10 Steps To Take When You Discover Malware On Your Computer

Viruses are everywhere! And although we’d like to think that the Internet is a safe place to spend our time (cough), we all know that there are risks around every corner. Email, social media, malicious websites that have worked their way into search engine results, and ad pop-ups all can pose a threat. Although there are precautions you can take to limit the risk of infecting your computer, sometimes you simply have bad luck and get infected anyway. But thankfully, you can do it for completely free, although removing malware can be a painful process. And because of that, I’ve laid out all the steps of exactly how to do it.

It’s Not Just Viruses — Other Kinds Of Malware To Know About

2 Kinds of Malware   10 Steps To Take When You Discover Malware On Your Computer

Because there are so many kinds, “virus” is typically the term used to describe all the nasty stuff that can infect your computer. But the correct term is actually malware, and there’s lots of it.  Chris Hoffman wrote an article differentiating between the three main types of malware: viruses, trojans and worms. In that same article, he also briefly explains what spyware and scareware are. Scareware, or ransomware, is simply a program that infects your computer and then prompts you to pay to get it fixed. Guy McDowell goes more in depth in what ransomware is and how to remove it. Lastly, there’s adware, i.e. unsolicited advertising installed on your computer.

How To Detect The Symptoms That You’re Infected

3 Symptoms   10 Steps To Take When You Discover Malware On Your Computer

Why do you need to know how to detect symptoms – that’s what you have an antivirus program for, right? Well, that’s true – they help for sure. There have been occasions where mine has caught something and I’ve been able to get rid of it before it has been able to cause any harm. However, if an antivirus program isn’t updated with the latest definitions, it might not catch everything. Plus, it’s always better to know what to look for, rather than depending on what a program says.

1. Homepage And Search Engine Hijacking

Ever wonder why your homepage, now redirects to some weird website? Or what about your default search engine now being some other search engine that you’ve never heard of or recognize? These are tell-tale signs of malicious activity on your computer.

2. You’re Redirected To A Different Site Without Warning

Similar to the previous one, another problem you might run into is being taken to another website, likely malicious, when you typed in or clicked something completely different that you know hasn’t taken you there before.

3. Pop-ups

Ah, yes. The notorious pop-ups — we all know what they are.

4. Crashes

This isn’t always related to a malware infection, but if this is happening along with some of the others mentioned here, you’ve most likely got something.

5. Unfamiliar Programs And Toolbars

Ever wonder how all of those toolbars got there in your browser? They are full of search boxes and loads of useless buttons. Frankly, no one needs toolbars anymore. But if one showed up unannounced, it was either your poor program installation habits, or it snuck its way onto your computer… or both.

6. Slow Computer Online And Offline

Internet connectivity issues are one thing, but if your computer is always running slow, whether you’re online or not, you better keep reading this article.

7. Browser Can’t Load Pages

I hate to be the barer of bad news, but if your browser(s) continue(s) telling you that pages can’t be loaded, yet your Internet connection is fine, I’d bet that there’s something fishy going on.

The Steps To Take If You Are Infected

There is a level of panic and worry that can overwhelm you whenever you realize that your computer has been infected – you feel vulnerable and open. However, it’s not over for your computer and all of your files that it contains. There are ten things you need to do to obliterate that virus, trojan, worm, or whatever else may be infecting your computer and restore it to the state that it was prior to the infection.

1. Back Up Your Personal Files

4 Backup   10 Steps To Take When You Discover Malware On Your Computer

Hopefully you have already been backing up your files. But even so, I recommend that you copy your personal files elsewhere just to be safe. Secondly, you don’t want to back up everything on your computer, as there’s a risk that you could save some infected files along with it.

I’ve written several articles on backing up, but the two that you should refer to the most would be why you need to backup and recovery tips to help you prepare for a disaster.

2. Disconnect From The Internet

5 unplugging Ethernet cable and X over WiFi   10 Steps To Take When You Discover Malware On Your Computer

A virus will try to call home via your Internet connection. Disconnecting from the Internet should be one of the first things you do in order to battle any form of malware. If you’re on a desktop, simply unplugging the Ethernet cable is the most certain way. If you are on a laptop, you can disconnect by unplugging the Ethernet cable, or if you’re wirelessly connected, disabling the WiFi by a physical button on your keyboard or in the Taskbar.

6 Disable WiFi   10 Steps To Take When You Discover Malware On Your Computer

3. Boot In Safe Mode Or With A Live Antivirus Rescue Disk

7 safe mode   10 Steps To Take When You Discover Malware On Your Computer

By booting in Safe Mode, you’re able to prevent any non-core components from running, allowing you to isolate problems easier. To do this, restart your computer, and press and hold the F8 key while your computer starts up. The first option, “Safe Mode”, should be already selected, but if not, you can navigate to it with your arrow keys. Then press Enter. Once you’re in Safe Mode, you can continue the malware-removal process.

If Windows won’t start at all, you can use an antivirus rescue disk. These are available for free from many antivirus companies such as Kaspersky, Avira, AVG, and others. Justin Pot has written several articles on this, including one on three live CD antivirus scanners, and two more detailed posts on how to create a BitDefender and Kaspersky rescue disks. Lastly, you have the option of using a Linux Live CD.

4. Get Another Computer With Internet Access

8 second computer with internet access   10 Steps To Take When You Discover Malware On Your Computer

You will more than likely need the aid of another reliable computer connected to the Web in order to resolve your malware problems. This is because you will need to research the problems and symptoms of the specific infection, as well as download various programs to remove the infection. If you don’t have another computer, you might talk to a good friend or family member and explain your situation. Of course, if you are going to school at a college or university, or if you have access to a computer lab at a library, you might be able to use a public computer to do this as well.

When you download any executable programs on the clean computer, you will of course need a way to transport them to the infect computer. What I find best is a flash drive with no other valuable files on it. You might also use an SD card or portable hard drive.

5. Try To Identify The Actual Malware And Search For Fixes

9 ID   10 Steps To Take When You Discover Malware On Your Computer

Often times when malware infects your computer, it isn’t just some generic virus, but a specific kind that needs to be removed with a certain procedure. There are articles and forums all over the Web that address all kinds of malware infections. Start with a basic search based on the little information you know about the infection. For instance, if it’s in the form of a fake antivirus program, what is its name? Once you have somewhere to start, you can keep searching and gathering more information about what to do. Ideally, you’ll find instructions to walk you through the entire process from start to finish.

In case you are completely lost at this point, you can also ask MakeUseOf Answers and we will point you in the right direction.

6. Scan With Multiple Programs Until No Infections Are Found

10 scanning   10 Steps To Take When You Discover Malware On Your Computer

If you can’t find anything specific about the infection, don’t worry — there are a variety of tools you can use to remove infections. These tools range from antivirus to rootkit removers to anti-adware and antispyware to general antimalware programs.

On our Best Of Windows Software page, we have sections for antivirus, malware removal and firewall applications.

Some tools I recommend are the Kaspersky TDSSKiller for removing rootkits, Malwarebytes’ Anti-Malware and HitmanPro for removing all kinds of malware, and AdwCleaner for removing adware. All of these tools are free and can be used in conjunction with one another.

Again, you will have to download these on the clean computer connected to the Internet and transfer their executable files to the infected computer. Programs like Malwarebytes’ Anti-Malware often need Internet access to get the latest definitions, so I often use it to make one last swipe once I’m able to connect to the Internet once more and download the updates. I then return to Safe Mode to run the scans.

NOTE: You should know that although you can use multiple malware removal programs, you can’t use multiple antivirus programs, as they can conflict.

7. Clean Up Temporary Files And Worthless Programs

11 clean up   10 Steps To Take When You Discover Malware On Your Computer

Once you’ve removed the nasty infections, it’s time to clean up any remaining files. The recommended program to do this is CCleaner. It’s not considered a “security program” by any means, but it can help during this process. However, CCleaner isn’t the only good cleaner available. IObit’s AdvancedCare, System Ninja, as well as others like Xleaner and DriveTidy, are several good alternatives.

This might also be a good time to comb through your programs list with an app like GeekUninstaller to remove unneeded or potentially risky software that snuck its way into your computer.

8. Remove System Restore Points

12 System Restore   10 Steps To Take When You Discover Malware On Your Computer

Although System Restore can be very helpful and has proven to help me many times, system restore points do have the potential to contain malware, so it’s recommended that you delete those to ensure that all traces of malware are removed from your computer. If you know for sure when you contracted the malware, you can remove the restore points up to that time. However, to be safe, I recommend you remove all of them.

To do this in Windows Vista and 7 (and Windows 8 if you have a Start Menu tool, like Classic Shell), click the Start button, right-click Computer, and then Properties.

13 Start Computer Properties   10 Steps To Take When You Discover Malware On Your Computer

Click System protection in the left panel, which may then prompt you for an administrator password or confirmation. Under the System Protection tab click Configure, then click Delete and OK.

14 system protection – configure – delete   10 Steps To Take When You Discover Malware On Your Computer

If you’re using Windows 8 without a Start Menu tool, navigate your mouse cursor to the lower right-hand corner to display the Charms bar. Click Search (magnifying glass), type “recovery” and click Settings.  You should then see a result that says Recovery, for me it was the second result down in the right panel.

15.1 Charms bar   10 Steps To Take When You Discover Malware On Your Computer

15.2 Search recovery   10 Steps To Take When You Discover Malware On Your Computer

Once you click it, you’ll be taken to a window with Recovery tools, where you will click the link that says Configure System Restore. Then follow the previous instructions.

16 recovery tools configure system restore   10 Steps To Take When You Discover Malware On Your Computer

If you use Windows XP, follow these instructions provided by Microsoft.

9. Fix Post-Malware Removal Problems

There may be some problems that you encounter after you remove the infections from your computer. A couple quick options you might try would be Microsoft’s Fix It tool and a tool called Re-Enable II. Below are some common problems and how you might be able to fix them.

Can’t Connect To The Internet
This guide by Select Real Security is invaluable and can suggests many steps you might take to fix this problem.

Search Engine Redirecting To Random Website
One of the primary reasons for this, if you have Java (which you likely don’t need), is the Java cache hasn’t been cleared yet, which Java shows you how to do.

If your primary search bar still goes elsewhere, that can be changed in the Settings of your browser, whether you use Chrome, Firefox, Internet Explorer or others.

Homepage Is Still Different
If your homepage, like your search engine, was changed, you can go into your browser settings and change what this is too.

Programs And Files Won’t Open
Select Real Security has another great guide on how to fix this as well and uses four different methods: a Registry file, an INF file that fixes executable file association, CleanAutoRun by Kaspersky, and Creating a new user account.

Missing Desktop Icons
If none of your icons are on your Desktop anymore, try the Unhide or Re-Enable II tools.

Windows Update And Firewall Won’t Work
If Windows Update and/or your Firewall aren’t working properly, you might try a tool called Windows Repair by Tweaking.com. It can do a lot, so when you use it, uncheck all of the options except for the following five:

  • Repair WMI
  • Repair Windows Updates
  • Repair Windows Firewall
  • Reset Registry Permissions
  • Reset File Permissions

Windows Repair comes in both portable and non-portable versions.

Computer Is Still Slow
If your computer is still slow, there are several things you can do.

  • Removing more temporary files
  • Fix Windows system files by typing sfc /scannow in the Run Window (Start key + R) and the restart the computer
  • Ensure you have only one antivirus program installed and running on your computer

For more advice, take a look at Bakari’s article on why you might have a slow computer or Tina’s guide on speeding up Windows.

Still Having Problems? Try MakeUseOf Answers
If none of these options help, you might turn to the MakeUseOf Answers forum, which has proven helpful for many, including myself a time or two.

10. Change Your Passwords

17 Change passwords   10 Steps To Take When You Discover Malware On Your Computer

Lastly, you should change your passwords to ensure that no information that was potentially obtained while your computer was infected can be continued to be used against you and cause even more harm.

I personally recommend using a password management strategy and Yaara wrote an excellent article on how to create strong, yet easy to remember passwords, as well.

Conclusion: Preventing Further Infections

18 internet checklist   10 Steps To Take When You Discover Malware On Your Computer

With so much on the Internet today, preventing every single thing can be pretty difficult, but there are ways to be safe. We’ve covered many of these in the following articles already:

Have you had the “pleasure” of removing malware from your or someone else’s computer? If so, do you have any additional insight or success stories to share? We’d love to hear them!

Image Credits: Vintage Computer via Shutterstock, Laptop With Stethoscope via Shutterstock, backing up securely via Shutterstock, Ethernet cable with forbidden sign via Shutterstock, High wireless signal via Shutterstock, Red forbidden sign via Shutterstock, Rescue Usb Flash Drive via Shutterstock, Infected computer next to non-infected computer via Shutterstock, internet email is open with various computer virus icons via Shutterstock, Scan for viruses via Shutterstock, Virus Cleaned By Programmer via Shutterstock, note pinned to a cork board with the text Change Passwords via Shutterstock, Checklist for computer security via Shutterstock

The comments were closed because the article is more than 180 days old.

If you have any questions related to what's mentioned in the article or need help with any computer issue, ask it on MakeUseOf Answers—We and our community will be more than happy to help.

17 Comments -

0 votes

Catherine M

nice steps – sharing with my hubby & my pinterest tech page.
Wish you would give points for sharing on pinterest!

0 votes

Bruce E

Good article, Aaron. Just a couple of points based on my experience though:

#3: Trying Safe Mode is becoming more of a futile option, just go for the rescue disc instead as it is more effective against the most current malware that is getting better at digging into and infecting core system files (thus are active in Safe Mode anyway). My current tool of choice is the Trinity Rescue Kit since I can use that one tool to scan with multiple products. Many will also need the Internet connection to update themselves (or install in the case of TRK) before the scan.

#4: If you already have the necessary tools installed or they have been downloaded and bootable media already created, another machine is not necessary. I have these kind of tools ready to go at a moment’s notice for those times when I get an emergency call from a neighbor or family member. I normally leave copies with them when I leave as well so I don’t need to dig up mine the next time they call. Everyone should have a bootable rescue disc or flash drive sitting at their computer so it is handy at all times.

#8: Deleting System Restore Points should not be recommended, but REQUIRED since most people don’t realize they have been infected until they have a full set of corrupted files sitting in System Restore from all of the scheduled restore points created as well as those created during software installs and updates.

Finally, the last steps should be the creation of a fresh Restore Point after the cleanup has been taken care of and the system has been restored to a stable (if slightly unknown) state and figuring out when a complete nuke and pave can be done on the system in order to restore trust.

0 votes

Aaron Couch

Bruce,

Thank you for sharing your insight and adding value to this article! All very great points and helpful. It seems with computers that there is always a better way to do things, and I love learning about them, so thank you again for taking the time to post an in-depth explanation for various things that I overlooked!

0 votes

tree

another good source for tool downloads is http://www.ejaz.me/a

the only page with direct download links for professionals

0 votes

Aaron C

Thanks for sharing that link! That is an awesome resource for programs!

0 votes

Sylvio Haas

The more I read these articles more I get convinced that it is easier to carefully extract a sick liever and replace it by a good one. Blindfolded.

0 votes

Marian Cimbru

I think the step 7 should be the step 1.

0 votes

Aaron C

Care to share any expertise, insight, etc. as to why you think that?

I disagree. First of all because you should ALWAYS have a backup.

Secondly, if you have malware, often times you won’t even be able to run a lot of those other programs without using a Live CD, disconnecting from the Internet, and removing the primary threats first.

1 votes

Gordon

I lost count of how many time I have had to fix a relatives PC that was broken due to viruses or malware of some sort. It can take hours of work, and even then there is no guarantee that it’s been cleaned up, or the OS is not corrupted in some way. Sometimes the quickest way is to just rebuild the PC. The best thing I ever did was to lock down everyone’s PC, and giving them two logons. A User logon, and an Admin logon. The kids get no Admin logon ;-). The User logon is for day to day stuff, and the Admin one is used only for installing new software or making system changes. This makes web browsing etc MUCH safer because software vulnerabilities can’t be so easily exploited or crapware installed from web sites, including dodgy back ground scripts.

0 votes

Aaron C

Great tips, Gordon! Thanks for sharing your insight and experiences :-)

1 votes

QuantumPCSupport

Prevention is always better than cure. Customers need to be cautious while working on the system as well as surfing net. Using good protective tools is also a necessity. Your article was very helpful.

0 votes

Bob M

From experience, MalwareBytes is the best detector of malware.

0 votes

gregzeng

After discovering malware is usually so late, that you are not really aware of the extent of the damage. So it helps to have updated REAL-TIME malware watchers. Paid or free virus protection is the most common, but will not work on the very latest versions of malware. Generally the various brandnames leapfrog over each other in the effectiveness ratings, but the losers in the race are consistently the loser brandnames.

Less known freeware protectors that I use include Winpatrol & Process Lasso. But the best protection is to MULTI-BOOT my computers. Any Ubuntu-based operating system is compatible with Windows 7 & 8. All my data are on Windows NTFS partitions. This can be easily read-write friendly between Linux and Windows.

Unknown to most Windows users: the ‘rescue-disks’ for Windows are using Linux. Most Linux installations will also allow experts to rescue a damaged Windows computer.

0 votes

Rusty Anvil

Gordon’s use of both a User and Admin logon accounts is excellent, but some users just feel that there is something “better” about the Admin account and are tempted to use it as their “daily driver” for routine computing.

To discourage this, I always set up the desktop with a high-contrast black-and-white theme. Few mortals can endure this for more than a few moments, and generally, the folks who call on me for assistance don’t know how to change the theme to something more palatable.

0 votes

sekreid

cant you just clean the hard drive and reinstall the operating system.

1 votes

Joni

Aaron, this was a great article! I have already started using some of these suggestions and looked up the “Best Windows software” page.

0 votes

Aaron C

That’s great, Joni! I’m always happy to help if you have any questions — you know how to reach me ;-)