How to fix computer if you have been hacked or spammed

Has a scammer recently gained control of your computer and you want to make sure they no longer have access?

scammer calling

Scammers use multiple ways of getting control of your computer, some you have control of (you inadvertently grant them access) and others gain access via a computer virus or phishing attack (from a malicious email or compromised website)

These scams are also known as “Remote access scams” or “Technical support scams” and usually involve scammers contacting people over the phone to get access to their computers and to steal their money.

There are multiple ways of defending yourself against such attacks (anti-virus programs, patching programs etc) but this article deals with the deep-cleaning of your computer to remove any programs that may still be lurking on your computer and giving access to others.

To gain access to your computer remotely the scammer must have used an existing or installed a remote access program on your computer… or you have a virus or malware program installed that is doing same. First action is to detect and remove them.

What are Remote-Access Programs?

Remote Access Programs

There are hundreds of legitimate remote-access software products out there legitimately employed by computer-support companies to remotely fix issues on client computers.

Most of these programs will sit inactive on your computer until activated usually by means of a shared code generated when you run the program.

The majority of these programs only work on Microsoft Windows computers (Windows 11, Windows 10, Windows 8/7 etc) but there are a limited number that will also work on Apple Mac computers.

Scammers tend to use the same popular programs used by Microsoft and legitimate IT support companies include “GoToAssist“, “AnyDesk“, “LogMeIn” “ConnectWise Control“,”ScreenConnect” and “TeamViewer” but there are hundreds of others (see here)

Windows 11 and Windows 10 computers also have a built-in-function called “QuickAssist” which does the same thing but cannot be removed as it is built-into Windows.

Most programs require you to pass a code to the remote operator before they can get one-time access (which is only valid until you reboot your computer), so action #1 is to power down your computer or laptop and reboot it. Simply closing the lid of the laptop is not enough. Hold down the power button for at least 30 seconds to ensure the device is completely closed down. Then restart as you usually would.

Rebooting the computer should break the remote session if the installed program was running a single-use session, however, some remote programs such as “TeamViewer” also have a “Host” version that allows remote control at any time the computer is switched on.

So the best way of preventing future events is to look for and remove ALL remote access programs from your computer.

How to check what programs are currently running on your computer

On a Windows computer run “Task Manager” (see How to run Task Manager on Windows 11) there are six ways to do this but the easiest is to right-click the Start button on the taskbar. Select “Task Manager” from the menu that appears.

Task Manager

If all is well, you should only see legitimate programs listed here that are currently running on your computer. If you see a program that you do not recognise, force close it by right-clicking over the program and selecting “End Task”

How to End a task

If you are unsure what the particular program does, select “Search Online” and a browser window will open and give you information about the program.

If “End Task” is greyed-out and not available, then it means you need “admin-rights” to access the task … close task-manager and run Task Manager as an Administrator.

teamviewer running in task manager
An Example of TeamViewer running in the Task Manager.

On an Apple Mac computer simple press Command-Option-Escape to see all open applications

Force Quit Applications

Select any unrecognised or remote control programs such as “TeamViewer” and click the Force-Quit button to quit that program.

Removing Remote Access Programs from Windows Computers

Look in the programs or Apps and uninstall any you think maybe remote access programs or have been recently installed and you do not know what they are

Uninstall Teamviewer

Alternatively, from the start button goto – Settings > Apps > Installed Apps

This shows a list of the programs installed on your computer. Look for recently installed programs that you do not recognise or correspond with the date of the security incident you encountered. Uninstall any you suspect.

unistall Teamviwer Windows

Removing Remote Access Programs from Mac Computers

In Finder locate the Applications folder and locate any remote-access programs and then by simply dragging the icon to the Trash and follow the prompts to remove the application

Uninstall Teamviewer Mac

Removing Viruses and Malware from Windows computers

The best program to detect and remove malware and computer viruses is called “MalwareBytes” and there is a FREE-Trial version available for occasional users. You can find the Windows version here 

malwarebytes

Download the file, install the program and let it run and it will automatically detect any suspect programs. All all suspect programs to be quarantined. Your computer may need to restart into safe mode to complete the process, allow this to happen and follow all instructions.

MalwareBytes will clean up your computer but will not prevent further infections. To stop this happening again, keep your devices updated with the latest patches from Microsoft and purchase a reliable Anti Virus product for Windows such as Bitdefender

 

Removing Viruses and Malware from Mac computers

The best program to detect and remove malware and computer viruses is called “MalwareBytes” and there is a FREE-Trial version available for occasional users. You can find the Mac OS version here 

malwarebytes

Download the file, install the program and let it run and it will automatically detect any suspect programs. All all suspect programs to be quarantined. Your computer may need to restart into safe mode to complete the process, allow this to happen and follow all instructions.

MalwareBytes will clean up your computer but will not prevent further infections. To stop this happening again, keep your devices updated with the latest patches from Apple and purchase a reliable Anti Virus product for Mac such as Trend Micro

How to prevent Remote-Access when your computer is unattended.

The simplest way of preventing your Computer or Mac from being accessed when unattended is to always shut the device down after use. Do not simply close the lid or let it go to sleep.

Close it down from the menu or simply hold the power button down for 30 seconds.

Further Help and reading

  • Visit the Australian Competition and Consumer Commission’s (ACCC) Scamwatch website to learn more about current scam types.
  • Contact not-for-profit ID Care via raising an online request form  ID Care are Australia and New Zealand’s national identity and cyber safety support service. They have a team of trained counsellors that can assist individuals facing identity and cyber security concerns. https://www.idcare.org
  • Visit the Australian Communications and Media Authority Website to learn more about online scams and misinformation.
  • The Australian Cyber Security Centre (ACSC) is a federal government led initiative to securely report instances of cybercrime. You can submit a Report at www.cyber.gov.au.