To clean an infected computer, isolate it, run trusted scanners, remove threats, and update software.
Nothing sours a day like a misbehaving PC or Mac. Pop-ups, sluggish apps, and weird redirects point to malware. This guide gets you from “something’s wrong” to a clean, patched system without guesswork. You’ll see what to do the moment trouble shows up and how to scan the right way.
Symptoms, Causes, And Immediate Moves
Act quickly and keep it simple. Pull the plug on risky activity, capture clues, and stop the spread across Wi-Fi or shared drives. Here’s a quick map you can use before diving into deep scans.
| What You See | What It Signals | First Move |
|---|---|---|
| Endless pop-ups or browser redirects | Adware, unwanted extensions, DNS tampering | Disconnect from network; close the browser; plan a full scan |
| Sudden slowdown, fans racing, high CPU | Cryptominer, trojan, or too many startup items | Reboot; safe mode for scans; check startup list later |
| Files locked, ransom notes | Ransomware | Isolate the device; do not pay; prepare offline scans and backups |
| Security tools disabled | Aggressive malware or admin tampering | Use offline scanning; avoid random tools |
| Unknown apps in Login/Startup | Persistence by adware or trojans | Safe mode; remove suspicious entries after scanning |
Safe Preparation Before You Scan
Give yourself a clean lane so the scanner can work. Unplug from the network, log out of cloud drives, and pause file sync. Copy critical documents to an external drive so a crash won’t cost you data.
Next, reboot into a restricted state. On Windows, safe mode limits background services. On macOS, safe mode runs checks and loads only needed items. You’ll use it again after removal to clear leftover launch items.
Remove Malware From Your PC: Step-By-Step
Windows: Clean With Built-In Tools First
- Disconnect from the network. Pull Ethernet and turn off Wi-Fi. That stops data theft and cuts command-and-control links.
- Boot to safe mode with networking off. In Settings > Recovery, use Advanced startup, then Startup Settings to enable Safe Mode. Skip networking.
- Run a full scan with Windows Security. Open Windows Security > Virus & threat protection > Scan options > Full scan. Let it finish; quarantine what it finds.
- Run Microsoft Defender Offline. Some threats hide during normal boots. Use the Microsoft Defender Offline scan to check from outside Windows, then remove anything flagged.
- Reboot normally, recheck, then update. Install OS updates and app patches. Scan again to confirm you’re clear.
Mac: Clean The Smart Way
- Disconnect from the network. Turn off Wi-Fi and unplug wired connections.
- Start in safe mode. Follow Apple’s steps for your chip type to start in safe mode, then sign in and let checks run.
- Remove obvious offenders. In Safari or your main browser, remove shady extensions. In System Settings > Login Items, review items you don’t recognize.
- Scan with a trusted tool if needed. If pop-ups or launch agents keep returning, use a reputable scanner, then restart and recheck Login Items.
- Update macOS and apps. Patch the system and rescan.
When The Threat Is Ransomware
If files are locked and a ransom note appears, treat it like a live incident. Keep the machine isolated. Preserve notes and filenames for investigators. Restoring from clean backups is the safest way out. Public responders publish free playbooks that match what pros do in the field; the ransomware response checklist outlines containment, eradication, and recovery steps. Home users can apply the same sequence at smaller scale.
Manual Cleanup Tasks That Help
Remove Junk From Startup
After scanning, trim persistence. On Windows, open Task Manager > Startup apps and turn off entries you don’t trust. On macOS, review Login Items and any unsigned launch agents. Less at startup means fewer hiding places and quicker boots.
Reset Browsers
Adware loves extensions and modified settings. Reset the default browser, clear cache and cookies, and remove search engines you didn’t choose. Re-add only extensions you need, directly from the official store.
Check Hosts, DNS, And Schedules
Some threats change name resolution or schedule tasks. On Windows, review Task Scheduler and the hosts file; on macOS, check launchd agents and any custom DNS. If you don’t recognize it, disable it, then search the entry name on a safe device to confirm.
Prevention That Actually Works
Cleaning is only half the job. The goal is fewer incidents, quick recovery, and less damage when something slips through. Use the checklist below to harden the basics and raise the bar against drive-by downloads, phishing, and shady installers.
| Defense | Why It Matters | How To Do It |
|---|---|---|
| Automatic updates | Patches close holes used by worms and exploits | Enable OS and app auto-update; schedule reboots |
| Least-privilege daily use | Malware launched without admin rights has less reach | Keep a standard account for daily work |
| Reputation-only software | Unsigned installers risk adware or backdoors | Download from vendors or trusted stores |
| Protected DNS | Stops known bad domains early | Use a reputable DNS filter on the router |
| Offline backups | Ransomware can’t touch unplugged copies | Keep two copies, one off-site or in cold storage |
| Hardware security keys | Blocks account takeovers that enable reinfection | Add keys to major accounts with MFA |
Troubleshooting Stubborn Cases
When Scans Keep Finding The Same Item
That points to a loader that restores the payload. Use an offline scan again, then remove related startup entries. Check browser sync; a bad extension can hop between devices and replant itself.
When The PC Won’t Boot
Start with recovery media. If repair loops, use a second computer to create a bootable USB, then run offline scans. As a last resort, wipe and reinstall, then restore only from backups taken before the incident.
When You’re Not Sure It’s Clean
Do a second opinion scan with a reputable tool. Monitor network traffic and sign-ins for a few days. If anything odd shows up, repeat the safe-mode routine and run another offline pass.
Quick Reference: Windows And Mac Paths
These spots are common hideouts. Use them for verification, not as a substitute for scanning.
Windows
- %ProgramData% and %AppData% for hidden folders named like system services
- Task Scheduler > Task Scheduler Library for odd one-minute tasks
macOS
- ~/Library/LaunchAgents and /Library/LaunchAgents for odd .plist files
- System Settings > Login Items for background items you didn’t add
What To Do After You’re Clean
Rotate passwords for email, banking, and any site that stores payment details. Add multi-factor to those accounts. Review stored passwords in your browser or password manager and remove anything you don’t use.
Next, rebuild trust on the device. Re-enable cloud sync, but watch for strange edits. Turn on version history in cloud drives so you can roll back fast if a reinfection touches files.
Why These Steps Work
They line up with proven incident-response methods. Offline scans break the grip of rootkits. Safe mode limits persistence during cleanup. Network isolation blocks command-and-control. Backups let you recover without paying crooks. Public guidance from national responders matches this order, and the same playbooks help businesses and home users alike.
Appendix: Fast Paths And Commands
Windows Shortcuts
- Open Windows Security: Start > type “Windows Security”
- Start offline scan: Windows Security > Virus & threat protection > Scan options > Microsoft Defender Offline
- Safe mode: Settings > System > Recovery > Advanced startup > Restart now
Mac Shortcuts
- Safe mode (Apple silicon): Shut down, hold power, then continue holding until Options appear
- Safe mode (Intel): Restart, hold Shift until the login window
- Login items: System Settings > General > Login Items
Common Myths That Slow You Down
“A Quick Restart Fixes Everything”
Reboots clear memory junk, but they don’t wipe scheduled tasks, launch agents, or tampered DNS. Use them to prepare scans, not as the cure.
“I’ll Just Delete The Suspicious File”
Manual deletion leaves behind loaders and registry entries. Let reputable scanners quarantine items in the right order, then prune leftovers.
“Macs Don’t Get Malware”
macOS has strong defenses, yet adware and profile tricks still slip in. Safe mode and Login Items cleanup close many of the same doors you’d target on Windows.
Data Recovery Tips After Cleaning
Once scans show clear, reconnect storage slowly. First, mount your backup drive read-only if the tool allows it. Copy documents to a fresh location, then scan that destination before opening files. Avoid launching old installers or portable apps from a backup; grab fresh copies from the vendor site instead.
If ransomware hit local files, restore from the newest clean backup that predates the attack. Check cloud drive version history to roll back edited items. Keep the infected machine offline until recovery finishes, then wipe any USB sticks used during the event.
When To Call In Help
Bring in a pro if payments are stored on the device, if the same threat returns after offline scans, or if business machines share a network. A specialist can triage logs, check lateral movement, and capture evidence for reports.
For businesses, formal playbooks keep response repeatable. Align roles, contacts, and backup checks now so you’re not building a plan during chaos. Match the steps in this guide with your own runbook and keep a printed copy near the help desk.
Printable Checklist
- Isolate the device and sign out of sync services.
- Boot into safe mode; disable networking during scans.
- Run full scan, then an offline pass; remove and reboot.
- Update the OS and apps; scan again.
- Trim startup items and reset browsers.
- Rebuild passwords and add multi-factor.
- Set backups, auto-updates, and DNS filtering.