Viruses are everywhere! Did you click a bad link or open a malicious email attachment? It doesn't take much to infect a PC with malware.

Removing a computer virus can be difficult, but you can do it for free. We'll take you through the process of malware detection and removal.

It's Not Just Viruses: Other Kinds of Malware to Know About

We often use the term "virus" to describe all the nasty stuff that can infect your computer. But the correct term is actually "malware," and there's lots of it. The main types of malware are viruses, trojans, and worms. You might also come across rootkits, botnets, spyware, adware, ransomware, or scareware.

The Symptoms of a Windows Virus or Malware Infection

Your antivirus program should detect malware before you notice any symptoms. But when a zero-day-exploit hits your computer or your antivirus signature files aren't up-to-date, an infection might go unnoticed. Being aware of potential malware symptoms can help you catch an intruder before it does any serious harm.

Here are the most common signs your computer was compromised:

  • Computer Issues: Windows is slow, the internet is laggy, but only on your PC, or you're experiencing frequent software or system crashes. These symptoms aren't always related to a malware infection, but if this is happening along with some of the other issues mentioned here, you've most likely got something going on.
  • Browser Issues: Your homepage or default search engine got changed, you suddenly have toolbars you didn't install, when you click a link you're redirected to a random (likely malicious) website, or you notice the same strange pop-ups on every site you visit. These are tell-tale signs of malicious activity on your computer.
  • Antivirus Software Issues: Your antivirus was disabled or isn't updating anymore.
  • Unsolicited Programs Appearing: Sure, maybe Microsoft decided to push out an app with a recent update or it was bundled with something else you installed. But it could also be a sign of something more serious going on.
  • Files Disappear: Chances are, a ransomware has started taking hostages.

The Steps to Take If Your Computer Is Infected

Before you start with the malware removal, here are a few things you'll need:

  • A clean (i.e. malware-free) computer with internet access to research the symptoms of your computer's infection, download programs to remove the infection, and create rescue or recovery media.
  • A formatted USB flash drive, SD card, or external drive to transfer or run recovery software.

Once you have both of these, you can try the following ideas.

1. Back Up Your Personal Files

Hopefully, you have already been backing up your files. But even so, we recommend that you copy your personal files elsewhere just to be safe. Mind that you don't want to back up everything on your computer, as there's a risk that you could save some infected files along with it.

Here's a list of Windows files and folders we recommend to back up. You can also set up cloud backups; note that most of these do not include malware scans.

2. Run a Microsoft Defender Offline Scan

Windows 10 comes with malware protection built-in, including a Microsoft Defender Offline scan option. You can either search for Windows Security in the Start menu or launch it from the Settings app: Press Windows + I to open the Settings app and go to Update & Security > Windows Security > Virus & threat protection.

Within the Windows Security app, click Scan options, then select Microsoft Defender Offline scan, and hit Scan now.

Windows Security scan options including a Microsoft Defender Offline scan.

If that scan comes back clean or if you still see suspicious symptoms, we recommend proceeding with further scans.

3. Disconnect From the Internet

Windows laptop keyboard with F buttons, including the Airplane mode button.

A virus will try to call home, hence disconnecting from the internet should be one of the first things you do in order to battle any form of malware. Here's how you can quickly cut your internet connection on any Windows computer:

  • If you're on a desktop, unplug your Ethernet cable.
  • If your computer has a Wi-Fi connection, put Windows into Airplane mode: Press Windows + A to launch the Action Center, then click the Airplane mode button at the bottom.
  • If you have a laptop, you might also have an Airplane mode or Wi-Fi button on your keyboard.

4. Boot in Safe Mode

By booting in Safe Mode, you'll prevent any non-core components from running, allowing you to isolate problems easier. The easiest way to boot in Safe Mode in Windows 10 is the Advanced startup option: Press Windows + I to launch the Settings app, then head to Update & Security > Recovery and click Restart now under Advanced startup.

Windows 10 Settings app showing the advanced startup option under Update & Security > Recovery.

After your computer rebooted into recovery mode, you'll see a blue screen with a few options to choose from. Select Troubleshoot > Advanced Options > Start/up Settings > Restart. If you encrypted your drive, have your BitLocker recovery code ready, which you'll find in your Microsoft account. Your PC will reboot again to launch the Startup Settings screen, where you can choose Safe Mode. Once you're in Safe Mode, you can continue the malware-removal process.

If Windows won't start at all, you can use a bootable antivirus disk. These are available for free from many antivirus companies such as Kaspersky, AVG, and others.

5. Close Suspicious Applications

Windows 10 Resource Monitor with running processes in CPU tab.

Look for applications you have recently updated or installed. Press the Windows key, type "Resource Monitor," and open the respective app. Within the Resource Monitor, review the running tasks to see how they affect your computer. To close an application, right-click it and select End Process.

6. Try to Identify the Actual Malware and Search for Fixes

When malware infects your computer, it usually isn't just some generic virus, but a specific kind that needs to be removed with a certain procedure. You'll find articles and forums all over the web that address all kinds of malware infections.

Start with a basic search based on the little information you know about the infection. For instance, if it's in the form of a fake antivirus program, what is its name? Once you have somewhere to start, you can keep searching and gathering more information about what to do. Ideally, you'll find instructions to walk you through the entire process from start to finish.

7. Scan With Multiple Programs Until No Infections Are Found

If you can't find anything specific about the infection, don't worry. You can use a variety of tools to remove infections. These tools range from antivirus to rootkit removers to anti-adware and antispyware to general antimalware programs.

These are the third-party tools we recommend:

All of these tools are free or have a free trial and can be used in conjunction with one another. You will have to download these on a clean computer connected to the internet and transfer their executable files to the infected computer. Programs like Malwarebytes Premium need internet access to get the latest definitions. If you can, update definitions first, then boot in Safe Mode to run the scans.

Note: While you can use multiple malware removal programs, you can't use multiple antivirus programs at the same time, as they can conflict.

8. Clear Temporary Files and Browser Cache

Once you've removed the nasty infections, it's time to clean up any remaining files. You can use CCleaner or clean your computer manually. When you're done, be sure to double-check your browser's homepage and search engine and restore these to your preferred or default settings. This might also be a good time to comb through your programs list and uninstall unneeded or potentially risky software that snuck its way into your computer.

8. Remove System Restore Points

Picture showing codes from a computer

Although System Restore can be useful in repairing a botched Windows setup, system restore points have the potential to contain malware. We recommended that you delete all system restore points. If you know for sure when you contracted the malware, you can remove the restore points up to that time.

Refer to our System Restore guide for step-by-step instructions on how to delete old system restore point.

9. Fix Post-Malware Removal Problems

There may be some problems that you encounter after you remove the infections from your computer. A quick option you might try would be Microsoft's Fix It tool.

Below are some common problems and how you might be able to fix them.

  • Can't Connect to the Internet: The malware made changes to your system that persist after its removal. This could include DNS setting changes, modifications of your proxy server, or a new host file. This Ugetfix article can help you fix all of those and our malware removal guide touches on many of these issues, too.
  • Programs and Files Won't Open: Removing the malware doesn't undo its damage, which could include changed executable file associations. The easiest way to fix all the issues is to create either a new Windwos user profile or a new account.
  • Search Engine Redirecting to Random Websites: One of the primary reasons for this, if you have Java (which you likely don't need), is that you still need to clear the Java cache. If your primary search bar still goes elsewhere, that can be changed in your browser's settings.
  • Homepage is Still Different: If your homepage, like your search engine, was changed, you also change it in your browser settings.
  • Missing Desktop Icons: If none of your icons are on your Desktop anymore, try downloading software like Unhide.
  • Windows Update and Firewall Won't Work: If Windows Update and/or your Firewall aren't working properly, you might try a tool called Windows Repair by Tweaking.com. It can do a lot, so when you use it, uncheck all of the options except for the following five:
    • Repair WMI
    • Repair Windows Updates
    • Repair Windows Firewall
    • Reset Registry Permissions
    • Reset File Permissions
  • Computer Remains Slow: If your computer is still slow, there are several things you can do.
    • Remove more temporary files.
    • Fix Windows system files by typing sfc /scannow in the Run Window (Start key + R) and the restart the computer.
    • Ensure you have only one antivirus program installed and running on your computer.
    • Follow these tips on how to make Windows 10 faster and improve performance.

Still having problems? Post your issues to a Windows help forum and get a custom answer.

10. Change Your Passwords

Lastly, you should change your passwords to ensure that no information that was potentially obtained while your computer was infected can be continued to be used against you and cause even more harm.

We recommend using a password management strategy to create strong, yet easy to remember passwords.

Preventing Further Computer Malware Infections

Now that you've hopefully removed the malware and restored your computer, you'll want to set up a regimen to never catch a malware again. This should include an antivirus, antimalware, and anti-ransomware software. Always be sure to update your browser and keep its settings tight.