Imagine a situation where you are working on your laptop and all of the sudden the green light next to your built-in webcam blinks for a second and immediately goes dark again. Would you just ignore it? Or would you start digging around to find out if it was something more serious?
If you want to know which programs are actively using your webcam, or if you believe it is running despite the indicator light being off, here is a short guide to help you out.
First of all, you will need a tool that can show you this type of information. And thanks to Windows Sysinternals, there is a handy software for that – Process Explorer. Conveniently for the users, it is available online and offline (as a downloadable).
As soon as you run the tool, you will need to know the object name of your webcam to identify processes connected to it. This may be a little tricky for less experienced users who don’t know where to look.
This information can be found in the “Device manager”. The easiest way to get there is to use the search bar (available in all the most frequently used versions of Windows). The other option is to go via Control Panel/Hardware and Sound/Device manager.
If you have an integrated webcam, it will appear in the menu under “Imaging devices”, where you need to click on the Details bar, open the drop-down menu and select Physical Device Object name (such as “\Device\0000009c”). Copy the value displayed and move back to the Process Explorer.
Click the binoculars icon or press Ctrl+F and insert the Physical Device Object name to find active processes using your webcam. If this search shows any suspicious activity, you can let your antivirus check if the program using it is malicious.
It is important to note that even though Process Explorer will let you kill the selected process, it will not clean your machine from infiltrations, should there be any. Therefore we recommend running a scan using a reliable and multilayered security solution to locate the malicious activity.
This approach can also be applied to microphones, which might also be targeted by spyware.
by Ondrej Kubovic, ESET We Live Security