Few things are more scary than an active intrusion on your computer. If you believe that the computer is under the control of a hacker, the first thing you should do is disconnect from the internet. Once you've safely logged out, you can find the entry point the hacker used to access your system and delete it. Once you've safely locked your system, you can take steps to prevent further intrusions in the future.
Steps
Part 1 of 2: Look for signs of intrusion
Step 1. Disconnect the computer from the internet
If you think someone is accessing your computer remotely, disconnect it from the internet. This includes disconnecting the Ethernet cable and disabling Wi-Fi connections.
- Some of the most obvious signs of an active intrusion are mouse movement without your control, applications opening "on their own" or files being actively deleted. However, not all pop-ups should be a cause for concern, as many self-updating apps can generate pop-ups during the process.
- The slowness of the internet or the existence of unknown programs are not necessarily the result of someone accessing the computer remotely.
Step 2. Review the list of recently accessed files and programs
Both Windows and Mac computers allow you to easily see a list of the latest files you have accessed, as well as the applications you have used most recently. If you see something unknown in these lists, it is possible that someone has access to the computer. Here's information on how to check it:
- Windows: To see the newly opened files, press the windows key + AND to open the file explorer. At the bottom of the main panel, click on the section called "recent sites" to see if there is anything you don't recognize. You can also see recently opened programs at the top of the start menu.
- Mac: Click the Apple menu in the upper left corner of the screen and select Recent Articles. Then you can click Applications to view recently used applications, Documents to view the files and Servers to see a list of remote connections.
Step 3. Open the task manager or activity monitor
These utilities can help you determine what is currently running on your computer.
- Windows: press Ctrl + Shift + Esc.
- Mac: open the folder Applications in the browser, double-click the folder Utilities and then double click on the Activity monitor.
Step 4. Look for remote access programs in the list of running programs
With the task manager or activity monitor running, review the list of programs that are running, as well as any programs that are unfamiliar or suspicious to you. Here are some of the more popular remote access programs that may have been installed without your permission:
- VNC, RealVNC, TightVNC, UltraVNC, LogMeIn, GoToMyPC, and TeamViewer.
- Look for any programs that seem suspicious or that you don't recognize. You can do an internet search for the name of the process if you are not sure what type of program it is.
Step 5. Check for unusually high CPU usage
You will be able to see it in the task manager or in the activity monitor. While high CPU usage is common and does not indicate an attack, high CPU usage while the computer is not in use could indicate that background processes are running, which may be unauthorized. Keep in mind that high CPU usage could simply be a program update or background download that you have forgotten about.
Step 6. Scan the computer for viruses and malware
If you use Windows 10, you can use the built-in analysis tools by going to Setting > Update and security > Windows security, to check for malicious programs on your computer. If you use a Mac, check out this guide to learn how to use the analysis tools for Mac.
- If you don't have an antivirus, download an installer on another computer and transfer it to your computer via USB. Install the antivirus and then run a scan.
- Malwarebytes Anti-Malware is a free, easy-to-use malware scanner available for both Windows and Mac. You can download it for free at
Step 7. Quarantine all detected items
If the antivirus or Anti-Malware detects something during the scan, put it in quarantine to prevent it from affecting the system further.
Step 8. Download and run Malwarebytes Anti-Rootkit Beta
You can get it for free at https://www.malwarebytes.com/antirootkit. This program will detect and remove "rootkits", which are malicious programs that exist deep within system files. The program will analyze the computer, which may take a while to complete.
Step 9. Monitor the computer after removing any kind of malicious program
If the scanners have detected malicious programs, they may have successfully removed the infection, but you will need to keep a close eye on your computer to make sure the infection has not remained hidden.
Step 10. Change all your passwords
If the computer was affected, all the passwords may have been logged with a keylogger. If you are sure the infection is gone, change the passwords for all of your accounts. Try to avoid using the same password for multiple services.
Step 11. Log out everywhere
After changing the passwords, review each account and log out completely. Make sure to log out of whatever device is using the account. This will ensure that your new passwords take effect and that the old ones cannot be used by others.
Step 12. Perform a full system wipe if you cannot get rid of the intrusion
If you continue to suffer intrusions or are concerned that your computer may still be infected, the only way to be sure is to completely clean the system and reinstall the operating system. You will need to back up any important data first, as everything will be erased and restarted.
- When backing up an infected machine, be sure to scan each file before backing it up. There will always be the possibility that reusing an old file could lead to reinfection.
- Check out this guide to learn how to format a Windows or Mac computer and reinstall the operating system.
Part 2 of 2: Prevent Future Intrusions
Step 1. Keep your antivirus and antimalware programs up-to-date
An up-to-date antivirus program will detect most attacks before they occur. Windows comes with a program called Windows Defender which is a fairly competent antivirus that updates automatically and works in the background. There are also several free programs available, such as BitDefender, avast! and AVG. You only need an antivirus program installed.
- Check out this guide for instructions on how to activate Windows Defender on a Windows PC.
- Check out this guide to learn how to install an antivirus program if you don't want to use Defender. Windows Defender will be disabled automatically if you install another antivirus program.
Step 2. Make sure the firewall is properly configured
If you don't have a web server or some other program that requires remote access to your computer, there is no reason to have the ports open. Most programs that require ports will use UPnP, which will open ports as needed and then close them again when the program is not in use. Keeping the ports open indefinitely will leave the network open to intrusions.
Read this guide and make sure none of the ports are open unless necessary for a running server
Step 3. Be very careful with attachments in emails
Files attached to emails are one of the most common ways for viruses and malware to enter the system. Only open attachments from trusted senders, and even then, make sure the person intentionally sent you the attachment. If one of your contacts has been infected with a virus, they can send attachments with the virus without even knowing it.
Step 4. Make sure your passwords are strong and unique
Each and every one of the services or programs that you use and that are password protected must have a unique and difficult password. This will ensure that a hacker cannot use the password of one hacked service to access another. See how to manage passwords to learn how to use a password manager to make things easier for yourself.
Step 5. Try to avoid public Wi-Fi spots
Public Wi-Fi hotspots are risky because you don't have any control over the network. You cannot tell if someone else using the point is monitoring traffic to and from your computer. By doing so, your open browsing session can be accessed or worse. You can mitigate this risk by using a VPN as long as you connect to a public Wi-Fi network, which will encrypt your transfers.
See how to set up a VPN and follow the instructions to establish a connection to a VPN service
Step 6. Be very careful with programs downloaded online
Many "free" programs that you can find online come with additional programs that you probably don't want. Pay close attention to the installation process to make sure you decline any additional "offers". Avoid downloading pirated software, as it is a common way for systems to be infected by viruses.
Advice
- Keep in mind that the computer can "turn on itself" to install updates. Many modern computers are configured to install system updates automatically, usually at night, when the computer is not in use. If your computer seems to turn on on its own when you're not using it, it's probably coming out of sleep mode to install updates.
- The chances that your computer has been remotely accessed, while not impossible, are very low. You can take steps to help prevent intrusions.