It’s a knee-jerk assumption that is most often wrong.
Individuals often contact me because they believe their computer has been hacked and that someone is controlling it remotely. A common symptom is that they “fix” this problem only to have it almost immediately “hacked” again.
Most of the time, it was never compromised in the first place.
I’m not saying it’s not possible; hacks do happen, of course. But 99 times out of 100, the people contacting me in this situation are experiencing something else entirely.
And it’s not a hack. Not even close.
Become a Patron of Ask Leo! and go ad-free!
Your machine has probably not been hacked
People often believe their computers have been hacked because of unexpected behavior like slowdowns, network activity, or mouse movement. All are typically benign and explainable. Pop-ups, missing files, and perceived intrusions often result from normal processes or browser tricks, not hacks. The best approach is to keep yourself secure using standard recommendations.
If it’s not a hack, what is it?
Most of the time, what people interpret as a hack is some kind of system behavior that they didn’t expect and don’t understand.
That’s it.
I’ll run through some examples in a moment. Computers are extremely complicated; they do things we don’t understand or expect all the time. More often than not, it’s benign, if occasionally annoying.
But if you have a reason or a tendency to believe someone’s after you, then unexpected, unknown behavior can easily be seen as threatening even when it’s not.
Normal system behavior
When your computer system slows down for no apparent reason, the concern is that a hacker is doing something with your computer at that moment. In reality, there are several more likely scenarios.
- Windows update could be updating.
- The Search Indexer could be indexing.
- Your security software could be performing a scan.
- Your backup software could be backing up.
- Other legitimate background tasks could be occurring.
Many of these happen without on-screen indication. Your computer just starts doing something even though you haven’t asked it to.
All of them are benign and expected. You can check CPU usage and disk activity to see what programs are really to blame.
Unexpected network activity
Perceived network slowdowns are also a common issue that some take as a sign of an intruder.
The concern is that someone has access to your machine and is in the process of copying your data from it. Particularly if your connection is slow to moderate in speed to begin with, that kind of activity could indeed manifest as a slow connection.
But then, so could many other more likely things.
- Windows Update might be downloading updates for your computer.
- Your security software might be downloading its updates.
- Your cloud software (OneDrive, DropBox, Google Drive, and others) might be uploading recent changes on your machine or downloading recent changes made elsewhere.
There are other possibilities. Any of them are more likely than nefarious activity. You can check network activity to see what’s what.
The case of the moving mouse pointer
This one freaks people out.
Without your hand being anywhere near the mouse, the mouse pointer moves on its own across your screen. Must be a hacker controlling it remotely, right?
More often than not (and I’ll fall back to 99 times out of 100), it’s nothing like that. It’s much more likely to be dirt and dust in and around the mouse’s sensor or a poor surface on which the mouse is having difficulty sensing movement. It could also be a malfunctioning mouse (or one low on battery, if it’s wireless).
The solution for those is simple: clean the sensor, use a different surface or mouse pad, or consider replacing the mouse or at least trying another for a bit.
One situation I run into periodically is misbehaving software on my machine that causes it to freeze up for a moment. Once the freeze is over, the mouse pointer flies around the screen as it catches up on all the mousing that happened during the freeze. This isn’t even a mouse issue; it’s other misbehaving software. In my case, I suspect the display driver.
Pop-up warnings
Sometimes, scary pop-up warnings tell you your computer is infested with malware or has been hacked. That warning often comes with a phone number to call or some other action you need to take RIGHT NOW. Some even make it look like they’ve taken over your machine.
They haven’t. The vast majority of these pop-ups don’t come from your computer at all.
They’re from a website you’ve visited. It’s the website that’s been compromised, not your machine. The compromise causes that website to launch full-screen windows within your browser with the scary warning. Shutting down the browser typically gets rid of the messages1, and then you know to never visit that site again.
Definitely never take the action that the message indicates you must take. If you do, you could be phished or you could end up downloading malware allowing your machine to be hacked.
Missing files
Files go missing all the time. It can be frustrating, but it’s not a sign that someone is removing or copying them from your machine.
I’ve certainly accidentally deleted files on occasion.
Sometimes the software we run is so poorly designed that it causes files to be lost (looking at you, OneDrive “backup”).
Sometimes disk cleanup tools — even so-called performance enhancers and system optimizers — are too aggressive and end up deleting things they shouldn’t.
My advice here is two-fold: don’t run those enhancers or optimizers (they rarely do anything useful), and make sure you’re backing up.
The dilemma: 1 out of 100
Here’s the real problem: every one of those items I list as symptoms above could indeed indicate your machine has been hacked.
It’s just extremely unlikely.
Occam’s Razor –“The simplest explanation is usually the best one.” — applies.
In all these cases, the simplest explanation is something significantly less nefarious than a hacker accessing your machine.
Do this
So, if we can’t trust the symptoms with 100% accuracy to tell us when something’s happening, what can we do?
The same old litany of steps you’ve heard over and over again.
- Don’t open attachments you’re not 100% certain are safe.
- Don’t click on email links you’re not 100% certain are legitimate.
- Keep your security software as up to date as possible. Make sure it’s working and scanning appropriately.
- Keep your system as up to date as possible.
- Secure your online accounts with strong, unique passwords and two-factor authentication when possible.
- Maintain a healthy level of skepticism.
- Back up.
And if you still truly believe that your system is under the control of someone else and you can no longer trust it, stop using it. Find a trustworthy tech friend or shop to help you understand what is and is not happening, and take steps based on what’s found.
Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
Podcast audio
Footnotes & References
1: Sometimes the browser pop-ups are so well-crafted that they prevent you from closing the browser or even switching away. In those cases, a forced shutdown is sometimes the only way out.
The Search Indexer, security software, and backup software shouldn’t have much effect on your computer speed if those programs are well-designed. Macrium Reflect and others are designed to go to a low-priority state so as not to significantly impact speed. If you find. If you find a program significantly affecting performance, you might want to look for an alternative or have it run when you are not using the computer if it’s possible.
I just ran into this the other day. Saw an interesting Facebook post. I was interested to learn more. It was supposed to be an ad, so, I clicked to learn more. Next thing I know, the screen is flashing. Someone has taken over my computer and there is nothing I can do unless I call a phone number. It was certainly designed well to instill panic. In the back of my mind, I knew it would be fake, but the longer it took me to figure out how to get control back, the more panic starts to set in. I get why some people get taken in by these things. And since it’s my laptop, just pulling the plug wouldn’t shut it down. Holding power, just put it to sleep and it immediately came back when I switched it on. It wasn’t until after a Ctrl+Alt+Delete to sign off and sign back in and returning to the browser and seeing the screen this time in a tab that I figured out the webpage had immediately gone into full screen mode.
A flashing screen designed to instill panic is usually not a sign of malware. Nowadays, most malware works silently in the background stealing passwords, bank logins, or other data. Most hackers don’t advertise that they’ve installed malware. I’m not saying malware won’t do that but the odds favor a hacked website or a rogue ad popup.
The flashing scare-screen is just a different scam. But it’s the one my friends are most likely to call me about.
On my Windows 11 primary laptop PC, I have the Power button set to Shut Down the computer, so if I ever encounter a scenario such as Leo describes, all I have to do is press the Power button to shut down the laptop, then even though I know I’ve not been hacked, I’ll run a full offline system scan (can take a long time), followed up with a MalwareBytes Free edition full scan, just to be safe. I’m confident that between these two scanners, if anything’s amiss, one of them will catch it.
I check for updates using Windows update (system), and Patch My PC (software), weekly to keep my computers as up to date as I can, and I have Macrium Reflect Free edition set up to create a weekly full system image, and differential images every Tuesday through Sunday, keeping four image sets (A Full System image, and six Differential images) so I can look back up to 28 days if file recovery is ever needed.
Finally, and perhaps most important, I practice what I describe as Cognitive Security, which I won’t explain in detail here, because I’ve done so many times before, and the name implies what it’s all about (being cognitively aware of the dangers of the Internet, and anything found there). See my post on “Think 2FA Is Bulletproof? Here’s Why You’re Still Vulnerable”
https://askleo.com/think-2fa-is-bulletproof-heres-why-youre-still-vulnerable/ for more details.
Ernie
James B: Clicked on an ad on Facebook. Enough said. Please, let’s not blame hackers, the Chinese or Russians.
If someone falls victim to fraud, that doesn’t let the fraudster off the hook.
@Simersen, There are a lot of legitimate ads on Facebook. In fact most ads that I see are from legitimate companies. The product advertised was not something typically associated with risky clicking. In future, please try to avoid blaming the victim. Would you blame the victim of a theft because they victim had glass windows in their house allowing a thief to smash the windows? Maybe that victim should just brick up all their windows? We all need to take care when we are online and even though we all try our hardest to spot the bad eggs, we all still get caught out at some time. The lesson here was, “Don’t panic. It can usually be fixed.”
James B: Unfortunately such analogies don’t work in this case, nor for most cases when someone is victimized via online activity. Most online victimization starts and continues by the victim doing something they’ve been told not to do. Such as clicking a link in an email. Perhaps it was a momentary laps. What I do in such cases is note down the name of the product and then go to Google and/or Amazon and search for it. Of course, there are no guarantees of safety on Google and Amazon, but they are much better than Facebook.
@Simersen, I’m glad you are so superior to everyone and never make a mistake. I’m sorry you have a hard time empathizing with others.