How-To Guides

How to Remove Malware From Your PC

Photo of Nizam Ud Deen Nizam Ud Deen7 hours agoLast Updated: June 6, 2026
0 1 8 minutes read

This guide removes malware from a Windows PC, restoring the computer to a clean state and stopping the infection from spreading or stealing data. Malware is malicious software, including viruses, trojans, spyware, ransomware, and cryptominers, that runs without consent. This article explains how to recognize the signs of infection, disconnect from the internet to cut off the malware, boot into Safe Mode with Networking, run a full scan with Windows Security and a second scan with Malwarebytes, use the Microsoft Defender Offline scan to catch rootkits, remove malicious startup items and browser extensions, reset affected browsers, and change passwords after the system is clean.

Each step names the Windows tool involved, including Windows Security, Microsoft Defender Offline, Task Manager, and the browser reset option, alongside Malwarebytes as a second scanner. The article also explains when reinstalling Windows is the correct response.

The result is a cleaned PC with the infection removed and credentials reset. Start by confirming the computer shows the signs of an infection.

Recognize the Signs of Malware

Malware reveals itself through changes in performance, browsing, and system behavior that the user did not cause. The signs below indicate an infection.

  • Unexpected pop-ups appear. Advertisements or alerts show up outside the browser or on sites that never displayed them.
  • The computer runs slowly. A cryptominer or background process holds the CPU near full load, which the steps to fix high CPU usage help confirm.
  • The browser redirects searches. A hijacker sends searches to an unfamiliar engine or changes the homepage without permission.
  • New toolbars or extensions appear. Add-ons install themselves and resist removal.
  • Security tools are disabled. Windows Security or updates turn off and refuse to turn back on, which malware does to protect itself.

Several signs together point more strongly to an infection than any one alone. A single slow session can have other causes, while redirects combined with disabled security indicate malware.

Disconnect From the Internet

Disconnecting from the internet cuts the malware off from its server, stopping data theft and further downloads. The steps below isolate the PC.

Disconnect From the Internet - How to Remove Malware From Your PC
  1. Unplug the Ethernet cable if the PC uses a wired connection.
  2. Turn off Wi-Fi from the taskbar network icon or enable Airplane mode.
  3. Keep the PC offline during scanning so the malware cannot contact its command server.
  4. Reconnect only after the scans report a clean system and passwords are ready to change.

Many malware types send stolen data or download additional payloads over the network. Isolating the PC halts both while the cleaning steps run.

Boot Into Safe Mode With Networking

Safe Mode with Networking loads only essential drivers, which stops most malware from running and makes it easier to remove. The steps below enter Safe Mode.

Boot Into Safe Mode With Networking - How to Remove Malware From Your PC
  1. Open Settings, then System, then Recovery, and select Restart now under Advanced startup.
  2. After restart, choose Troubleshoot, then Advanced options, then Startup Settings, then Restart.
  3. Press 5 or F5 to select Safe Mode with Networking.
  4. Sign in to Windows, which now loads with minimal drivers and most malware inactive.
  5. Confirm the desktop shows Safe Mode in the corners before continuing.

Safe Mode with Networking keeps the network driver active so a scanner can update its definitions, while blocking most startup malware. Malware set to launch normally does not load in this mode.

Related Articles

Run a Full Windows Security Scan

A full Windows Security scan checks every file on the drive using the built-in Microsoft Defender Antivirus engine. The steps below run it.

  1. Open Windows Security from the Start menu and select Virus and threat protection.
  2. Click Scan options.
  3. Select Full scan, which examines every file and running program.
  4. Click Scan now and let the scan finish, which can take an hour or more.
  5. Review the detections and choose Remove or Quarantine for each threat found.

Microsoft Defender Antivirus is the antivirus engine built into Windows 10 and Windows 11. A full scan reaches files a quick scan skips, so it is the correct choice for an active infection.

Run a Malwarebytes Scan

A Malwarebytes scan adds a second engine that catches adware and potentially unwanted programs the first scan may miss. The steps below run it.

  1. Download Malwarebytes from the official site on the infected PC or a clean device.
  2. Install Malwarebytes and let it update its detection database.
  3. Open Malwarebytes and click Scan to start a threat scan.
  4. Wait for the scan to finish and review the detected items.
  5. Click Quarantine to isolate every detection, then restart if prompted.

Running a second scanner improves detection because each engine recognizes different threats. The free version of Malwarebytes performs on-demand scans, which is enough for cleanup. The role of an antivirus engine is explained in the overview of why antivirus is important.

Run a Microsoft Defender Offline Scan for Rootkits

A Microsoft Defender Offline scan runs before Windows fully loads, catching rootkits and persistent malware that hide during a normal scan. The steps below run it.

  1. Save any open work, since this scan restarts the PC.
  2. Open Windows Security, select Virus and threat protection, then Scan options.
  3. Select Microsoft Defender Offline scan and click Scan now.
  4. Allow the PC to restart into the offline scanning environment.
  5. Let the scan complete, after which Windows restarts and shows the results in Windows Security.

A rootkit hides deep in the system and can survive a standard scan by loading before the antivirus. The offline scan runs outside the normal Windows environment, so the rootkit cannot hide from it.

Remove Malicious Startup Items and Extensions

Removing malicious startup entries and browser extensions stops the malware from relaunching after each restart. The steps below clear them.

  1. Open Task Manager, select the Startup apps tab, and disable any unfamiliar entry.
  2. Open Settings, then Apps, then Installed apps, and uninstall any program that was not installed deliberately.
  3. Open each browser Extensions or Add-ons page and remove unknown extensions.
  4. Check the browser Settings for a changed homepage or search engine and reset both to trusted values.
  5. Restart the PC and confirm the unwanted entries do not return.

Malware adds startup entries and extensions so it reloads after a restart. Removing these persistence points keeps the system clean after the scans.

Reset Affected Browsers

Resetting a browser restores its default settings, removing leftover hijacks that survive extension removal. The steps below reset a browser.

  1. Open the browser Settings and find the Reset or Restore settings option.
  2. In Chrome or Edge, select Reset settings, then Restore settings to their original defaults.
  3. Confirm the reset, which disables extensions and clears changed search and startup settings.
  4. Re-enable only the extensions that are recognized and needed.
  5. Sign back in to the browser only after confirming the system is clean.

A browser reset clears modified search engines, startup pages, and permissions without deleting saved bookmarks or passwords. It removes hijack settings that uninstalling an extension can leave behind.

Change Passwords After Cleaning

Changing passwords after the system is clean replaces any credential the malware may have captured. The steps below reset them safely.

  1. Confirm the scans report a clean system before changing any password.
  2. Reconnect to the internet now that the malware is removed.
  3. Change the passwords for email, banking, and other important accounts first.
  4. Use a different device to change passwords if any doubt remains about the cleaned PC.
  5. Enable two-factor authentication on each account to block reuse of any stolen password.

Malware such as a keylogger records passwords typed before removal. Changing passwords after cleaning, then adding a second factor, closes that exposure. The steps to create a strong password apply to each new credential.

When to Reinstall Windows

A reinstall of Windows is the correct response when scans cannot fully remove the infection. The conditions below indicate a reinstall.

  • Threats return after every scan. Malware that reappears after removal points to a persistent infection a reinstall clears.
  • Ransomware encrypted the files. A reinstall is required when ransomware has locked data and no decryption tool exists.
  • The system stays unstable. Continued crashes or disabled security after cleaning indicate deep damage.
  • A rootkit resists removal. A rootkit that survives the offline scan calls for wiping the drive and reinstalling.

A reset that removes everything reinstalls a clean copy of Windows. Backing up important files to external storage first, then scanning those files before restoring them, prevents reinfection.

Malware Removal Tool Reference

ToolPurposeWhen to Use
Windows Security (full scan)Built-in antivirus scanFirst scan on every cleanup
MalwarebytesSecond-engine scanCatch adware and unwanted programs
Microsoft Defender OfflinePre-boot rootkit scanSuspected rootkit or persistent malware
Task Manager (Startup)Disable persistenceStop malware relaunching at boot
Browser resetClear hijacksRedirects or changed search engine remain
Windows reset/reinstallWipe and restoreInfection survives all scans

Common Mistakes to Avoid

Several errors leave malware in place or cause new damage. The mistakes below recur during cleanup.

  • Staying online during cleanup. An active connection lets the malware send data and download more payloads.
  • Running only one scanner. A single engine can miss threats a second engine detects.
  • Skipping the offline scan. A rootkit hides from normal scans and survives until an offline scan runs.
  • Leaving startup entries in place. Malware reloads after restart if its persistence points remain.
  • Changing passwords before cleaning. A keylogger still running captures the new passwords as they are typed.

Key Takeaways

  • Disconnect first. Cutting the network stops data theft and further downloads during cleanup.
  • Scan in Safe Mode with two engines. Windows Security and Malwarebytes together catch more threats.
  • Run an offline scan for rootkits. Microsoft Defender Offline catches malware that hides during normal scans.
  • Remove persistence and reset browsers. Clearing startup items and hijacked settings stops relaunches.
  • Change passwords after cleaning. New credentials replace anything a keylogger captured before removal.

How do I know if my PC has malware?

Signs include unexpected pop-ups, slow performance from high CPU use, browser redirects, new toolbars, and disabled security tools. Several signs together point to an infection more strongly than any one alone.

Should I disconnect from the internet to remove malware?

Yes. Disconnecting cuts the malware off from its command server, stopping data theft and further downloads. Stay offline through scanning and reconnect only after the system is clean and passwords are ready to change.

Is Windows Security enough to remove malware?

Windows Security removes many threats, but running a second engine such as Malwarebytes catches adware and unwanted programs it may miss. A Microsoft Defender Offline scan is also needed for rootkits.

What is a Microsoft Defender Offline scan?

A Microsoft Defender Offline scan runs before Windows fully loads, catching rootkits and persistent malware that hide during a normal scan. It restarts the PC into a separate scanning environment the malware cannot control.

Should I change my passwords after removing malware?

Yes. Malware such as a keylogger can record passwords. Change them after the system is clean, starting with email and banking, and enable two-factor authentication to block reuse of any stolen credential.

When should I reinstall Windows instead of cleaning?

Reinstall when threats return after every scan, a rootkit resists the offline scan, ransomware encrypted the files, or the system stays unstable. A clean reinstall removes infections that survive all scans.

Last Thoughts on Removing Malware

Removing malware from a Windows PC follows a fixed order: disconnect from the internet, boot into Safe Mode with Networking, scan with Windows Security and Malwarebytes, run a Microsoft Defender Offline scan for rootkits, clear startup persistence, reset hijacked browsers, and change passwords once the system is clean. A reinstall of Windows remains the final response when an infection survives every scan. Because a cleaned system still needs ongoing protection, the overview of why antivirus is important explains real-time defense, and the steps to fix high CPU usage help confirm whether a cryptominer was the cause of a slowdown.

Photo of Nizam Ud Deen Nizam Ud Deen7 hours agoLast Updated: June 6, 2026
0 1 8 minutes read
Photo of Nizam Ud Deen

Nizam Ud Deen

Nizam Ud Deen is the founder of theCoreiTech, a tech-focused platform dedicated to simplifying the world of computers, hardware, and digital innovation. With nearly a decade of experience in digital marketing and IT, Nizam combines strategic marketing insight with deep technical understanding. As a passionate entrepreneur, he has built multiple successful digital products and online ventures, helping bridge the gap between technology and everyday users. His mission through theCoreiTech is to empower readers to make informed decisions about computers, hardware, and emerging tech trends through clear, data-driven, and actionable content.
Leave a Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button