Remove Malware

This wikiHow teaches you how to scan for (and remove) malware from your PC or Mac without purchasing additional software. Windows comes with a free antivirus/anti-malware tool called Windows Defender that works great to remove viruses, adware, and spyware. If malware is preventing you from running a scan, you can use the Malicious Software Removal Tool, which can be downloaded from Microsoft. Mac malware can be removed by dragging the app to the Trash.

Steps

Using Windows Defender for Windows 10

1. Consider the symptoms of malware. If you're experiencing any of the following symptoms, use this method to help you scan (and remove) spyware, adware, and/or virus infections from your PC:
   • Unexpected system crashes and BSOD (Blue Screen of Death).
   • Your web browser keeps getting redirected to pages you didn't click.
   • You see apps and toolbars that you didn't install.
   • You see pop-up windows claiming you must pay money or bitcoin to regain access to your files.
   • Random network activity with heavy bandwidth usage.
   • You see a pop-up that says you have to download some file to fix an issue on your computer.
   • Your computer is running extra slow for no good reason with excessive hard drive activity.
   • Apps, tools and antivirus on your computer are disabled (or you get an error when trying to run them).
   • When using a browser, your computer redirects to a webpage.
   • Your browser opens randomly and you didn't open it.
2. Click the Start Template:Windows menu. It's usually at the bottom-left corner of the screen.^[1]
3. Click Settings Template:Windows. It's near the bottom-left corner of the menu.
4. Click Template:MacButton. It's near the bottom of the menu.
5. Click Template:MacButton. It's in the left panel.
6. Click Template:MacButton. It's the button at the top of the right panel.
7. Click Template:MacButton. It's at the top of the left panel.
8. Check for updates. This is super important, as you'll need the latest definition files to detect and remove the malware.
   • Click Check for updates under the "Virus & threat protection updates" header near the bottom.
   • Click the Check for updates button on the next screen.
   • When the process is finished, the "Last update" date should reflect the current date and time.
9. Click Template:MacButton. It's beneath the "Quick scan" button under the "Current threats" header. This opens a list of malware scanning options.
   • Windows Defender is set to protect your computer automatically by default. If threats have already been detected, follow the on-screen instructions under "Current threats" to get rid of the malware.
10. Select Template:MacButton. It's the last option in the right panel.
    • Use this article on Perform-an-Offline-Scan-with-Windows-10-Defender.
11. Click Template:MacButton. It's at the bottom of the right panel. Windows Defender will now scan your computer for malware. When the scan is finished, your computer will reboot. Continue to the next step once the computer comes back up.
12. Return to the Template:MacButton screen. Follow the same steps as you did a moment ago to navigate to this part of your settings. If threats were found, you'll see the number and a description under the "Scan options" header at the top.
    • If no threats were found, there's no need to continue with this method.
13. Click Template:MacButton. It's under the description of found threats. This displays more information about what was found in the scan.
    • If malware was found, Windows Defender will usually quarantine it automatically. You'll see the name of the malware under the "Quarantined threats" header.
14. Click Template:MacButton. It's under the "Quarantined threats" header.
15. Follow the on-screen instructions to complete the removal. Once you've removed all of the malware, you should see "No threats" under the "Quarantined threats" header.

Using the Malicious Software Removal Tool for Windows

1. Go to the Microsoft Malicious Software Removal Tool page. You can do this by visiting https://www.microsoft.com/en-us/download/malicious-software-removal-tool-details.aspx in a browser.
   • Use this method if you are unable to run a scan or update your anti-malware tool. You can also use this method if your usual anti-malware tool failed to fix the issue.
   • If you can't use a web browser or connect to the internet on the infected PC, download the tool to a working computer, follow the download steps on a working computer. You can then copy or burn the tool to removable media and insert that into the infected PC.
2. Click Template:MacButton. It's the red button near the center of the page.
   • If you see a screen that displays recommended downloads, remove the check marks from each download, then click No thanks and continue to DirectX End-User Runtime Web Installer at the bottom-right corner.
3. Save the tool to your computer. Select the Downloads folder if not already selected, and then click Save to start the download.
4. Copy the tool to removable media (if you're using a different PC). If you are downloading the tool on a different computer because you aren't able to do so on the infected one:
   • USB drive: Connect the drive to the PC, then copy the tool (the file that begins with "Windows-kb" and ends with ".exe") to it from the Downloads folder.
   • CD/DVD-ROM: If the infected computer has a CD/DVD-ROM drive, you can burn the tool to a disc instead.
5. Double-click the tool. It starts with "Windows-KB" and ends with ".exe." You'll typically have to click Yes to verify that you want to run the tool.
   • If the malware prevents you from running the tool, you'll need to run the tool in Safe Mode. Follow these steps to reboot into Safe Mode, then try again:
     • Click the Start Template:Windows menu and select Power Template:Windows.
     • Hold ⇧ Shift as you click Restart.
     • Navigate to Troubleshoot  Advanced Options and click Restart.
     • Press 4 or F4 at the menu to enter Safe Mode.
     • If these steps don't work, see Activate Safe Mode in Windows 10.
6. Click Template:MacButton. A list of scan options will appear.
7. Select "Full Scan" and click Template:MacButton. This starts the scan, which may take several hours to complete.
   • Alternatively, you can select Quick Scan to do a short scan of the areas of your computer most likely to contain malware.
8. Review the results. You'll see one of four possible results once the scan is complete:^[2]
   • No infection was found: The issue may not be malware-related. It's also possible that the tool hasn't been updated to include the latest malware. Check the download page frequently for updates (click the "+" next to "Details" to see the date), then re-download the tool once updated.
   • At least one infection was found and removed: Malware was found and successfully removed. Now that you're in the clear, make sure to update Windows as soon as possible.
   • An infection was found but not removed: This means the PC is infected, but the tool is not equipped to remove it. Try downloading another tool, such as https://www.malwarebytes.com/mwb-download, and running it the same way as you did this one.
   • An infection was found and was partially removed: If you can, try to update and use Windows Defender to finish the job. If that doesn't work, download another tool, such as https://www.malwarebytes.com/mwb-download and run it the same way as you did this one.

On Mac

1. Restart your Mac in safe mode. To do so, hold the shift key before the Apple logo appears after clicking "Restart" from the Apple menu. Safe mode prevents software from starting automatically.
2. Locate the malicious app. This is usually in the /var/Applications folder, but it can be elsewhere on your computer.
3. Drag the app to the Trash. This will delete the malware from your computer.
4. Empty the Trash. This will permanently remove the malware and prevent accidental recovery or execution.

Preventing Malware in the Future

1. Protect your computer with an antivirus/anti-malware program. Windows 10 and Mac come with built-in security features, including a built-in antivirus, a firewall, a warning when installing unknown apps, and process isolation. Make sure that these features always enabled.
   • If you want to try a different antivirus, you can look into options like Avast, BitDefender, Malwarebytes, and AVG.
   • Make sure the antivirus/anti-malware definition files are always up-to-date, as new malware is created daily.Template:Expertgreenbox:161082
2. Beware of fake anti-malware apps. If you're browsing the web and suddenly see a pop-up message that claims you have a virus or malware, do not follow the instructions on the pop-up—these are usually malware in disguise.^[3] Instead, close all open windows, then use Windows Defender to do a thorough scan of your computer.
3. Keep Windows up to date. New security patches and updates are added to Windows all the time.
4. Keep your web browser up to date. If your web browser notifies you that an update is available, install it immediately. Updates are often pushed through when security vulnerabilities are found.^[4]Template:Expertgreenbox:161082
5. Never call a fake technical support phone number. If you see a pop-up or window that demands you call someone to remove malware (or regain access to your files), know that this is always a scam. No reputable anti-malware app will ever make you call someone to remove malware. Similarly, never trust someone who calls you on the phone to claim your computer is infected. Scammers will often try to convince you to pay money or bitcoin to fix a problem that doesn't exist. Close the window (or hang up the phone), run an anti-malware scan, and go about your day.
6. Don't open macro-enabled documents from unknown or unexpected senders. Macro viruses are infections that spread through the sharing of Office documents, and are usually spread via email.^[5] If you receive an email you aren't expecting (or from someone you don't know) that contains a .doc or .docx attachment, don't open the file.
   • Also be wary of websites that offer free templates for download—research the site before downloading these files, as they may be spreading viruses.
7. Use strong and unique passwords on the web. All of your web and app accounts should have their own unique passwords. If a hacker gets a hold of one of your passwords, you won't want them to be able to gain access to all of them! If you have a hard time remembering different passwords, try a password manager like LastPass or DashLane.

References

Quick Summary

Template:Summary:Remove-Malware