Tbh the advice provided is already pretty accurate, as to how; there's a non zero chance that a friend may have sent you a RAT (remote admin tool/remote access Trojan), these are basically the best back door to someone's computer you can have, normally you want to have physical access to someone's computer to install them or have a user run it with elevated privileges, (there are other ways as well, such as spoofing a jpg, other methods of remote code execution). These tools will allow you to access there computer, files, keylog, steal passwords, send popups, open and close the disk tray plus basically anything else you could do with access to the computer.
Basically follow other people's advice in regards to undoing this.
A literal caltrop