If your PC or laptop is running slow, or strange windows keep popping up as you browse about Windows, your PC may well have been infected by a virus, spyware or one of the myriad other types of malware that proliferate on the web.
We show you how to remove malware from a PC or laptop. How to clean up your PC after infection by a virus or spyware, or any of the other net nasties out there. We'll start, however, by giving you some quick and basic advice on prevention. (This is particularly important in light of recent news stories. You may also wish to read: Windows users: how to protect your PC from Gameover ZeuS and Cryptolocker.)
How to remove a virus: prevention
Check now: do you have on your PC internet security software that includes up to date firewall, antivirus and antispyware. That is the very least you need in your security arsenal. The easiest way to get such security on your PC is to purchase an internet security suite. Read our internet security software reviews and Group test: what's the best security software? for information on the best products. (Windows 8 and Windows 10 both have basic antivirus installed, but you are always better off investing in something more robust.)
Incidentally, if you do have up-to-date security software and you still think you are infected, simply running a scan is a good first step, but it is likely it won't solve the problem. Once installed any malware worth its salt will be able to disable your antivirus. (Security software to a greater or lesser degree prevents infection, but if your security software has already failed, it is unlikely alone to be able to solve the problem. Remember, no antivirus program can detect 100 percent of the millions of malware types and variants, particularly given the fact that literally thousands of new threats spring up each day.)
Similarly returning to an older System Restore point might help, but the chances are the malware will be ahead of this trick. (System Restore is a useful trick to know, however. See also: How to use System Restore to fix a Windows PC or laptop.)
So let's assume you have been infected. Follow the steps below to sort things out. Carry them out in order and it is likely you won't need step 4.
How to remove a virus 1: enter Safe Mode
First, do no harm. You need to disconnect your PC or laptop from the internet. Do so by unplugging any wired connections, and switching off Wi-Fi on your laptop. Now we're going to boot into Windows' Safe Mode. This is a version of Windows that runs without many of the programs and processes required by full Windows. It will allow you to use your PC without doing any more damage, and it should help you to find out what the problem is. Malware won't run in Safe Mode.
To boot into Windows Safe Mode in Windows 7, Windows Vista or Windows XP, first shut down your PC. Turn on your PC and as soon as you see anything on the screen press the F8 key repeatedly. You'll now see the Advanced Boot Options menu. Select Safe Mode with Networking and press Enter.
Windows 8 and Windows 10 are a little different. Windows 8 and Windows 10 PCs start up quickly so there's not enough time to press F8. For Windows 8 and Windows 10, at the Windows login screen, simply choose restart and hold down the Shift key. You will arrive at the windows with options to troubleshoot your system from which you can select to boot in Safe Mode.
Of course most people who need Safe Mode will already have a problem with their PC. If you are already logged in and can see only a black screen, hit CTRL, ALT, DEL to bring up the selection screen, and choose logout, restart. Then hold down the Shift key and you will be taken to the window via which you can choose Safe Mode.
See our story: how to boot Windows in Safe Mode.
How to remove a virus 2: delete temporary files
This step isn't critical, but it can help. Deleting temp files will speed up virus scanning, free disk space and may even delete malware. Select Start, All Programs (or just Programs), Accessories, System Tools, Disk Cleanup. And choose to delete temporary files.
How to remove a virus 3: download and run Malwarebytes...
As discussed above you need to use a different malware scanner to that which you have installed, since your current antivirus software hasn't detected the malware. So now we're going to use an on-demand scanner, which searches for malware infections only when you open the program manually and run a scan. The benefit here is that you can run an on-demand scanner alongside the real-time security software we discussed at the outset.
We're going to use the Malwarebytes Anti-Malware free on-demand scanner. To get started, reconnect to the web so you can download, install, and update Malwarebytes; but disconnect from the internet again before you start scanning. To be entirely safe the best process is to download Malwarebytes on another computer, save it to a USB flash drive, and take the flash drive to the infected computer.
After downloading Malwarebytes, run the setup file and follow the wizard to install the program. Once installed, Malwarebytes will check for updates and launch the app itself. If you get a message about the database being outdated, select Yes to download the updates and then click OK when prompted that they have been successfully installed.
Once the program opens, keep the default scan option ('Perform quick scan') selected and click the Scan button.
Though it offers a full-scan option, Malwarebytes recommends that you perform the quick scan first, as that scan usually finds all of the infections anyway. Depending on your computer, the quick scan can take anywhere from 5 to 20 minutes, whereas the full scan might take 30 to 60 minutes or more. While Malwarebytes is scanning, you can see how many files or objects the software has already scanned, and how many of those files it has identified either as being malware or as being infected by malware.
If Malwarebytes automatically disappears after it begins scanning and won't reopen, you probably have a rootkit or other deep infection that automatically kills scanners to prevent them from removing it. Though you can try some tricks to get around this malicious technique, you might be better off reinstalling Windows after backing up your files (as discussed later), in view of the time and effort you may have to expend to beat the malware.
If Malwarebytes' quick scan doesn't find any infections, it will show you a text file containing the scan results. If you still think that your system may have acquired some malware, consider running a full scan with Malwarebytes and trying the other scanners mentioned earlier. If Malwarebytes does find infections, it'll bring up a dialog box warning you of the discovery. To see what suspect files the scanner detected, click the Scan Results button in the lower right. It automatically selects to remove the ones that are known to be dangerous. If you want to remove other detected items, select them as well. Then click the Remove Selected button in the lower left to get rid of the specified infections.
After removing the infections, Malwarebytes will open a text file listing the scan and removal results; skim through these results to confirm that the antivirus program successfully removed each item. Malwarebytes may also prompt you to restart your PC in order to complete the removal process, which you should do.
If your problems persist after you've run the quick scan and it has found and removed unwanted files, consider running a full scan with Malwarebytes and the other scanners mentioned earlier. If the malware appears to be gone, run a full scan with your real-time antivirus program to confirm that result. Then jump to step 5. If not...
How to remove a virus 4: ...or use a virus removal device such as the FixMeStick
This step requires you to shell out some cash. But it will be worth it if Malwarebytes hasn't solved your problem. Sometimes simply going online to download software - even security software - opens up your PC or laptop to more pain. So using a bootable USB stick with pre-installed security software is a good way of scanning and cleaning your PC without going online. To create one you just have to download and install a security software package to a USB disk. (If you are reading this story and you don't have a virus problem, this wouldn't be a terrible idea.)
Trouble is: unless you are the network admin for an office, you are unlikely to have such a disk to hand.
FixMeStick is an easy to use 'plug and play' antivirus USB stick. It's ideal in this scenario: perfect for anyone wanting a no fuss antivirus solution for multiple devices, without having to venture online to download and install software. It isn't cheap, however. It costs £45 per stick, but the device can at least be used on up to three PCs or Macs per year. If you find yourself regularly rescuing PCs and laptops for unsavvy friends and family, it may be worth a punt.
In essense FixMeStick is a self-bootable USB device which operates in its own clean environment, identifying viruses and malware such as spyware, Trojans, ransomware and so on. It includes security software from Sophos, Kaspersky and Vipre. Plug it in and start scanning for viruses and malware. What it finds it can clean.
You can buy the FixMeStick from Amazon.
How to remove a virus 5: after the event
Your PC should now be free of malware. But that may not free you from the after effects of the infection. You may find, for instance, that your web browser defaults to a weird search engine and has a home page you didn't choose. You can solve this by following the steps in our 'How to remove unwanted web browser toolbars' piece.
More importantly, you should change all your passwords, and login details for anything that contains sensitive information. Remember that this includes email and social media accounts. Visit Security Advisor.