PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

How to Remove Malware From Your PC

Got virus problems on your Windows PC? Follow these steps, and you may be back in working order in no time.

It should be drilled into you by now: Use antivirus software. These programs—from free tools and paid antivirus software up to major security suites—keep tabs on your Windows PC with scans, real-time monitoring, even heuristic analysis of files and processes so that new threats can be identified. It's imperative, especially with Windows, that you have antivirus installed.

However, even the best antivirus isn't 100% foolproof. A device already compromised by malware could get on your network, people can personally place malware on a system, and some malware sits there, dormant, waiting to come to life and attack. Social engineering and phishing schemes can trick people (you) into clicking on or downloading an infected link or attachment. Hell, there are even rogue scareware programs that look like antivirus or antispyware, but when you install them, you get infected! Always download from the source—avoid third-party download sites.

Sometimes, it's hard to tell when you've been hit by malware, and almost impossible to tell what kind (be it spyware, a trojan horse, ransomware, you name it). There are plenty of signs you should keep an eye out for—incredibly slow performance where once the PC zipped along, browser pop-ups when no browser is even open, scary warnings from security programs you didn't install, even ransom demands.

If you suspect, or know with absolute certainty, that you've got a malware infection, here are the steps to take, immediately, to remove the malware.

(Note that if you do get a ransom demand, the ransomware involved may have already encrypted your files. The solutions below may eradicate the ransomware, but there's no guarantee you'll get access back to the data. So make sure you've got a constant backup of your files, to the cloud or otherwise.)


Update Your Antivirus

First, make sure your antivirus software is fully updated with the latest virus definitions—that's how the software identifies malware, based on what has come before. Antivirus vendors are constantly renewing these lists as they encounter new viruses and Trojans in the wild and in the lab. If your software is even a day out of date, you run the risk of infection.

If you have Windows 10 or 11, you always have free virus/threat protection in the form of Microsoft Defender Antivirus. It's had or has other names like Windows Security, Windows Defender, and even once went by Microsoft Windows Defender Security Center (Microsoft is genuinely terrible at naming things). Microsoft Defender is certainly better than nothing and gets updated by Windows Update. But it's far from perfect. We suggest you immediately download one of our top-rated best free antivirus programs: Kaspersky Security Cloud Free or Avast One Essential.

If you need to fix an infected PC for a business, you or the boss should spend the money to get a full security suite. Our Editors' Choice options today are Kaspersky Security Cloud, Kaspersky Internet Security, Bitdefender Internet Security, Bitdefender Total Security, and Norton 360 Deluxe. All of the above earned 4.5-star reviews. They range from barebones (but complete) suites, to mega-suites bursting with features, to cross-platform suites that protect all your devices—not just Windows.

With suite software onboard, perform a deep, thorough scan. Let it run for as long as it takes, and hope that it finds and fixes the problem. That's your best-case scenario.

The problem is, if the malware is good at its job, then it probably deactivated your antivirus to get there in the first place.


Revert, Reboot, Scan, and Re-scan

If you've got System Restore points set in Windows, use this opportunity to reset the system when malware attacks and can't be fixed, which could do the trick, if you're lucky.

Reboot directly to the built-in Windows Security that comes with Windows 10/11. Go to Settings > Update & Security > Windows Security > Virus & threat protection. If you are running a third-party antivirus, you'll see it here, plus an option to activate Microsoft Defender for "periodic scans" that won't interfere with the real-time work of your installed antivirus. It can't hurt.

Once Microsoft Defender is activated even for just periodic scans, look for Scan Options. Click it and check the box next to Microsoft Defender Offline Scan. After a reboot, it'll do about a 15-minute scan to look for "rootkits and other highly persistent malware," according to Microsoft.

Microsoft Defender Offline Scan

Still feeling infected? If you've got a remote access trojan (aka a RAT) aboard your PC, potentially someone is remotely accessing your PC. That's bad news. Likewise, if you've caught some ransomware, you don't want it encrypting files you back up to the cloud automatically. Take a deep breath and get off the internet. Pull the Ethernet on the PC, turn off the Wi-Fi, unplug the router. Guarantee that the PC is disconnected. Make sure it's not using Wi-Fi from a neighbor or nearby business to stay online on the side. Then, attempt some antivirus scans.

Didn't work? Reboot Windows again, but in a way that won't let the malware get restarted as well. Try going into the minimalized Windows interface called Safe Mode (here's how). Run a scan from there and it may work.

While you're in Safe Mode, delete any temporary files. They permeate Windows even after a short time using the operating system and could be hiding malware. At the Start menu (tap the Windows key), type in Disk Cleanup; it'll check the C: drive for what you can safely delete among all the temps.

If Windows is compromised beyond usability—it might not even let you in—get around the OS by booting directly into the antivirus software. Use a bootable program, sometimes called a "Live CD" or "rescue CD"—though these days, you'll typically do it with a USB flash drive. To be safe, set that drive up right now, while your PC is healthy.

What, you're still viral? Run an on-demand antivirus scanner: Malwarebytes Free is highly recommended; it will give you a couple weeks to try the premium version for regular background protection, but even the limited free version works fine for one-time deep scans. Norton Power Eraser (also free) is another option.

Malwarebytes Free scan

These options are sometimes called a "second opinion malware scanner," because they are the second line of detection if your initial antivirus can't take care of the problem. They don't do real-time protection—you run them manually as a cleanup. Have one handy on a USB drive for the day you need it. Norton Power Eraser, for example, comes in a "portable" version that doesn't require a full Windows installation procedure. It will, however, reboot your system as it roots out rootkits. There are many portable security apps you can put on a USB drive sans direct installation.

Want to be thorough? Try a mix! Hopefully, they'll do the trick and your PC is back to normal after the Safe Mode scans (reboot the PC in between). Second-opinion scanners won't conflict like real-time antivirus sometimes can if you install more than one, since you should run each portable program's scan individually.


The Nuclear Option(s)

You might be a little nervous about using Norton Power Eraser, with good reason. It comes with a warning that it's as aggressive as hell when it goes after a problem, and therefore the risk of collateral damage is high. The warning says specifically, "It may mark a legitimate program for removal." Yipe.

Norton Power Eraser

Risking a few programs is worth it compared with running the full Windows 10/11 factory resetWindows 10/11 factory reset. Or performing the true "nuclear" option of reformatting your hard drive and reinstalling the operating system and all programs (you do have an image of your clean Windows install backed up that you can use for restoration, right?). Doing that is less and less of a necessity, especially compared with the dark days prior to Windows 7, but it remains a viable method of resetting a system to be malware-free.

Windows Recovery options make it easy to reset a PC so the operating system gets a reinstall without losing any data (you'll have to reinstall programs), or do a full Fresh Start back to a pristine stateFresh Start back to a pristine state. To be honest, a fresh start is a good idea every few years or so anyway.

Dealing successfully with a viral PC infection is like being at home after you've been burglarized; it takes a while to feel safe again. Take steps as you would after being robbed: Enhance your security. Get the best, highest-rated security suite you can afford, read up on how to avoid getting scammed/phished, and then go on a purge: Uninstall any programs you're not using on a regular basis or don't trust. Be ruthless. Let's be careful out there.

About Eric Griffith