Beware the signs of a potentially malware-infested PC: slower-than-usual performance, the recent occurrence of lots of pop-ups, and other weird issues. It’s possible your system has been infected by a virus, spyware, or other nefarious entity—even if you have an antivirus program installed. Yes, out-of-the-ordinary behavior is sometimes the result of hardware issues, but it’s best to first rule out malware if your PC is acting up. Here’s a step-by-step guide for taking action.
Step 1: Enter Safe Mode
Before you do anything, you need to disconnect your PC from the internet, and don’t use it until you’re ready to clean your PC. This can help prevent the malware from spreading and/or leaking your private data.
If you think your PC may have a malware infection, boot your PC into Microsoft’s Safe Mode. In this mode, only the minimum required programs and services are loaded. If any malware is set to load automatically when Windows starts, entering in this mode may prevent it from doing so. This is important because it can make removing the nefarious files easier since they’re not actually running or active.
Sadly, Microsoft has turned the process of booting into safe mode from a relatively easy process in Windows 7 and Windows 8 to one that is decidedly more complicated in Windows 10. To boot into Windows Safe Mode, first click the Start button in Windows 10 and select the Power button as if you were going to reboot, but don’t click anything. Next hold down the Shift key and click Reboot. When the full-screen menu appears, select Troubleshooting, then Advanced Options, then Startup Settings. On the next window click the Restart button and wait for the next screen to appear (just stick with us here, we know this is long). Next you will see a menu with numbered startup options; select number 4, which is Safe Mode. Note that if you want to connect to any online scanners you’ll need to select option 5, which is Safe Mode with Networking.
You may find that your PC runs noticeably faster in Safe Mode. This could be a sign that your system has a malware infection, or it could mean that you have a lot of legitimate programs that normally start up alongside Windows. If your PC is outfitted with a solid-state drive it’s probably fast either way.
Step 2: Delete temporary files
Now that you’re in Safe Mode, you’ll want to run a virus scan. But before you do that, delete your temporary files. Doing this may speed up the virus scanning, free up disk space, and even get rid of some malware. To use the Disk Cleanup utility included with Windows 10 just type Disk Cleanup in the search bar or after pressing the Start button and select the tool that appears named Disk Cleanup.
Step 3: Download malware scanners
Now you’re ready to have a malware scanner do its work—and fortunately, running a scanner is enough to remove most standard infections. If you already had an antivirus program active on your computer, you should use a different scanner for this malware check, since your current antivirus software may not have detected the malware. Remember, no antivirus program can detect 100 percent of the millions of malware types and variants.
There are two types of antivirus programs. You’re probably more familiar with real-time antivirus programs, which run in the background and constantly watch for malware. (Another option is an on-demand scanner, which searches for malware infections when you open the program manually and run a scan. You should have only one real-time antivirus program installed at a time, but you can have many on-demand scanners installed to run scans with multiple programs, thereby ensuring that if one program misses something a different one might find it.
If you think your PC is infected, we recommend using an on-demand scanner first and then following up with a full scan by your real-time antivirus program. Among the free (and high-quality) on-demand scanners available are BitDefender Free Edition, Kaspersky Virus Removal Tool, Malwarebytes, Microsoft’s Malicious Software Removal Tool, Avast, and SuperAntiSpyware.
Step 4: Run a scan with Malwarebytes
For illustrative purposes, we’ll describe how to use the Malwarebytes on-demand scanner. To get started, download it. If you disconnected from the internet for safety reasons when you first suspected that you might be infected, reconnect to it so you can download, install, and update Malwarebytes; then disconnect from the internet again before you start the actual scanning. If you can’t access the internet or you can’t download Malwarebytes on the infected computer, download it on another computer, save it to a USB flash drive, and take the flash drive to the infected computer.
After downloading Malwarebytes, run the setup file and follow the wizard to install the program. Once the program opens, it will automatically activate a trial of the paid version that enables real-time scanning. You won’t get charged after the trial ends, however—by default, the program reverts to the standard free version in 14 days. In the meanwhile, you can disable the real-time scanning for those two weeks if you prefer.
To run a scan, switch from the Dashboard tab to the Scan tab. Keep the default scan option (“Threat Scan”) selected and click the Start Scan button. It should check for updates before it runs the scan, but make sure that happens before you proceed.
Though it offers a custom-scan option, Malwarebytes recommends that you perform the threat scan first, as that scan usually finds all of the infections anyway. Depending on your computer, the quick scan can take anywhere from 5 to 20 minutes, whereas a custom scan might take 30 to 60 minutes or more. While Malwarebytes is scanning, you can see how many files or objects the software has already scanned, and how many of those files it has identified either as being malware or as being infected by malware.
If Malwarebytes automatically disappears after it begins scanning and won’t reopen, you probably have a rootkit or other deep infection that automatically kills scanners to prevent them from removing it. Though you can try some tricks to get around this malicious technique, you might be better off reinstalling Windows after backing up your files (as discussed later), in view of the time and effort you may have to expend to beat the malware.
Once the scan is complete, Malwarebytes will show you the results. If the software gives your system a clean bill of health but you still think that your system has acquired some malware, consider running a custom scan with Malwarebytes and trying the other scanners mentioned earlier. If Malwarebytes does find infections, it’ll show you what they are when the scan is complete. Click the Remove Selected button in the lower left to get rid of the specified infections. Malwarebytes may also prompt you to restart your PC in order to complete the removal process, which you should do.
If your problems persist after you’ve run the threat scan and it has found and removed unwanted files, consider running a full scan with Malwarebytes and the other scanners mentioned earlier. If the malware appears to be gone, run a full scan with your real-time antivirus program to confirm that result.