How to Know if You Have Spyware on Your Computer

If you notice slowness on your machine or network, changes to your browser, or other unusual activity, then it’s possible that your computer has been infected with spyware.

Method 1

Method 1 of 4:

Using HijackThis (Windows)

Download Article

1
Download and install HijackThis. HijackThis is a diagnostic tool for Windows used to detect the presence of spyware. Double-click the installer to run it. Once installed, launch the software.
- Other free software like Adaware or MalwareBytes, will also function with a similar process.
2
Press “Config…”. This button is located in the lower right corner under “Other Stuff” and will take you to a list of options for the program.
- Here you can toggle important options (like file backups) on or off. Making a backup is a good, safe practice when working with removing files or software. They do take up a small amount of storage space, but the backups can always be removed later by deleting them from the backups folder.
- Note that “Make backups before fixing items” is toggled on by default.
Advertisement
This button replaces the “Config…” button while the configuration menu is open.
This button is located in the lower left corner and will generate a list of potentially bad files. It is important to note that HijackThis does a quick scan of likely locations for malicious software. Not all of the results will be harmful.
5
Select the checkbox next to a suspicious item and click “Info on selected item…”. This will give details about the item and why it was flagged in a separate window. Close the window when you are done reviewing.
- Details will typically include the file location, the likely use of the file, and the action to be taken as a fix.
6
Press “Fix checked”. This button is located in the lower left and the software will either repair or remove the selected file, depending on its diagnosis.
- You can fix multiple files at a time by selecting the checkbox next to each file.
- Before making any changes, HijackThis will create a backup (by default) so that you can undo your change.
7
Restore from a backup. If you want to undo the changes made by HijackThis, press “Config” in the lower right, then “Backup”. Select your backup file (marked with the date and timestamp it was created) from the list and press “Restore”.^{[1]XResearch source}
- Backups persist through different sessions. You can close HijackThis and then restore a file from a backup at a later time.

Method 2

Method 2 of 4:

Using Netstat (Windows)

Download Article

1
Open a command line window. Netstat is a built-in Windows utility that can help detect the presence of spyware or other malicious files. Press ⊞ Win + R to manually run a program and enter “cmd”. The command line allows you to interact with the operating system using text commands.
- This approach is good for those who want to avoid using third party software or take a more manual approach to the malicious software removal.
- Make sure you run an elevated command prompt window by choosing Run as administrator.
2
Enter the text “netstat -b” and hit ↵ Enter. This will display a list of programs utilizing a connection or listening port (i.e. processes connecting to the internet).
- In this context, ‘b’ stands for binary. The command displays the running “binaries” (or executables) and their connections.
3
Identify bad processes. Look for unfamiliar process names or port usage. If you are unsure about a process or its port, research its name online. You'll find others who have encountered the process and they can help identify it as malicious (or harmless). When you have confirmed a process as malicious, it is time to remove the file running it.
- If you are unsure whether the process is malicious or not after researching, then it is best to leave it alone. Tampering with the wrong files may cause other software to not work properly.
This will open the Windows Task Manager, which lists all of the processes running on your computer. Scroll to locate the name of the bad process you found in the command line.
This will take you to the directory location of the bad file.
6
Right-click the file and select “Delete”. This will move the bad file to the Recycling Bin. Processes cannot run from this location.
- If you receive an alert that the file cannot be deleted because it is in use, return to the Task Manager, select the process and press “End Task”. This will end the process immediately so that it can be moved to recycling.
- If you deleted the wrong file, you can double-click the recycling to open it and then click and drag to move the file back out.
This will permanently delete the file.

Method 3

Method 3 of 4:

Using the Terminal (Mac)

Download Article

1
Open the Terminal. Through the Terminal, you'll be able to run a diagnostic that can detect the presence of spyware on your computer. Go to “Applications > Utilities” and double-click Terminal to launch. This program allows you to interact with the operating system using text commands.
- Alternately you can search for “Terminal” in the Launchpad.
2
Enter the text “sudo lsof -i | grep LISTEN” and hit ⏎ Return. This will instruct the computer to output a list of processes and their network information.^{[2]XResearch source}
- sudo gives root access to the command, allowing it to view system files.
- ”lsof” is short for “list of open files”. This allows you to see running processes.
- ”-i” specifies that the list of open files must be utilizing the network interface. Spyware will try to use to the network to communicate with outside sources.
- ”grep LISTEN” is a command to the operating system to filter for those using listening ports -- a necessity for spyware.
Your password will not be displayed in the terminal, but it will be entered. This is necessary for the ‘sudo’ command.
4
Identify bad processes. Look for unfamiliar process names or port usage. If you are unsure about a process or its port, research its name online. You'll find others who have encountered the process and they can help identify it as malicious (or harmless). When you have confirmed a process as malicious, it is time to remove the file running it.
- If you are unsure whether the process is malicious or not after researching then it is best to leave it alone. Tampering with the wrong files may cause other software to not work properly.
5
Enter “lsof | grep cwd” and hit ⏎ Return. This will list the folder locations of the processes on your computer. Find the bad process in the list and copy the location.
- ”cwd” stands for current working directory.
- To make the lists easier to read through, you can run this command in a new Terminal window by pressing ⌘ Cmd + N while in the Terminal.
6
Enter “sudo rm -rf [path to file]” and hit ⏎ Return. Paste the location into the bracketed space (do not type the brackets). This command will delete the file at that path.
- ”rm” is short for “remove”.
- Make absolutely sure you want to remove the entered item. This process is irreversible! You may want to perform a Time Machine backup beforehand. Go to “Apple >System Preferences > Time Machine” and select “Backup”.

Method 4

Method 4 of 4:

Detecting and Removing Spyware on Android

Download Article

1
Identify suspicious behavior. If you are experiencing frequently slow network speeds, or are receiving unfamiliar/suspicious text messages, then you may have spyware on your phone.^{[3]XResearch source}
- Text messages with gibberish text or requesting replies with certain codes are good indicators that you may have spyware.
EXPERT TIP
Brandon Phipps
Technology Specialist
Brandon Phipps is a Technology Specialist based in Bakersfield, CA. He is the owner of Second Star Technologies and specializes in Managed IT Services for small and mid-sized businesses in Bakersfield, CA. With over 23 years of experience, he offers expert cloud computing, cybersecurity, and network management solutions. Brandon is a committed community member and coach who leads and innovates in tech and sports coaching. His dedication to local businesses and communities is evident in his hands-on, tailored approach to IT solutions.
Brandon Phipps
Technology Specialist
Detect spyware by reviewing your system settings regularly. Keep an eye out for unfamiliar apps running, your phone turning off randomly, or strange icons popping up. Be aware that certain spyware may be well-hidden and difficult to detect through a basic system review.
Open the “Settings” app and tap “Data Usage”. You can scroll down to view the data usage of your different apps. Unusually high data usage may be a sign of spyware.
3
Back up your data. Connect your phone to your computer via USB, then drag and drop your data (e.g. photos or contact info) to back it up.
- Since the device and your computer are running different operating systems, your computer will not become infected.
This opens a menu with a number of restoration options, including restoring the phone to factory settings.
This button appears at the bottom of the "Backup and Reset" menu.
6
Tap “Reset Phone”. Your phone will automatically restart and remove all apps and data, including any spyware, restoring the phone to its factory state.
- Resetting the phone removes ALL of your stored data on the device. Make sure you make a backup first or don't mind losing the data!

Community Q&A

Search

Add New Question

Question
What should I do if I cannot download an anti-virus?
R2_d2000
Top Answerer
Try to download different anti-virus programs to see if one works. If this does not work, then try to start Windows in safe mode and install the antivirus, or try the task manager. If all else fails, then you might want to reinstall Windows.
Thanks! We're glad this was helpful.
Thank you for your feedback.
If How.com.vn has helped you, please consider a small contribution to support us in helping more readers like you. We’re committed to providing the world with free how-to resources, and even $1 helps us in our mission.Support How.com.vn
Yes No
Not Helpful 2 Helpful 4
Question
How do I remove the Spyware on my computer?
Community Answer
The best thing you can do is download an anti-virus or anti-malware program and run a scan. After the scan, the program will prompt you to delete the Spyware.
Thanks! We're glad this was helpful.
Thank you for your feedback.
If How.com.vn has helped you, please consider a small contribution to support us in helping more readers like you. We’re committed to providing the world with free how-to resources, and even $1 helps us in our mission.Support How.com.vn
Yes No
Not Helpful 9 Helpful 8
Question
How can I remove spyware from an iPhone SE?
R2_d2000
Top Answerer
You need to do a factory reset to remove spyware off of an iPhone, as Apple does not allow anti-virus apps.
Thanks! We're glad this was helpful.
Thank you for your feedback.
If How.com.vn has helped you, please consider a small contribution to support us in helping more readers like you. We’re committed to providing the world with free how-to resources, and even $1 helps us in our mission.Support How.com.vn
Yes No
Not Helpful 1 Helpful 3

See more answers

Ask a Question

200 characters left

Include your email address to get a message when this question is answered.

Submit

Tips

Avoid opening or downloading files if you don't know where they're coming from since they may contain spyware.^{[4]XExpert SourceLuigi Oppido
Computer & Tech SpecialistExpert Interview. 31 July 2019.}
Thanks
Helpful0 Not Helpful0
Always click "No" if an unknown program is asking for user control.^{[5]XExpert SourceLuigi Oppido
Computer & Tech SpecialistExpert Interview. 31 July 2019.}
Thanks
Helpful0 Not Helpful0
Install reputable antivirus and antimalware programs on your computer to help prevent spyware.^{[6]XExpert SourceLuigi Oppido
Computer & Tech SpecialistExpert Interview. 31 July 2019.}
Thanks
Helpful0 Not Helpful0

Show More Tips

Submit a Tip

All tip submissions are carefully reviewed before being published

Submit

Thanks for submitting a tip for review!

Warnings

Use caution when removing unfamiliar items. Removing items from the “System” folder on Windows can cause damage to your operating system and force you to reinstall Windows.
Thanks
Helpful1 Not Helpful1
Use similar caution when removing items from Mac with the Terminal. If you think you see a bad process, try researching it on the internet first!
Thanks
Helpful0 Not Helpful0