Download Article
See if someone is remotely viewing your computer & what to do next
Download Article
Few things are scarier than an active intrusion on your computer! If you think someone has control over your PC from afar, start by disconnecting from the internet—this instantly ends all remote sessions. Once you're safely disconnected, there are easy ways to find out whether someone was accessing your computer remotely. This wikiHow article teaches you how to check for signs of remote access to your computer and how to manage and prevent an intrusion, with expert tips from computer specialist Yaffet Meshesha and cybersecurity expert Michael Thompson-Brown.
Quick Ways to Detect Remote Access
Obvious signs of an intrusion include automatic mouse movements or your webcam turning on automatically. Check Task Manager or Activity Monitor for unauthorized applications. Check recent activity for any unauthorized access to your system or online accounts. Run an antivirus scan.
Steps
Section 1 of 3:
How to Tell Someone Is Accessing Your Computer Remotely
Download Article
-
There is unusual activity on your computer. Some more obvious signs of active intrusion would be your mouse moving without your control, apps opening before your eyes, or files actively being deleted. However, not all pop-ups should be concerning--many apps that update automatically can generate pop-ups during the update process. -
Your camera or microphone is turning on automatically. Most computer cameras have an LED light next to them that indicates the camera is in use. If you notice your camera is turning on automatically, it could be a sign that someone has remote access to your computer and is trying to spy on you.Advertisement -
Check the list of recently accessed files and apps. Windows PCs and Macs make it easy to view a list of the last files you've accessed and your most recently used apps. If you see something unfamiliar in these lists, someone may have access to your computer . Here's how to check:- Windows —To see recently-opened files, press the Windows Key + E to open the File Explorer . [1] X Research source At the bottom of the main panel, check the section called "Recent files" to see if there's anything you don't recognize. You can also view recently opened apps at the top of the Start menu.
- Mac —Click the Apple menu and select Recent Items . You can now click Applications to see recently-used apps, Documents to see files, and Servers to see a list of remote outgoing connections. [2] X Research source
EXPERT TIPComputer SpecialistYaffet Meshesha is a Computer Specialist and the Founder of Techy, a full-service computer pickup, repair, and delivery service. With over eight years of experience, Yaffet specializes in computer repairs and technical support. Techy has been featured on TechCrunch and Time.Hacking doesn't happen as often as people think. Typically, hacking only happens once in a blue moon. Usually what people find is either bloatware that came with their computer or malware that they installed by going onto a website that didn't have their best interests at heart.
-
Check the Task Manager or Activity Monitor. According to computer specialist Michael Thompson-Brown, if you notice any unusual activity, open Task Manager on Windows or Activity Monitor on Mac and see what's running. Unfamiliar applications running in the background can be a sign of unauthorized access to your computer. However, it can be hard to tell what programs are malicious, so it's best to have a professional check it out. [3] X Expert Source Michael Thompson-Brown
Cybersecurity Expert Expert Interview. 11 January 2024. If you don't recognize an app or a process, you can also Google it to see what it is:- Windows — Press Ctrl + Shift + Esc and then select Task Manager Click the Processes tab.
- Mac — Click the Spotlight icon in the menu bar, type "Activity Monitor", and open the Activity Monitor app. [4] X Research source
-
Look for remote access programs in your list of running programs. Now that Task Manager or Activity Monitor is open, check the list of currently running processes for remote access applications. Remote access apps include VNC, RealVNC, TightVNC, UltraVNC, LogMeIn, GoToMyPC, and TeamViewer . [5] X Research source These programs are popular remote access programs that may have been installed without your permission. -
Scan your computer for viruses and malware. Meshesha recommends using Windows Defender, the built-in antivirus software that comes with Windows, instead of paying for a third-party antivirus program. [6] X Expert Source Yaffet Meshesha
Computer Specialist Expert Interview. 22 September 2020.- If you're using a Mac, the antivirus protection is built into the operating system and there is no need to run a scan. However, you can use third-party software like Malwarebytes to scan your Mac for malware. You can download it for free from https://www.malwarebytes.com .
-
Check the recent activity on your various accounts. Check your profile page on your various social media accounts for any unusual activity or unauthorized logins on your accounts. You can also Check your browser history for anything unusual, and look for extensions you didn't install in your web browser.- You can check your Google activity at https://myactivity.google.com .
- Check what extensions are installed on your web browser by clicking the puzzle piece icon in the menu bar at the top (Chrome, Firefox) or by checking the extensions option in the Settings menu (Edge, Safari). "If it doesn't look like it's well-known or you don't recognize the company name right away, go ahead and remove it," Thompson-Brown advises. [7]
X
Expert Source
Michael Thompson-Brown
Cybersecurity Expert Expert Interview. 11 January 2024.
-
Look for unusually high CPU usage. You'll see this in the Task Manager or the Activity Monitor. Your computer may also be running more slowly. While high CPU usage is common and is not indicative of an attack, high CPU usage while you're not using your computer (or doing basic tasks) could indicate that processes are running in the background, which you may not have authorized.- Not all instances of your computer running slowly are a sign of an intrusion. There could be an update or a normal process running in the background. It could also be that your computer hardware is getting old.
-
See if your data usage has increased. If your data usage has increased even though your online activity hasn't changed, that could be a sign that someone has remote access to your computer. You can contact your internet service provider to see how much data has been used and if it's higher than normal.
Advertisement
Section 2 of 3:
How to Stop Someone From Remotely Accessing Your Computer
Download Article
-
Disconnect from the internet. If you suspect someone is accessing your computer remotely, disconnect the computer from the internet immediately. This includes removing any Ethernet cables and turning off your Wi-Fi connections. -
Log out of everything everywhere. After changing your passwords, go through each account and log off completely. Make sure that you log out of any device that is currently using the account. This will ensure that your new passwords will take effect and others will not be able to use the old ones. -
Change all of your passwords from a secure device. If your computer was compromised, then there’s a possibility that all of your passwords are being recorded with a keylogger. Change the passwords for all your accounts using a secure, non-infected device. Using a password manager will make it easier for you to change all your passwords and provide more security. -
Update your operating system and your antivirus software. Keep your computer updated to ensure it has all the latest security patches. If you are using a third-party antivirus program, be sure to keep it updated so that it can detect all the latest fixes. -
Secure your router. Enter your router's IP address into a web browser to open your router's user interface. Log in with the default username and password . Be sure to change the network password, enable WAP3 encryption, disable any remote network access settings, and update your router's firmware.- You can find your router's default username and password in the user's manual or manufacturer's web page. It may also be printed on a sticker on the router itself. Check the bottom or back.
-
Monitor your computer after removing any malware. If your antivirus and/or anti-malware found malicious programs, you may have successfully removed the infection, but you'll need to keep a close eye on your computer to ensure that the infection hasn't remained hidden. -
Download and run the Malwarebytes Anti-Rootkit Beta. You can get this program for free from https://www.malwarebytes.com/antirootkit . This will detect and remove rootkits , which are malicious programs that exist deep in your system files. The program will scan your computer, which may take a while to complete.
-
Perform a full system wipe if you can't get rid of the intrusion. If you're still experiencing intrusions or are concerned that you may still be infected, the only way to be sure is to completely wipe your system and reinstall your operating system . You'll need to back up any important data first, as everything will be deleted and reset.
- When backing up any data from an infected machine, scan each file before backing it up. There's always a chance that reintroducing an old file can lead to a re-infection. Since your computer may still be infected, you should back up your files to an external hard drive instead of a cloud service.
- See How to Wipe Clean a Computer for instructions on formatting your Windows or Mac computer and reinstalling the operating system.
Advertisement
Section 3 of 3:
How to Prevent Remote Access
Download Article
-
Be aware of phishing and social engineering techniques. Most remote access breaches are the result of phishing. Phishing is when a hacker contacts you and pretends to be from an official company (i.e., Facebook, Google, Microsoft, or your bank). They may say there is a problem with your account and ask you to log in via a link or download software. Though the website may look official, it is not real. It is a ploy to get you to hand over your private information or get you to download a keylogger that can be used to steal your passwords.- Phishing often happens via email. "Many phishing websites and emails have long absurd email addresses, Meshesha explains, "names that typically aren't from the company they're emailing." Check the domain name to make sure the sender is who they say they are. [8]
X
Expert Source
Yaffet Meshesha
Computer Specialist Expert Interview. 22 September 2020. - Most official companies will never ask you for your password. If you get an email or message from someone claiming to be from an official company, contact the company directly to see if there really is a problem. If they ask you to log in via a link, do not use the link. Go to the company's official website.
- Phishing often happens via email. "Many phishing websites and emails have long absurd email addresses, Meshesha explains, "names that typically aren't from the company they're emailing." Check the domain name to make sure the sender is who they say they are. [8]
X
Expert Source
Yaffet Meshesha
-
Keep your operating system and antivirus software up-to-date. An up-to-date antivirus program will detect most attacks before they can happen. Windows comes with a program called Windows Defender , a competent antivirus that updates automatically when Windows updates. keeping your operating system up-to-date ensures that you have the latest security patches.- See Install an Antivirus for instructions on installing an antivirus program if you don't want to use Defender. Windows Defender will automatically deactivate if you install another antivirus program.
-
Make sure your firewall is properly configured. If you're not running a web server or running some other program that requires remote access to your computer, there is no reason to have any ports open. [9] X Research source Most programs that require ports will use UPnP, which will open ports as necessary and then close them again when the program isn't in use. Keeping ports open indefinitely will leave your network open to intrusions.
-
Use a VPN. A VPN encrypts your online activity and hides your location. It can also prevent hackers from gaining access to your system. -
Be very careful with email attachments . Email attachments are one of the most common ways for viruses and malware to get onto your system. Only open attachments from trusted senders; even then, make sure that the person intended to send you the attachment. If one of your contacts has been infected with a virus, they may send out attachments with the virus without knowing it. -
Make sure your passwords are strong and unique. Each and every service or program you use that is password-protected should have a unique and difficult password. This will ensure that a hacker cannot use the password from one hacked service to access another.
-
Use two-factor authentication. In addition to entering your password to log in to a service, two-factor authentication requires you to enter a one-time password sent via text message or email every time you log in. Two-factor authentication ensures that anyone who has unauthorized access to your login information is unable to log in to your accounts. It will also alert you if anyone tries to gain unauthorized access to your accounts.EXPERT TIPCybersecurity ExpertMichael Thompson-Brown is a Cybersecurity Expert based in Portland, Maine. He is the owner and founder of PCRescue!, a company that provides cybersecurity and data management solutions to small businesses and individuals. Michael has over 25 years of experience in the IT industry and is a certified ethical hacker. He is passionate about helping clients protect their data and systems from malicious attacks and helping them optimize their online presence and reach. He received a Master’s degree in Cybersecurity and Information Assurance from Western Governors University, and a Bachelor’s degree in Business Administration from the University of Phoenix.Don't reuse the same password over and over again. Hackers can find public postings of previously breached password and username combinations. Let's say you're ordering food online, and your password gets hacked. If you've used that same username and password combination for your email, you're in a lot of trouble.
-
Try to avoid public Wi-Fi spots. Public Wi-Fi spots are risky because you have zero control over the network. You can't know if someone else using the spot is monitoring traffic to and from your computer. By doing this, they could gain access to your open browser session or worse.- If you must use public Wi-Fi, be sure to check with the owner of the establishment to make sure you are using the correct access point and password. Also, be sure to use a VPN.
-
Be very wary of programs downloaded online. Many "free" programs you find online come with extra software you likely did not want. Pay close attention during the installation process to ensure that you decline any additional "offers." Avoid downloading pirated software, as this is a common way for viruses to infect your system.
Advertisement
Expert Q&A
Search
-
QuestionHow do I know if an email is legit?Yaffet Meshesha is a Computer Specialist and the Founder of Techy, a full-service computer pickup, repair, and delivery service. With over eight years of experience, Yaffet specializes in computer repairs and technical support. Techy has been featured on TechCrunch and Time.Check the address that the email is coming from. If it's actually from a company you can trust, like Netflix or Yahoo, typically the email will be something like no-reply at their-domain-name.com. Phishing websites, on the other hand, will often have long, complicated email addresses.
-
QuestionMy mobile's (Redmi Note 4G) hot spot is showing three connected users but only my laptop is connected to my phone. How do I know who else is using my mobile's hot spot or who is remotely accessing my laptop and using the Internet?Community AnswerIs your wireless network open? Secure it with a password to prevent unwanted people joining your network.
-
QuestionCan I stop someone getting remote access? Is there something I can turn off so it's impossible?Community AnswerRemove your computer from modem, router, WiFi, Ethernet or mobile broadband. Disconnect as fast as you can with all that you're connected to and stay offline! The remote person could have opened up ports, made fraudulent certificates giving them Admin rights, put in keyloggers, may have all of your passwords, may have made many registry modifications including remote registry entry. They may have changed your firewall and router settings, the list goes on and on. Find a trustworthy, very knowledgeable computer repair person to re-format to a DOD level shredding and re-install your operating system. It may cost around $100 to $150. Learn how to protect your PC in all areas.
Ask a Question
200 characters left
Include your email address to get a message when this question is answered.
Submit
Advertisement
Video
Tips
- Be aware that your computer may appear to turn on without input to install updates. Many modern computers are set to install system updates automatically, usually at night when the computer is not being used. If your computer appears to turn on without your input when you're not using it, it is likely waking from Sleep mode to install updates.Thanks
- The chances of your specific computer being remotely accessed, while not impossible, are very low. You can take steps to help prevent intrusions.Thanks
Submit a Tip
All tip submissions are carefully reviewed before being published
Name
Please provide your name and last initial
Thanks for submitting a tip for review!
Advertisement
References
- ↑ https://asviral.com/how-do-you-tell-if-someone-is-remotely-viewing-your-computer/
- ↑ https://support.apple.com/guide/mac-help/open-apps-files-servers-mac-mchlp2724/mac
- ↑ Michael Thompson-Brown. Cybersecurity Expert. Expert Interview. 11 January 2024.
- ↑ https://support.apple.com/en-us/HT201464
- ↑ https://www.youtube.com/watch?v=RRbkvseO-4k
- ↑ Yaffet Meshesha. Computer Specialist. Expert Interview. 22 September 2020.
- ↑ Michael Thompson-Brown. Cybersecurity Expert. Expert Interview. 11 January 2024.
- ↑ Yaffet Meshesha. Computer Specialist. Expert Interview. 22 September 2020.
- ↑ https://www.youtube.com/watch?v=RRbkvseO-4k
About This Article
Article Summary
X
1. Disconnect from the internet and all other networks.
2. Opening Task Manager.
3. Click the Processes
tab.
4. Look for remote access programs that are running.
5. Click the Performance
tab.
6. Look for high CPU usage.
Did this summary help you?
Thanks to all authors for creating a page that has been read 1,829,496 times.
Reader Success Stories
- "Great advice! Accurately diagnosed host remote access after observing abnormal dynamic screen adaption."
Advertisement
"Great advice! Accurately diagnosed host remote access after observing abnormal dynamic screen adaption."
"It made me aware that my psycho ex was indeed stalking me."
"Great help, I'm much more informed and wiser."
