Home / Windows / How-To
Answer Line

Your PC has malware! Here’s how to remove it

Malware is designed to stay put. You should be able to get rid of the malicious code with these steps.
Answer Line
By Lincoln Spector, PCWorld Apr 21, 2016 3:30 am PDT

Leonard Llangozi’s PC showed clear signs of a malware infection. “I don’t know what to do.”

Most people write to me about having a “virus,” but have nothing of the kind. Their problems are caused by failing hardware, badly written software, or their own mistakes. But Leonard’s problems, which included overused RAM and mysteriously disabled security programs, suggested something malicious.

In 2014, I wrote about the telltale signs of infection. This time, I’m going into more detail about what to do if you’re getting those telltale signs.

[Have a tech question? Ask PCWorld Contributing Editor Lincoln Spector. Send your query to answer@pcworld.com.]

Boot into Safe Mode

First of all, don’t depend on the antivirus program already installed on your PC. Chances are it’s been compromised.

Instead, boot into Safe Mode with Networking and run a cloud-based malware scanner. Safe Mode reduces the likelihood that the malware can interfere.

If you don’t know how to boot into Safe Mode, read my directions for Windows 7 and 8.1, or my separate directions for Windows 10. Remember to pick the option for Safe Mode with Networking.

Scan and clean

Once you’re in Safe Mode, launch a browser and the ESET Online Scanner. Then try Trend Micro’s HouseCall.

Need something stronger? Malware designed for Windows is crippled in another OS, so try a Linux-based malware cleaner, booted from a DVD or a flash drive (See Chris Hoffman’s beginner’s guide for more information on Linux boot drives). I recommend either ESET SysRescue Live or Kaspersky Rescue Disk 10.

0421 eset prep boot drive

The ESET SysRescue Live Windows program creates a bootable Linux drive for removing malware

Malware authors are evil, but they’re not stupid…or lazy. They will use every trick in the book and invent new ones to stay on your PC. For that reason, there’s a legitimate argument that once a PC has been compromised, you should go the full nuclear route.

Starting over with a clean slate

First, back up your data files on external media. Then securely wipe your hard drive or SSD. Darik’s Boot and Nuke does a good job for hard drives. For an SSD, go to the drive manufacturer’s website for specific instructions. This will probably involve downloading a special program.

If you have an image backup made before the infection, restore from that. Then copy your data files back to the newly-restored drive.

Otherwise, on another computer, download and prepare installation media for Windows 7, Windows 8.1, or Windows 10 (click the Download tool now button). Boot from that media and install Windows.

Finally, follow my advice for setting up a new PC. That article is specific for Windows 10, but the general advice would work for any version.

Coupon Codes