In today's hyper-connected environment, our computers act as portals to a wide array of services and resources that we use daily.
Whether buying groceries or checking your bank account, your computer has become a one-stop solution for managing daily tasks. With this level of accessibility, however, comes a fair share of security risks.
When you connect your computer to the internet, the possibility of unwanted intrusion from hackers and cybercriminals increases.
In the worst-case scenario, malware deployment through fraudulent emails and links results in remote access to sensitive information stored on your hardware.
Fortunately, there are tools available to you that can provide remote access detection and help ensure that you have the security systems in place to eliminate these potential threats.
Few things are scarier than an active intrusion on your computer. If you believe that your computer is under the control of a hacker, the first thing you should do is disconnect from the internet.
Once you're safely disconnected, you can search for the entry point that the hacker used to access your system and remove it. After your system has been safely locked down, you can take steps to prevent more intrusions in the future.
Checking For Signs Of Intrusion
Disconnect Your Computer From The Internet.
If you believe someone is accessing your computer remotely, disconnect the computer from the internet. This includes removing any Ethernet cables and turning off your Wi-Fi connections.
- Some of the more obvious signs of active intrusion would be your mouse moving without your control, apps opening in front of your eyes, or files actively being deleted. However, not all pop-ups should be concerning--many apps that update automatically can generate pop-ups during the update process.
- Slow internet or unfamiliar programs are not necessarily the result of someone gaining remote access to your computer.
Check The List Of Recently Accessed Files And Apps.
Both Windows PCs and Macs make it easy to view a list of the last files you've accessed, as well as your most recently-used apps. If you see something unfamiliar in these lists, someone may have access to your computer. Here's how to check:
- Windows: To see recently-opened files, press the Windows Key + E to open the File Explorer. At the bottom of the main panel, check the section called "Recent files" to see if there's anything you don't recognise. You can also view recently-opened apps at the top of the Start menu.
- Mac: Click the Apple menu at the top-left corner of the screen and select Recent Items. You can now click Applications to see recently-used apps, Documents to see files, and Servers to see a list of remote outgoing connections.
Open Your Task Manager Or Activity Monitor.
These utilities can help you determine what is currently running on your computer.
- Windows – Press Ctrl + Shift + Esc.
- Mac – Open the Applications folder in Finder, double-click the utility folder, and then double-click Activity Monitor.
Look For Remote Access Programs In Your List Of Running Programs.
Now that Task Manager or Activity Monitor is available, check the list of currently running programs, as well as any programs that look unfamiliar or suspicious. These programs are popular remote access programs that may have been installed without your permission:
- VNC, RealVNC, TightVNC, UltraVNC, LogMeIn, GoToMyPC, and TeamViewer.
- Look for any programs that seem suspicious or that you don't recognise either. You can perform a web search for the process name if you aren't sure what a program is.
Look For Unusually High Cpu Usage.
You'll see this in the Task Manager or the Activity Monitor. While high CPU usage is common and is not indicative of an attack, high CPU usage while you're not using your computer could indicate that processes are running in the background, which you may not have authorised. Be aware that high CPU usage could be a program updating or a torrent downloading in the environment that you forgot about.
Scan Your Computer For Viruses And Malware.
If you're using Windows 10, you can use the built-in scanning tools in Settings > Update & Security > Windows Security to check for rogue applications. If you're using a Mac, check out How to Scan a Mac for Malware to learn how to use Mac-based scanning tools.
- Malware is typically the easiest way for hackers to infiltrate your personal computer.
- If you don't have an antivirus, download an installer on another computer and transfer it to your computer via USB. Install the antivirus and then run a scan with it.
- A free, easy-to-use third-party anti-malware scanner available for both PCs and Macs is Malwarebytes Anti-Malware.
Quarantine Any Items That Are Found.
If your antivirus or anti-Malware detects any items during the scan, quarantining them will prevent them from affecting your system more.
Download And Run The Malwarebytes Anti-rootkit Beta.
You can get this program. This will detect and remove "rootkits," malicious programs that exist deep in your system files. The program will scan your computer, which may take a while to complete.
Monitor Your Computer After Removing Any Malware.
If your antivirus and Anti-Malware found malicious programs, you may have successfully removed the infection, but you'll need to keep a close eye on your computer to ensure that the condition hasn't remained hidden.
Change All Of Your Passwords.
If your computer was compromised, then there's a possibility that all of your passwords have been recorded with a keylogger. If you're sure the infection is gone, change the passwords for all of your various accounts. You should avoid using the same password for multiple services.
Log Out Of Everything Everywhere.
After changing your passwords, go through each account and log off completely. Make sure that you log out of any device that is currently using the account. This will ensure that your new passwords will take effect, and others will not use the old ones.
Perform A Whole System Wipe If You Can't Get Rid Of The Intrusion.
If you're still experiencing intrusions or are concerned that you may still be infected, the only way to be sure is to wipe your system and reinstall your operating system completely. You'll need to back up any critical data first, as everything will be deleted and reset.
- When backing up any data from an infected machine, make sure to scan each file before backing it up. There's always a chance that reintroducing an old file can lead to a re-infection.
- See Wipe Clean a Computer and Start Over for instructions on formatting your Windows or Mac computer and reinstalling the operating system.
Preventing Future Intrusions
Keep Your Antivirus And Antimalware Software Up-to-date.
An up-to-date antivirus program will detect most attacks before they can happen. Windows comes with a program called Windows Defender that is a competent antivirus that updates automatically and works in the background. There are also several free programs available, such as BitDefender, avast!, and AVG. You only need one antivirus program installed.
- Windows Defender is effective antivirus software that comes pre-installed on Windows computers. See Turn On Windows Defender for instructions on enabling Windows Defender on your Windows computer.
- See Install an Antivirus for instructions on installing an antivirus program if you don't want to use Defender. Windows Defender will automatically deactivate if you install another antivirus program.
Make Sure Your Firewall Is Configured Correctly.
If you're not running a web server or running some other program that requires remote access to your computer, there is no reason to have any ports open. Most programs that require ports will use UPnP, which will open ports as necessary and then close them again when the program isn't in use. Keeping ports open indefinitely will leave your network empty to intrusions.
- See Set Up Port Forwarding on a Router and ensure that none of your ports is open unless necessary for a running server.
Be Very Careful With Email Attachments.
Email attachments are one of the most common ways for viruses and malware to get onto your system. Only open attachments from trusted senders, and even then, make sure that the person intended to send you the attachment. If one of your contacts has been infected with a virus, they may send out attachments without knowing it.
- In addition, be wary of any emails you receive that ask you for personal information. Sometimes phishing websites will closely mimic sites you trust to get your username, password, or other sensitive information.
Make Sure Your Passwords Are Strong And Unique.
Every service or program you use that is password-protected should have a unique and complicated password. This will ensure that a hacker cannot use the password from one hacked service to access another. See Manage Your Passwords for instructions on using a password manager to make things easier for you.
Try To Avoid Public Wi-fi Spots.
Public Wi-Fi spots are risky because you have zero control over the network. You can't know if someone else using the area is monitoring traffic to and from your computer. By doing this, they could gain access to your open browser session or worse. You can mitigate this risk by using a VPN whenever you are connected to a public Wi-Fi spot, which will encrypt your transfers.
- See Configure a VPN for instructions on setting up a connection to a VPN service.
Be Very Wary Of Programs Downloaded Online.
Many "free" programs that you find online come with extra software that you likely did not want. Pay close attention during the installation process to ensure that you decline any additional "offers." Avoid downloading pirated software, as this is a common way for viruses to infect your system.
Remote Access Detection Basics
If you have ever wondered, "Is someone else controlling my computer," you are not alone. Third-party manipulation of your computer hardware via the internet is a pressing problem that should be addressed as quickly as possible to avoid falling victim to severe cybercrimes.
When someone gains remote access to your computer, your hardware executes tasks independent of your engagement. For example, if your computer has been remotely accessed, you may see applications opening spontaneously or notice odd slowdowns in operating speed. This is a telltale indication that someone is using your system without your consent. In a situation such as this, your first action should be to immediately power off your computer and deactivate any connections to wireless or LAN-based internet. While this is not a permanent fix, it terminates any remote access that had been in progress immediately.
Using The Task Manager To Detect Access
You can use the Windows Task Manager to assess whether any programs have been opened on your computer without your knowledge. If you see programs in use that you did not execute, this is a strong indication that remote access has occurred. You can press the "Ctrl," "Alt", and "Delete" keys in combination to open your computer's Task Manager. From here, it is a matter of reviewing current programs in operation and identifying any abnormal remote access to your computer actions.
Reviewing Your Firewall Settings
Select the "Windows Firewall" option from your computer's control panel to explore the current settings for your firewall security. The firewall acts as a powerful shield against unwanted remote access. If you notice that a program has been granted access to move past your firewall without your consent, this could be a sign that a hacker has enabled remote access. If this is the case, immediately remove any changes that have been made to your firewall, restart your computer, and run an antivirus scan on your hardware. If you take these steps, you can significantly block further remote access. If you are still unsure whether your computer is protected, take your hardware to a professional service to evaluate your remote access detection protocols.
When Can Remote Access To Your Computer Be Helpful?
There are many scenarios and possible applications of remote access. Most of them, however, rely on access to folders and files stored on your home computer. It is worth remembering that the alternative to ensuring constant access to your files from anywhere in the world is data clouds, i.e. online user data storage services such as Dropbox, OneDrive, Google Drive and many, many more. So if a service like Dropbox gives the user access to their data from anywhere in the world, does remote access still make sense? Of course. Remote connection with your computer provides access not only to its disk resources, i.e. files and folders of the user but to all functions performed by the computer with which we are remotely connected.
How Do Scammers Abuse Remote Access Software?
If someone you don't know is asking to access any of your devices and wants you to download specific software: Be careful! You're at risk of becoming a victim of a remote access scam.
Usually, these criminals will call and report a computer or internet problem they have detected and offer help. They will probably say they work for a widely-known company such as Microsoft or even your bank.
- Never trust a call you weren't expecting.
- Don't trust the "help" offered that you did not request.
- No bank or company will ask you over the phone to download software.
How To Detect Scammers?
Scammers are basically after your money. So what's their next step after accessing your device? They will probably try to access your bank account.
If someone who is remotely connected to your device is asking you to log in to your bank account or to show any personal passwords, they are most likely a scammer. Don't follow their instructions! Even if they say you need to pay them because they are alleged to have solved a problem you were having with your computer or internet connection, don't trust them. You didn't ask for their "help."
Don't forget, if you feel uncomfortable or insecure, you can:
- Stop any phone call just by hanging up.
- End any remote session by simply turning off your device
How To Know If You Should Allow Someone To Access Your Computer Remotely
Now you know how you can tell if someone is remotely accessing your computer. But believe it or not, there are cases where you'll want to allow remote access to your computer.
One of the most popular reasons to allow remote access is to get minor computer repairs.
These services tend to be faster and cheaper than traditional computer repair options. But are they safe?
If you are considering any service that requires remote access, ask yourself:
- Is the company reputable?
- Would you trust the same company to have physical access to your computer?
- Do the benefits outweigh the risks?
- Did they contact you first? If so, this is almost certainly a scam: do NOT give them access!
If you answered yes to these questions, then feel free to hire the company. But be sure to stay vigilant. Remember: just because you can see what they're doing on your desktop doesn't mean there isn't more going on beneath the surface.