Checking Windows computers for monitoring or spyware

Windows machines can be vulnerable to all sorts of digital tampering — from keyloggers to remote control tools. This guide walks you through how to check a Windows laptop or desktop safely, even if you’re not especially tech-savvy.

If you’re supporting someone in an IPA context, especially after a partner had access to their computer, these steps can help detect common signs of surveillance.

1. Run Malwarebytes from a USB stick

To be safe, don’t install anything directly on a suspicious machine. Instead, run a portable version of a trusted antivirus tool.

What you’ll need:

  • A USB stick with the Malwarebytes portable scanner downloaded from a clean, safe computer beforehand.

Steps:

  1. Plug the USB into the Windows machine.

  2. Open File Explorer and double-click the Malwarebytes file.

  3. Follow prompts to run the scanner without installing.

  4. Let it do a full scan (this may take 15–30 minutes).

  5. If anything suspicious is found, choose Quarantine to isolate it.

This avoids tipping off any spyware that might be monitoring new installations.

2. Look for signs of a keylogger or remote control

Keyloggers record everything typed — including passwords and private messages — and can be invisible unless you know where to look.

Here’s a basic check:

  1. Press Ctrl + Alt + Delete.

  2. Click Task Manager.

  3. In the Processes tab, look at what’s using a lot of CPU or memory.

What to look for:

  • Names that don’t make sense (e.g., “sysmon.exe” or “winlogsvc” — anything that isn’t part of normal Windows use).

  • Software you don’t recognise, especially if it’s running in the background constantly.

  • Tools like TeamViewer, AnyDesk, or Chrome Remote Desktop that allow someone else to control the machine remotely.

Shelter tip: In Liverpool, advocates found abusers using Chrome Remote Desktop to stay connected to survivors’ machines — even after breakups.

If something looks dodgy, note the name and do a quick search from a separate, trusted device to see if it’s legitimate.

3. Review browser extensions

Browsers are a common entry point for monitoring tools — especially extensions that appear harmless but can track everything the user does online.

For Chrome:

  1. Open Chrome.

  2. Type chrome://extensions into the address bar and press Enter.

  3. Go through the list of extensions.

What to look for:

  • Anything the person didn’t knowingly install

  • Tools with vague names like “Web Helper,” “Video Downloader,” or “Search Enhancer”

  • Extensions with permissions like “Read and change all your data on websites you visit”

Click Remove on anything suspicious. If in doubt, better to remove it — it can always be reinstalled later if legitimate.

Notes

  • If someone is worried the machine is deeply compromised, consider doing sensitive work (like account changes) on a different device entirely.

  • Keep a written or photographed record of anything suspicious, especially if reporting to law enforcement or support services.

Spyware doesn’t always show up loudly. It often relies on invisibility. So quiet investigation like this can make all the difference.

Last update: 2025-06-11 07:09