How to Remove Malware from Your Computer Step-by-Step
This short guide gives a clear, prioritized workflow to contain threats and recover a healthy computer fast.
First, disconnect the device from the internet and stop any suspicious apps. That containment step blocks data leaks and cuts off remote control.
Next, boot into Safe Mode and check Task Manager (Windows) or Activity Monitor (Mac) for odd processes. Then run a reputable antivirus scan and follow prompts to remove malware.
Clear caches and temporary files, reset affected browsers to defaults, and update operating system components and key software. If threats persist, consider deeper options like factory reset or vendor-guided reinstall.
We focus on practical actions you can take now, and on using official tools such as Microsoft’s removal utilities or verified apps in the store to avoid reinfection. Follow each step calmly and back up important data when possible.
Key Takeaways
- Start by isolating the device to stop data loss.
- Use Safe Mode and process checks to find suspicious activity.
- Scan with trusted antivirus tools and clear temporary files.
- Reset browsers and keep the operating system updated.
- Escalate to full reinstall or vendor tools if problems persist.
Recognize Malware Symptoms Before You Start
Recognizing warning signs on a device lets you prioritize fixes fast. Spotting patterns of odd behavior helps you decide which steps to take first.
Device red flags include sustained slow performance, apps that crash or freeze, and sudden drops in available storage. Also check whether antivirus or security software has stopped running or updating.
Browser warning signs are persistent pop-ups, new tabs or redirects, and unwanted extensions that return after removal. Verify if your homepage or default search changed without permission.
Account clues include unexpected sign-outs, suspicious emails or messages sent in your name, or contacts reporting odd links from you. Treat overlapping symptoms as higher risk.
| Symptom | Likely area | What to check |
|---|---|---|
| Slow performance | Device | CPU, memory, running apps |
| Rapid storage loss | System storage | Large files, temp folders, hidden logs |
| Pop-ups & redirects | Browser | Extensions, homepage, default search |
| Unauthorized emails/messages | Accounts | Account activity, recent sign-ins |
Immediate Actions to Contain the Threat
Immediately cut network access so the threat cannot phone home or spread across your local network.
Disconnect the device from Wi‑Fi and unplug ethernet. This halts data exfiltration and blocks command‑and‑control traffic that could worsen the incident.
Power down external drives and eject USB peripherals unless they are needed for recovery. That step reduces cross‑contamination risks.
Enter Safe Mode to limit startup services
Next, enter Safe Mode to start the system with only essential drivers and services. Safe mode often prevents active threats from auto‑starting and makes them easier to spot.
- Note which login items or startup services fail to load — these clues point to persistence mechanisms.
- Avoid launching nonessential apps or a browser while in safe mode to keep the environment controlled.
- Do not change critical settings unless required; containment comes before deep remediation.
| Action | Why it helps | Next step |
|---|---|---|
| Disconnect network | Stops data leaks and remote commands | Prepare offline scans or clean tools |
| Eject external drives | Prevents spread to removable media | Quarantine and scan drives later |
| Enter Safe Mode | Limits active services and malware start | Run resource checks and offline antivirus |
Remove Malware from Your Computer on Windows
Begin with a controlled reboot to a minimal Windows environment so only essential services run. This helps you spot and stop persistent infection methods before they restart.
Enter Safe Mode: open Settings (Windows + I) > Update & Security (Windows 10) or System (Windows 11) > Recovery > Advanced startup > Restart now. After restart choose Troubleshoot > Advanced options > Startup Settings > Restart, then press 4 (F4) for Safe Mode or 5 (F5) for Safe Mode with Networking.
Spot suspicious processes
Press Ctrl + Shift + Esc to open Task Manager. Sort by CPU, Memory or Disk to find apps with abnormal spikes.
Right-click a suspect process, open file location and check its digital signature and path. Unknown executables in Temp or odd user folders are red flags.
Scan and clean
Run a full scan with your trusted antivirus. If the main solution is blocked, use Microsoft Safety Scanner or Windows Defender Offline for an out-of-band cleanup.
“Use official tools first; MSRT and Windows Defender tools target common threats and can repair certain changes.”
Clear temp files and storage
Open Settings > System > Storage. Toggle Storage Sense on, configure cleaning options, then click Clean now to delete temporary files and reduce persistence locations.
| Action | Why it helps | Where to find it |
|---|---|---|
| Enter Safe Mode | Stops auto-start and limits services | Settings > Recovery > Advanced startup |
| Task Manager scan | Identifies high-resource or unknown processes | Ctrl + Shift + Esc |
| Full antivirus scan | Quarantines or deletes detected threats | Your antivirus app or Microsoft tools |
| Storage Sense | Deletes temp files and clears cache | Settings > System > Storage |
- Disable unfamiliar startup entries in Task Manager > Startup.
- Uninstall suspicious apps in Settings > Apps; log any items that resist removal.
- Keep a short record of scans, quarantined files, and actions taken for follow-up.
Remove Malware on Mac with Built‑In Tools and Scanners
On a Mac, start with a Safe Boot so the system loads only essential drivers and launch agents.
Intel Macs: restart and hold the Shift key to enter Safe Mode. Apple silicon: hold the power button on startup, choose Options, then select Safe Boot.
Check Activity Monitor for odd CPU or memory use
Open Launchpad > Activity Monitor and sort by CPU or Memory to spot abnormal spikes. High, sustained use by unknown items often signals infection.
Double‑click a suspect process and click the Quit (X) icon, then use the process’ path to find related launch items or login entries in Settings.
Delete temporary files and run a scan
To delete temporary files, open Finder, press Shift + Command + G, enter ~/Library/Caches, then select and Command + Delete folders that look stale.
Run a reputable macOS scanner for a full system scan. Keep definitions up to date and follow quarantine or delete prompts exactly.
When your main antivirus may be impaired
If an already antivirus program missed detections or is blocked, run a second trusted scanner. You may need to uninstall the first product temporarily to let the alternative tool work.
- Review Login Items in System Settings and remove unknown entries.
- Record processes stopped and files quarantined so you can recheck after a normal restart.
Reset and Secure Your Web Browser
If web pages keep redirecting or show unexpected ads, restore browser defaults and remove untrusted add-ons. This stops browser hijackers that can reapply altered settings and help protect your device.
Chrome: clear settings and extensions
Open Chrome, click the three vertical dots in the top right, then choose Settings. Go to Reset settings > Restore settings to their original defaults and confirm.
After you click restore settings, re-enable only extensions you trust. Unfamiliar extensions can reload adware or change search and homepage values.
Safari: verify homepage and search
On macOS Safari, open Settings > General. Check “New windows open with” and “New tabs open with” and set a clean homepage and default search.
Remove unfamiliar items in Extensions and install add-ons only from the official App Store.
“A browser reset is a quick, high‑impact step to reclaim normal web behavior.”
- If the menu in the top right corner is missing, update the browser and repeat the reset.
- If redirects persist, create a fresh user profile and sync only after a full system scan.
Update Your Operating System and Do a Security Checkup
After cleaning core threats, the next critical step is to bring the operating system and apps fully up to date. Patching closes security holes attackers use to return. Make updates part of the recovery workflow so fixes apply before you reconnect widely.
Windows updates: On Windows 11 open Settings > Windows Update and select Check for updates. You can enable the toggle to get the latest improvements sooner. On Windows 10 go to Settings > Update & Security > Windows Update and install all critical patches.
Update macOS and key applications
On a Mac open System Settings and run Software Update to refresh the kernel, frameworks, and bundled apps. Also update browsers, PDF viewers, and messaging apps—these are common attack targets.
Run a security checkup for accounts
Visit myaccount.google.com/security-checkup to review sign-ins, revoke risky app access, and confirm 2‑Step Verification. Fix account issues immediately to prevent credential reuse across devices.
- If an update fails, reboot and retry or use Windows Update Troubleshooter.
- Schedule automatic updates so the device stays patched with minimal manual work.
- After updates, verify that critical services run normally and no new warnings appear in notifications.
“Keeping the operating system and apps current reduces the chance that past exploits can be reused.”
Advanced Windows Tools for Tough Infections
If threats resist regular cleanup, advanced Microsoft tools can target common families and undo harmful changes.
MSRT (Malicious Software Removal Tool) runs monthly via Windows Update and is also available as a standalone download. It removes prevalent malware families and can reverse some malicious changes.
Use Microsoft’s Malicious Software Removal Tool (MSRT) for prevalent threats
Launch the standalone MSRT with command switches for control: /Q for quiet, /N for detect‑only, /F for extended scan, and /F:Y for extended scan with automatic cleaning.
When to use Windows Defender Offline or Microsoft Safety Scanner
For stubborn or rootkit‑style infections, boot into safe mode and run Windows Defender Offline to scan outside the active system. Microsoft Safety Scanner is a no‑install, on‑demand option when resident protections may be tampered with.
“Combine MSRT, Defender Offline, and Safety Scanner for broad, layered detection and cleanup.”
| Tool | Best for | Notes |
|---|---|---|
| MSRT | Common, widespread families | Monthly via Windows Update or standalone; use /F:Y for auto‑clean |
| Windows Defender Offline | Rootkits and stealthy threats | Runs outside active Windows; boot required |
| Microsoft Safety Scanner | Quick second opinion | No install; run from clean media to check tampered installs |
- Keep removable drives disconnected during scans to avoid spread.
- After scans, review logs and check persistence points like services and scheduled tasks.
- If credential‑stealers are found, change passwords on a clean device and enable multi‑factor authentication before reconnecting the affected system.
If You Still See Signs of Malware
If scans and repairs fail, consider wiping the system and reinstalling the operating software to fully restore integrity. This step is the most reliable way to stop persistent infections that hide in core files or recovery partitions.
Factory reset and OS reinstall for Windows and macOS
On Windows 10 go to Settings > Update & Security > Recovery > Get started (Reset this PC). On Windows 11 use Settings > System > Recovery > Reset PC. Follow prompts to remove everything if the issue persists.
On macOS, boot to Recovery, open Applications > Utilities > Disk Utility, erase the system volume, then reinstall macOS. Erasing before reinstall helps remove deeply embedded components.
Mobile notes: Android and Chromebooks
For Android, update the OS, enable Google Play Protect (Verify Apps), and uninstall untrusted apps. Run a factory reset if suspicious behavior continues.
Chromebook users should remove suspicious extensions and apps and confirm installs only come from the official Chrome Web Store. A powerwash (factory reset) clears user data and often ends reinfection cycles on the web.
- Restore only from backups made before the compromise to avoid reintroducing threats.
- Document persistent issues so you can confirm they vanish after the reset.
- After reinstall, immediately apply operating updates, install trusted antivirus, and scan restored archives.
“Avoid logging into sensitive accounts on the affected device until you finish the reinstall and reapply protections.”
Conclusion
Wrap up the process with a deliberate review of all key settings, installed software, and active extensions.
Follow the clear step sequence: isolate the device, use Safe Mode, inspect processes, run full scans, clear caches, reset your browser, and apply updates.
If issues persist, use advanced Windows tools or perform a clean OS reinstall. Mac users can rely on Safe Boot, Activity Monitor, cache cleanup, and a trusted scanner to remove malware mac.
Make browser hygiene routine: audit extensions, confirm default search, and check web browser preferences after changes. Regular updates and account security checks build long‑term resilience.
FAQ
How can I tell if my device is infected?
Look for slow performance, sudden storage drops, apps crashing, unexpected sign-outs, or messages sent from your account. In web browsers, watch for frequent pop-ups, new toolbars, unwanted search engines or a changed homepage. These signs often indicate unwanted software or a compromised system.
Should I disconnect my device from the internet right away?
Yes. Disconnecting stops data exfiltration and prevents the threat from spreading to other devices on the same network. Use airplane mode, unplug Ethernet, or turn off Wi‑Fi before running scans or repairs.
How do I start Windows in Safe Mode?
Go to Settings > Recovery > Advanced startup and choose Restart now. After reboot, select Troubleshoot > Advanced options > Startup Settings and enable Safe Mode. This limits startup services and helps prevent active threats from running.
What should I check in Task Manager?
Look for unfamiliar processes using high CPU, memory, or disk. Right‑click suspicious entries to open file locations and search their names online. End tasks only when you’re sure they’re malicious or after documenting them for further analysis.
Which scanning tools should I use on Windows?
Run your installed antivirus first. Use Microsoft Defender or Microsoft Safety Scanner for a second opinion. For widespread threats, Microsoft’s Malicious Software Removal Tool (MSRT) and Windows Defender Offline can detect and remove persistent infections.
How do I clear temporary files on Windows?
Use Storage Sense (Settings > System > Storage) or Disk Cleanup to remove temporary files and caches. Deleting these files removes hiding places for malicious code and can improve scan effectiveness.
How do I boot a Mac into Safe Boot?
On Intel Macs, restart and hold the Shift key. On Apple silicon, shut down, press and hold the power button until startup options appear, then select your disk while holding Shift. Safe Boot limits extensions and helps with troubleshooting.
What to look for in Activity Monitor on macOS?
Watch for processes with unusually high CPU or memory usage and processes with unfamiliar names. Use the Inspect tool to view open files and network activity, and search process names online before quitting or deleting them.
How do I reset Chrome to default settings?
Click the three vertical dots in the top right, choose Settings, then Reset settings > Restore settings to their original defaults. This removes unwanted extensions, restores your homepage, and resets search engines without deleting bookmarks.
How do I secure Safari if it’s acting oddly?
Open Safari > Preferences and review the General and Extensions tabs. Set your preferred homepage and search engine, remove untrusted extensions, and clear history and website data to remove injected scripts or cookies.
Should I update my operating system after an infection?
Yes. Apply OS and app updates to patch vulnerabilities attackers exploit. On Android and Chromebooks, update from official app stores and apply system updates via Settings to close security gaps.
When should I consider a factory reset or OS reinstall?
If persistent symptoms remain after scans and remediation, a factory reset or clean OS reinstall may be necessary. Back up important data first, scan backups for threats, and use official installation media or recovery tools.
What steps help protect my accounts after an infection?
Change passwords from a clean device, enable two‑factor authentication, and run Google Security Checkup or similar account security tools. Review recent activity for unauthorized access and revoke unknown device sessions.
How do I handle Android or Chromebook infections?
Uninstall suspicious apps through Settings > Apps, review permissions, and only reinstall from Google Play or the Chrome Web Store. If issues persist, consider a factory reset and update the device software to the latest version.
Can browser extensions hide malware?
Yes. Malicious or compromised extensions can redirect searches, inject ads, or harvest data. Remove untrusted extensions, reinstall only from official extension stores, and review extension permissions regularly.
Are third‑party macOS scanners safe to use?
Use reputable vendors with positive reviews and clear privacy policies. Follow quarantine prompts and allow full disk access only when necessary. Built‑in tools plus a trusted scanner give broader detection coverage.
