TL;DR
An attacker having screenshots of your computer means they’ve likely installed spyware or gained access through a compromised account. This guide helps you identify the problem, remove threats, and secure your accounts.
1. Stay Calm & Disconnect
- Disconnect from the Internet: Immediately disconnect your computer from Wi-Fi and Ethernet to prevent further data leakage.
- Don’t Panic: While serious, many solutions are available. Avoid making rash changes that could hinder investigation.
2. Identify Potential Entry Points
Think about what you’ve been doing online recently. Common ways attackers gain access include:
- Phishing Emails: Did you click any suspicious links or download attachments from unknown senders?
- Malicious Websites: Have you visited any untrustworthy websites recently?
- Compromised Accounts: Are your email, social media, or banking accounts secured with strong, unique passwords?
- Software Downloads: Did you download software from unofficial sources?
3. Scan for Malware
Run a full system scan with reputable anti-malware software. Consider using multiple scanners as some malware can evade detection.
- Windows Defender: Windows’ built-in security is a good starting point. Run a full scan.
Start > Settings > Update & Security > Windows Security > Virus & threat protection > Scan options > Full scan - Malwarebytes: A popular and effective anti-malware tool. Download from https://www.malwarebytes.com (free version is sufficient for scanning).
- HitmanPro: Another excellent scanner that can find threats others miss. Download from https://www.hitmanpro.com (trial available).
4. Check Running Processes
Look for suspicious processes running on your computer.
- Task Manager: Press Ctrl+Shift+Esc to open Task Manager. Look for unfamiliar programs or high CPU/memory usage.
Ctrl + Shift + Esc > Processes tab > Sort by CPU or Memory - Process Explorer (Advanced): Download from https://docs.microsoft.com/en-us/sysinternals/downloads/process-explorer. Provides more detailed information about running processes. Research any unfamiliar entries online before taking action.
Caution: Do not end processes unless you are certain they are malicious, as this could cause system instability.
5. Review Installed Programs
- Windows Control Panel: Go to Control Panel > Programs > Programs and Features. Uninstall any programs you don’t recognize or didn’t intentionally install.
6. Secure Your Accounts
- Change Passwords: Change passwords for all important accounts (email, social media, banking, etc.). Use strong, unique passwords for each account. A password manager can help.
- Enable Two-Factor Authentication (2FA): Add an extra layer of security to your accounts by requiring a code from your phone or authenticator app in addition to your password.
7. Check Browser Extensions
- Review Extensions: In your browser settings, review the list of installed extensions and remove any you don’t recognize or trust. Malicious extensions can track your browsing activity and steal data.
8. Consider a System Reset (Last Resort)
If you suspect deep-rooted malware that cannot be removed, consider resetting your operating system to its factory settings. Back up important files first! This will erase all data on your computer.
- Windows Reset: Go to Settings > Update & Security > Recovery > Reset this PC.
9. Report the Incident
- Report to Authorities: If you believe your identity has been stolen or financial information compromised, report the incident to your local police and relevant authorities (e.g., Action Fraud in the UK).
10. Improve Your cyber security Habits
- Be cautious of emails: Don’t click links or download attachments from unknown senders.
- Use strong passwords and 2FA: Protect your accounts with unique, complex passwords and enable two-factor authentication whenever possible.
- Keep software updated: Regularly update your operating system and applications to patch security vulnerabilities.
- Install anti-malware software: Use a reputable anti-malware program and keep it up to date.