Helping people with computers... one answer at a time.

Anyone with physical access to your computer can do anything with or to it. I'll look at cleaning up after loaning it to the wrong person.

I have a classmate who borrowed my computer at school one day. He is really talented when it comes to computers and I am not. He did something to my computer that allows him to access my webcam from his computer. I have no idea how he did that, but when I use the computer, I can suddenly see the light indicating that my webcam is running and he can watch me. It's creepy and I don't know how to undo what he did. My question to you is how can I remove his access to my webcam?

You're right. It is creepy.

And depending on where you live, it might actually be an illegal form of harassment or even assault.

If this person is really your friend, you would ask him to remove it, he would, and you'd believe him when he told you that there was nothing left of his handiwork on your machine.

But because you've come to me instead, I can only assume at least one or more of those conditions is not true.

Get a better friend

Unfortunately, all of the techniques to get rid of what amounts to spyware are fairly technical in nature. If you don't feel knowledgeable enough to handle those kinds of things, then the solution boils down to a completely a different approach.

“Unfortunately, once your machine has been compromised, there's no way to ever guarantee that all malware has been removed ...”

Find someone you trust - completely - and who is technical enough to be able to handle situations like this.

Unfortunately, it's very difficult to know exactly who to trust. Trust the wrong person and you could end up with even more malicious software on your computer than you started with.

And I can tell you from all of the questions that I get on Ask Leo!, it's extremely common for friends who you might trust today to turn out to be exceptionally untrustworthy tomorrow.

But I do suggest this first because for many people, it's often the only practical approach.

Just don't trust too quickly or easily, OK?

Get professional help

Another approach would be to take your computer into a computer shop or a repair shop and see if they have a service or recommendation for a service that would clean this up for you.

Obviously, this will most likely cost money.

Not so obviously is that the approach that they take might well be significantly more severe than you might think.

And yet, it's really the only option that's guaranteed to work completely.

Backup, reformat, and reinstall

Here's the problem: You don't know what your classmate did.

More completely, you don't know what else your classmate may have done.

Sure, he installed something that apparently controls your webcam and allows him to look in on you. But he could have done much, much more.

He could have installed other spyware or malware that's not nearly as easy to notice.

Unfortunately, once your machine has been compromised, there's no way to ever guarantee that all of the malware has been removed by the various tools and techniques that might be employed.

None.

Short of erasing everything and starting over, that is.

So, the safest approach is to backup your entire system and then reformat the hard disk, erasing everything on it. Then, you'll reinstall Windows and all of your applications and restore your data from that backup.

Now, you can see why it's critical to never, ever loan your computer to someone who you don't completely trust.

Do-it-yourself

Most people find the steps that I've listed so far unacceptable. Perhaps they have no technically savvy friends that they would trust to this degree. Perhaps they can't afford professional help. Or perhaps they don't have the time, resources, or ability to do a complete reformat and reinstall.

They just want to know what programs to run to get rid of whatever it is.

Even though after running those programs, there's still no guarantee that there still isn't malware on the machine.

Fine. Here's what I'd do:

  • First, put a piece of masking or electrical tape over the webcam, blocking its ability to see anything. That portion of your privacy, at least, is instantly restored.

  • I'd seriously consider uninstalling the webcam completely. If it's part of your laptop, I'd uninstall its drivers. The result is that there's no webcam for him to control remotely. Yes, that means you can't use the webcam either; that's the price that you'd pay.

  • I would follow all of the steps outlined in How do I recover from a bad virus infection?

  • If you end up not reformatting and reinstalling, I'd probably also add scans by Spybot Search & Destroy (free) and perhaps Ad-Aware Free anti-spyware tools as well.

The lesson to learn

The single biggest lesson to learn here is to never loan your computer to someone you don't completely trust.

As I've often said, "If it's not physically secure, it's not secure." Anyone who has physical access to your computer can, if they know what they're doing, access all your data, compromise your online accounts, and install malicious software on your computer.

All without your knowing about it until it's too late.

Article C5016 - December 20, 2011 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

13 Comments
AG Wright
December 20, 2011 2:29 PM

I'd add Malwarebytes to that list from this link.

http://majorgeeks.com/download.php?det=5756

I like it because it is updated often, like several times a day, so the odds are that it has the definitions of whatever you are fighting.
Everything more is getting into serious geek territory.

Big Geek Daddy
December 20, 2011 3:01 PM

Love the electrical tape suggestion as a quick fix...duct tape and hammer can fix anything...LOL.

Seriously, if she's not going to do a complete reformat of the HD and new install of the OS then I would add TDSSKiller and HitMan Pro to the list of scanners to run.

Ed Boress
December 20, 2011 9:01 PM

Also a freeware piece called Revo Uninstaller will go through all the hoops and uninstall anything related to your web cam (even in the registry). It works great for just such a case. It's not the cure all though.

Ken B
December 21, 2011 9:54 AM

Under "get professional help", you state "Obviously this will most likely cost money."

My wife has been doing such cleanups for clients for years, and she charges $185 for her services. (And most people are happy to pay it.) Of course, unlike those "big box" stores, she does everything she can to clean the system and save the data, leaving the wipe/reinstall as a last resort.

Take that into account, along with "an ounce of prevention is worth a pound of cure".

kptech
December 22, 2011 2:20 PM

If you have Internet Explorer (or other browser) setup to remember your userids and passwords, I'd also make sure you immediately change the password on all your email and other on-line accounts as your "friend" probably has access to them as well...

Learned the hard way not to trust people so readily
December 23, 2011 6:43 PM

First, a word about this "friend": He could be a malignant narcissist who has sociopathic tendencies. For that reason, I suggest that this person make no contact with him ever again. Unfortunately, he will probably do very well in life and become a powerful figure in business or politics.

A hacker whom I'd met online had installed spyware on my computer by way of infected attachments and hyperlinks that were attached to, or embedded in, emails that the hacker had sent me. Soon after I'd realized that the person had hacked my computer, I took my computer to a professional computer technician. The technician "removed" malware and spyware from my computer, but I subsequently realized that the hacker was still spying on my computer. I think this suggests that a hacker can get back into your computer fairly easily if all you do is "remove" his/her spyware. As a result, I'd transferred my personal files - that is, documents, photos, and music files, which are probably still infected - to my other computer, which I suspect is still infected by the hacker's spyware but which is never, nor ever again will be, connected to the internet. I keep those files off my internet-accessible computer. Then, I learned how to flatten the hard drive registry - deleted both or all three partitions; I forget exactly how many - and rebuild my computer. To date, I have not found evidence that the hacker is still spying on my computer. I loaded the OS (20 minutes) from the original disc; my software programs (an hour) from the original discs and manufacturer's websites; and all of the Windows Updates (around 20 hours!). I'm training myself to open emails only from people and sources whom I know or do business with; to scan all email attachments before opening them; and pasting hyperlinks in browser windows. Finally, I'd changed ALL of my passwords, security questions and answers, and when possible, my usernames. The last point is important: If you change your passwords and other information BEFORE you've flattened and rebuilt your computer hard drive, the hacker will just get your new passwords and other information.

I've been told that you should flatten and rebuild your computer once every two or so years, anyway.

Leo, should anyone who finds him or herself in a similar mess run DBAN and/or TrueCrypt before flattening and rebuilding his/her computer?

Hacking is a federal crime, which brings me to a slightly off-topic question: Has anyone here ever had a similar experience with a hacker, reported the hacker's crimes to the FBI, and found that the FBI actually did anything to help prosecute the hacker?

RJ
December 27, 2011 9:58 AM

I would report this to the Police, and I do agree find a new Friend, best thing to do is reformat the computer

fanis
December 27, 2011 12:49 PM

Hello,
when I start my computer runs a error
"
Additional information about the problem:
BCCode: a
BCP1: 00000000
BCP2: 0000001B
BCP3: 00000000
BCP4: 824E29DE
OS Version: 6_0_6002
Service Pack: 2_0
Product: 768_1

Files that help describe the problem:
C:\Windows\Minidump\Mini122711-02.dmp"

Can You please suggest how to fix it?
Happy new Year
Fanis

Carlos Marron
December 27, 2011 6:51 PM

This is a criminal invasion of privacy. Tell the jerk to get it off your or you will press charges. This is unconscionable. Exactly what purpose does this serve. He may also have a put a backdoor on your system.

Jim H
December 28, 2011 5:48 AM

A friend of mine hosted a party and he found someone he knew and considered a friend at his computer. The guy had screens open and was busily engaged with what he was doing. My friend asked the guy what he was doing and he was told "house cleaning" by putting things in folders and deleting unnecessary files because the computer was all cluttered up and poorly organized. It didn't go over too well.

Now, I'm a big proponent of computer privacy and I couldn't imagine in my wildest dreams nosing through someones computer unless I was specifically asked to and poking around was required to accomplish what I was asked to do. I liken it to rearranging some-one's furniture or reading their mail without permission.

The guy who was mucking around with the computer had a 'computer repair service' on the side meaning he worked out of his house and did computer calls at people's homes. mostly family, friends, and friends of the same. There's nothing wrong with a business like that if the tech knows his business.

However, it was later discovered that whenever this guy worked on some-one's computer he installed something and configured the computer so that he could remotely access it. He never told anyone whose computers he worked on that he had done that or installed anything. After my friend's mother had worse problems with her computer after this guy had worked on it and she took it to a computer repair store did she find out that her computer had been configured for remote access.

The people at the repair shop told her the way it was done that there were no permissions needed from the owner/user to connect to the computer and nothing alerted the owner/user that the computer was being remotely accessed.

After his mom told him about it, my friend had his computer checked out and also found out the remote access software and configuration was installed on it. It had obviously been done at the party.

The same tech had worked on about 10 computers for that family and every one was later found to be remotely accessible. There was a file with his computer business name installed which was what called attention to it. When the tech was confronted about it, his explanation was that he did it as a convenience to his 'clients' so if a problem arose, he could be called any time and if he had his laptop with him or was at home, he could check out and likely fix the problem from his computer saving them a service call charge. He did his best to downplay it as "no big deal" and even suggested it was a common practice.

Considering that he never told anyone about that remote access ability before-hand and even after getting busted, never explaining the degree of control and access to everything he had, I think he had quite different ideas that what he said. He did a wonderfully clever job of downplaying what he did and although he lost a number of clients over it. Even though there's a shadow still over his reputation over it, I would bet he still does it. While I could almost understand his reasoning about why he installed it, doing so without the computer owner's knowledge, understanding, and permission is unpardonable.

As far as I know nothing was ever tampered with or any information stolen. I knew the guy that did it from years ago when took some classes together, it would not surprise me to know he did a bit of spying not only with web cams but via the microphone a lot of PCs have built in or added on. It may also explain why he caters to people who are computer illiterate or new to the whole thing.

The point is, even when seeking help from professionals, you still have to be very careful and make sure you understand what they did.

GREG JACKSON
December 28, 2011 2:20 PM

Jim H's comment is a situation that warrants police involvement. When an event such as this involving "about 10 computers for that family", seems substantial enough for legal action. If anything, at least an appointment with this guy to "fix" his computer [wink,wink].

John Servis
February 3, 2012 9:13 AM

In regards to Jim H.'s comment, It's Jerks like that guy that screw things up for people like myself. I operate the same type of small business to supplement my income since becoming disabled. If I were to do something like that, Id likely wind up in jail. This is definitely a situation that warrants legal action. No wonder so many people are opting for spending the extra $100 -$200 and buying a new machine instead of fixing the ones they have.

Gabe Lawrence
February 3, 2012 10:20 AM

I wanted to comment on Jim H's post. I don't know if this repairman had alternative motives (though I tend to agree with your gut reaction that he did) but his unprofessionalism is rivaled only by his unprofessionalism. Any tech like him (myself included) knows there are alternative means to remotely connect that are both legal AND MUTUAL...meaning you have to agree to it before the connection begins AND you can end it at any time AND it’s over when it’s over (meaning I can’t reconnect to you after we’re done). VERY shady business practice and stay completely away from his services but don't write off independent services like mine and John Servis's because we really do want to help and supplement our income in the process.

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.