt prove to you someone is not looking. Just like I canāt prove to you that your computer is not infected with malware, just like I canāt prove that my machine is not infected. I canāt prove a negative.
Nine times out of ten, however, on closer examination,Ā more usual explanations for the behaviors youāre seeing become apparent. For example:
- You used a program in some wrong way.
- You typed in the wrong password.
- You accidentally deleted a file.
- Youāre looking in the wrong place.
- You have a filtered view of some sort set on your email.
- Your mouse is dirty, or the surface itās on is dirty or not mouse-friendly.
- You might even have accidentally turned on dictation to start the computer typing what (it thinks) you say.
All of those scenarios and many more are significantly more likely than someone gaining access to your computer and controlling it remotely in a way you would notice.
In fact, if you were actually being spied on, thereās a good chance you would never notice because true spyware, malware, and remote-control tools do a great job of hiding themselves.
Just because you have no explanation or canāt conceive of an alternate explanation doesnāt mean such an explanation doesnāt exist. More often than not, it does.
What to do Step 1: how to stay safe
So, how do you protect yourself?
It starts with the same old basicsĀ youāre probably tired of hearing:
- Use up-to-date security software.
- Keep your system and software as up-to-date as possible.
- Use strong passwords everywhere, and two-factor authentication whenever offered.
- Educate yourself to be on the lookout for phishing attempts, and never open attachments in email that you werenāt expecting or arenāt 100% certain are legitimate.
- Back up regularly.
- Secure your hardware.
That last one warrants some extra attention here.
What to do Step 2: secure your hardware
Itās critical that you follow all those steps above not just to prevent someone from spying on you, which is generally unlikely, but to keep your computer safe from all online threats ā a much more common problem.
However, if you believe youāre worth being spied on, then that āsecure your hardwareā advice goes double for you. Specifically: never let anyone you donāt trust touch your computer or have access to your online accounts.
If someone you donāt trust has had access to your computer, or, as is also common, set up your computer and acts as your tech support:
- Stop using that computer (or account, or internet connection, or whatever the untrustworthy person has access to).
- Find someone you do trust to help secure your computer.
Which leads to the next step.
What to do Step 3: get help
If you are being spied on, manipulated, gaslighted, or harassed through your technology, itās critical you get qualified, trustworthy help.
That generally means finding someone local or contacting a knowledgeable friend or family member. Remember, in this scenario, trust is more important than deep technical knowledge. Both are important, but without trust, all the technical knowledge in the world is for naught.
If you canāt find someone you trust who can help you, then to put it bluntly, youāre on your own. That means youāll need to learn how to:
- Understand what it takes to keep a system secure. This is no small task.
- Install the operating system from scratch (the only way to make sure itās not been tampered with).
- Install and configure appropriate security software and network configurations.
- Configure your online accounts for maximum security.
- Know what to look for when you suspect something is wrong. Donāt assume the worst, but do learn how to rule out the likely before jumping to conclusions.
Those are the steps youāll need to take on your own if you have no one to turn to.
Do this
Donāt panic. Donāt jump to conclusions.
Do look for more mundane explanations for whatever behavior has you concerned that someone is in control of your computer.
Do run full anti-malware scans using your up-to-date security software.
Do review Internet Safety: 7 Steps to Keeping Your Computer Safe on the Internet. It applies in all situations where youāre concerned about your systemās security.
And if, indeed, youāre certain that youāre being spied on, or that your system is being remotely controlled, seek out trustworthy assistance from someone who can carefully examine, diagnose, and repair your system.
Podcast audio
Related Video
Footnotes & References
1: No, I donāt have data to cite here, other than my own experience answering questions for close to 20 years. Iām tempted to say the actual figure is closer to 99%.
If you suspect someone is controlling your computer remotely, and especially if itās in real time, there is one thing you can try that should be obviousā¦ but isnāt:
Unplug from the Internet and see what happens. By this, I mean physically unplugging the computer from your modem or router. Then see if the suspect behavior continues. No one can directly control your computer if they cannot connect to it!
Unfortunately, the key word here is directly ā this advice takes no account of indirect control. In other words, if thereās malware involved, itās a completely different story. Even then, however, disconnection may make a difference: just like any other software, malware can only do what itās been programmed to do ā its ability to respond appropriately to your actions will be limited.
So my advice, if you suspect direct outside control, would be to disconnect & see what happens. Itās by no means definitive, but if you suspicion is correct, youāll at least have locked the person out!
Yep, as you say ā Do look for more mundane explanations for whatever behavior has you concerned that someone is in control of your computer.ā.
The pointer on my laptop was suddenly no longer under my control and started moving windows around. I was about to start changing critical passwords when I realised that my grandson was playing with my wireless mouse in the next roomā¦
Unplugging the Ethernet cable wonāt help because your computer will reconnect to the internet via Wi-Fi in most instances. It would be better to turn off your router to ensure youāre completely disconnected from the internet. Then try to determine if someone is connected remotely.
āin most instancesā ā I disagree. Most computers do NOT have both ethernet and Wi-Fi. I know many do ā including my own desktop ā but honestly, if you have wired ethernet and are using it, then either you should disable the Wi-Fi anyway (so as not to accidentally use a slower connection), or youāll not have configured it to access your Access Point, in which case itās not connected by default.
I am surprised that you did not suggest disconnecting from the internet. Obviously if you are not connected and the behaviour still continues then no one can be remotely controlling your machine. That will ease their mind and then they can look at all your suggestions like dirty mouse, etc. and figure it out.
I also expected that you would suggest restoring from a backup prior to this happening, if indeed someone is remotely controlling your machine. If they gained access through malicious software, then restoring from a backup should get rid of the malicious software, right? (assuming you go to an early enough backup and that could be difficult figuring out sometimes)
Hi Leo,
This Twitter troll, {link removed} has a habit of semi-doxing people who challenge him/her online. He knows the location of people online. It looks as if heās a hacker because Iāve noticed people delete their accounts. How can a Twitter user know where people live. He/she has displayed postal codes and and city locations. How?
Itās not possible. Twitter doesnāt reveal usersā IP numbers, and even if they did, an IP address doesnāt reveal more than your ISP and general location which can be off by up to hundreds of kilometers.
What Can People Tell from My IP Address?
Finding the Owner of an IP Address
As Mark points out, you canāt get this from just the IP address, and Twitter doesnāt expose that anyway. My guess is that heās also using some form of data collection (reviewing peopleās social media where they often just publicly share the information he can then parrot back to them), or social engineering to get them to do so.
Thereās quite a few people using scare tactics these days, preying on peopleās gut instinct to avoid trouble. And not just internet on the phone too. Canada has been plagued with scam phone calls pretending to the CRA (equivalent to IRS for you Yankees) or Employment and Social Development (people who hand out social insurance numbers ā¦ equivalent to social security numbers) threatening to take legal action/issue arrest warrants if you donāt call them back immediately and negotiate a settlement. Itās amazing how many people fall for these scams out of fear of not wanting to cross the government without thinking that this is not the way the government operates (at least in Canada, you canāt pay your tax bill with iTunes gift cards, a popular payment method in the scam).
I see this as just another one of those, trying to scare people in to doing something.
Nine times out of ten when the computer is not doing what it should, or that windows properties are going haywire, it is the Microsoft server reaching out to you to encourage you to upgrade, so you can contribute to its coffers on a regular basisā¦think Office 365.
I have a 1300-page word processed log on Microsoft server harassment, 8000 screenshots, and 700 videos to evidence this. I am taking Microsoft to court. So, please inform yourself minimally before writing articles that mislead the readers of your blog
Thatās an unfounded conspiracy theory.
You havenāt seen a single piece of the thousands of pieces of evidence I have collected, in accordance with the laws of evidence stated by the courts, but you already have the answer to my 7 years of harassment. How much weightage should I give to your considered response! I can tell you are a been-there-done-that guy who has all the answers.
While I donāt agree with your premise, I look forward to the results of your court case. Please share it when complete.
I have already sent you my Attorney brief as an attachment to an email some 5-6 months ago. Please search your server for it, and you are likely to reconsider your premise.
Thank you.
As I said, please report back with the results of your lawsuit.
I wrote you a response, but Microsoft is not allowing it to be posted. I have sent you another brief this morning, which has been mangled by Microsoft and does not reflect the original document. Please read it for what it is worth.
Thank you.
Fortunately for me, I have never observed any phenomena that led me to believe that someone is remotely controlling my computer. First, I keep my computers as up to date as possible. Next, I practice Cognitive Security (a term I concocted that means being skeptically conscious/aware). Finally, I am a student of everything related to my computer. I understand how a Network works, and the protocols for wired and wireless connections. I also understand the fundamentals of how my computer works although I am not a trained technician.
I built this desktop PC with components I chose in 2021. I originally installed Windows 10, then upgraded to Windows 11 (my new PC meets Windows 11ās requirements). A while after the upgrade, my new wireless mouse began to act erratically, the pointer would āget stuckā from time to time. This did not happen in Windows 10. I removed/reinstalled the mouse device (and drivers) using Device Manager and rebooted. No change. I tested the mouse on another PC. The problem did not occur on that PC. I reconnected the mouse to my desktop, and it continued to intermittently get stuck. I decided to revert to Windows 10 to see if the problem persisted. It was too late to revert, so I performed a clean install of Windows 10-21H2. Problem solved. I never did find out what caused the mouse issues, and now that patch Tuesday is here, after updating, I will retry Windows 11 again because I like the new interface, and if the mouse issue returns, Iāll first try to fix Windows using DISM from a command prompt (a step I forgot to take before) and if that fails, Iāll revert back to Windows 10 (before itās too late this time). I suspect (with no tangible evidence) that the Windows 11 mouse driver (or something related to it) got corrupted before, so Iāll soon see what Iāll see.
Ernie
That mouse problem sounds like the mouse driver is incompatible with Windows 11. When that happens, you can go to the mouse manufacturers website and look for an updated driver. Thatās not guaranteed to work as the manufacturer may not have updated the driver, but itās worth a try.
Thanks for the response, Mark. I tried getting a new driver form Logitechās website before reverting back to Window 10 ā no joy there either. Februaryās Patch Tuesday has come, and I did re-install Windows 11. The mouse seemed to work O.K., but now the Microsoft Defender Dashboard is missing. When I click its icon in the task bar (the overflow corner? where does Microsoft get these names anyway?), I get a notification that I need to download an app . . .
Itās back to Windows 10 until next month. The trouble is, I really like the new user interface and I look forward to using many of the new/improved features that come with Windows 11 (particularly Notepadās new dark mode, etc.). I really do wish that Microsoft had spent the time required to get Windows 11ās foundation right before they shipped it. New features are nice, but system wide stability is a must. If you ask me, an OS is a bit like a house. If the foundation is not solid and stable, the rest of the structure will crumble sooner or later.
My2Cents,
Ernie
āCognitive Securityā
Hi, Leo! If you like the term, feel free to use it :)
Ernie
Several Windows update scenarios can stall out your computer and make it behave erratically or very slowly. This usually happens because of stagnant use over a period of time when updates are offered or when prompts to update are ignored for too long. The obvious fix is to let the computer run overnight and then run update again and again until all of the updates are fully completed.
I would, and have, go into services and disable āremote registryā, at least that should stop the chance of someone taking over your computer. I also disable āretail demo serviceā and ārouting and remote accessā.
I am surprised that no-one has yet mentioned āRestoreā which, if I suspected that my laptop has been compromised, would be my first step and restore to a point before you realised that there was a problem.
I received a notification stating my computer was at another address, not mine my lap top is at my home . I contacted my anti-virus and they said someone was in control of my lap top. Thatās about all they said . I said it shows the address of where it was located ,and I did a Google search of the address, which showed names of these people and have There phone numbers ,but again no help how or what to do