How to clean malware from your PC
Your PC or laptop is running slow. Perhaps fans and lights are doing things when they shouldn't, suggesting that your computer is working on things about which you know nothing. And strange windows keep popping up as you browse about Windows. If any or all of these symptoms is occurring, or something just doesn't seem right, your PC may well have been infected by a virus, spyware or one of the myriad other types of malware that proliferate on the web.
In this feature we show you how to remove malware from a PC. How to clean up your PC after infection by a virus or spyware, or any of the other net nasties out there. We'll start, however, by giving you some quick and basic advice on prevention.
How to get rid of malware: prevention
Check now: do you have on your PC internet security software that includes up to date firewall, antivirus and antispyware. That is the very least you need in your security arsenal. The easiest way to get such security on your PC is to purchase an internet security suite. Read our internet security software reviews and Group test: what's the best security software? for information on the best products.
Incidentally, if you do have up to date security software and you still think you are infected, simply running a scan is a good first step, but it is likely it won't solve the problem. Once installed any malware worth its salt will be able to disable your antivirus. (Security software to a greater or lesser degree prevents infection, but if your security software has already failed, it is unlikely alone to be able to solve the problem. Remember, no antivirus program can detect 100 percent of the millions of malware types and variants.)
Similarly returning to an older System Restore point might help, but the chances are the malware will be ahead of this trick. See also: How to use System Restore to fix a Windows 8 PC or laptop.
So let's assume you have been infected. Follow the steps below to sort things out.
How to get rid of malware 1: Enter Safe Mode
First, do no harm. You need to disconnect your PC or laptop from the internet. Do so by unplugging any wired connections, and switching off Wi-Fi on your laptop. Now we're going to boot into Windows' Safe Mode. This is a version of Windows that runs without many of the programs and processes required by full Windows. It will allow you to use your PC without doing any more damage, and it should help you to find out what the problem is. Malware won't run in Safe Mode.
To boot into Windows Safe Mode in Windows 7, Windows Vista or Windows XP, first shut down your PC. Turn on your PC and as soon as you see anything on the screen press the F8 key repeatedly. You'll now see the Advanced Boot Options menu. Select Safe Mode with Networking and press Enter.
For Windows 8, at the Windows 8 login screen, simply choose restart and hold down the Shift key. You will arrive at the windows with options to troubleshoot your system from which you can select to boot in Safe Mode.
Of course most people who need Safe Mode will already have a problem with their PC. If you are already logged in and can see only a black screen, hit CTRL, ALT, DEL to bring up the selection screen, and choose logout, restart. Then hold down the Shift key and you will be taken to the window via which you can choose Safe Mode.
See our story: how to boot Windows 8 in Safe Mode.
How to get rid of malware 2: Delete temporary files
This step isn't critical, but it can help. Deleting temp files will speed up virus scanning, free disk space and may even delete malware. Select Start, All Programs (or just Programs), Accessories, System Tools, Disk Cleanup. And choose to delete temporary files.
How to get rid of malware 3: Download and run Malwarebytes
As discussed above you need to use a different malware scanner to that which you have installed, since your current antivirus software hasn't detected the malware. So now we're going to use an on-demand scanner, which searches for malware infections only when you open the program manually and run a scan. The benefit here is that you can run an on-demand scanner alongside the real-time security software we discussed at the outset.
We're going to use the Malwarebytes Anti-Malware free on-demand scanner. To get started, reconnect to the web so you can download, install, and update Malwarebytes; but disconnect from the internet again before you start scanning. To be entirely safe the best process is to download Malwarebytes on another computer, save it to a USB flash drive, and take the flash drive to the infected computer.
After downloading Malwarebytes, run the setup file and follow the wizard to install the program. Once installed, Malwarebytes will check for updates and launch the app itself. If you get a message about the database being outdated, select Yes to download the updates and then click OK when prompted that they have been successfully installed.
Once the program opens, keep the default scan option ('Perform quick scan') selected and click the Scan button.
Though it offers a full-scan option, Malwarebytes recommends that you perform the quick scan first, as that scan usually finds all of the infections anyway. Depending on your computer, the quick scan can take anywhere from 5 to 20 minutes, whereas the full scan might take 30 to 60 minutes or more. While Malwarebytes is scanning, you can see how many files or objects the software has already scanned, and how many of those files it has identified either as being malware or as being infected by malware.
If Malwarebytes automatically disappears after it begins scanning and won't reopen, you probably have a rootkit or other deep infection that automatically kills scanners to prevent them from removing it. Though you can try some tricks to get around this malicious technique, you might be better off reinstalling Windows after backing up your files (as discussed later), in view of the time and effort you may have to expend to beat the malware.
If Malwarebytes' quick scan doesn't find any infections, it will show you a text file containing the scan results. If you still think that your system may have acquired some malware, consider running a full scan with Malwarebytes and trying the other scanners mentioned earlier. If Malwarebytes does find infections, it'll bring up a dialog box warning you of the discovery. To see what suspect files the scanner detected, click the Scan Results button in the lower right. It automatically selects to remove the ones that are known to be dangerous. If you want to remove other detected items, select them as well. Then click the Remove Selected button in the lower left to get rid of the specified infections.
After removing the infections, Malwarebytes will open a text file listing the scan and removal results; skim through these results to confirm that the antivirus program successfully removed each item. Malwarebytes may also prompt you to restart your PC in order to complete the removal process, which you should do.
If your problems persist after you've run the quick scan and it has found and removed unwanted files, consider running a full scan with Malwarebytes and the other scanners mentioned earlier. If the malware appears to be gone, run a full scan with your real-time antivirus program to confirm that result.
How to get rid of malware 4: After the event
Your PC should now be free of malware. But that may not free you from the after effects of the infection. You may find, for instance, that your web browser defaults to a weird search engine and has a home page you didn't choose. You can solve this by following the steps in our 'How to get rid of Babylon Search toolbar' piece.
More importantly, you should change all your passwords, and login details for anything that contains sensitive information. Remember that this includes email and social media accounts. Visit Security Advisor.