1. Understand the signs of malware. Slow computer, pop-ups, browser redirects, new toolbars, unknown programs, files missing, strange network activity, or your friends getting spam from you. If you see these, act fast.
2. Disconnect from the internet. Unplug Ethernet. Turn off WiFi. This prevents malware from sending data to hackers or downloading more malware. Do this first.
3. Boot into Safe Mode. Windows: Restart computer. Press F8 repeatedly before Windows loads. Select “Safe Mode with Networking.” Mac: Restart. Hold Shift key. Safe Mode loads only essential drivers. Malware often doesn’t run.
4. Run Windows Defender offline scan. Windows: Settings > Update & Security > Windows Security > Virus & threat protection > Scan options > Microsoft Defender Offline scan. Computer restarts. Scans before Windows loads. Finds bootkits.
5. Run Malwarebytes. Download Malwarebytes on a clean computer. Transfer via USB. Install on infected computer. Run full scan. Malwarebytes finds what Windows Defender misses. Free version works.
6. Run a second scanner. Use HitmanPro or Emsisoft Emergency Kit. Different scanners find different malware. Run two for full coverage. Free trials available.
7. Run AdwCleaner. Download from Malwarebytes. Removes adware, browser hijackers, and unwanted toolbars. Quick scan. Free.
8. Check browser extensions. Chrome/Edge/Brave: Go to extensions. Remove anything you didn’t install. Especially “helper” or “coupon” extensions. Firefox: Add-ons > Extensions. Remove unknown.
9. Reset browser settings. Chrome: Settings > Reset and clean up > Restore settings to original defaults. Removes malicious settings. Keeps bookmarks and passwords. Edge: Settings > Reset settings. Firefox: Help > Troubleshooting > Refresh Firefox.
10. Check startup programs. Windows: Task Manager > Startup. Disable anything unknown. Mac: System Settings > General > Login Items. Remove unknown items.
11. Check scheduled tasks. Windows: Task Scheduler. Look for tasks with random names or suspicious triggers. Delete unknown tasks. Malware schedules itself to reinstall after reboot.
12. Check hosts file. Windows: C:\Windows\System32\drivers\etc\hosts. Open with Notepad. Should have only comments (# lines) or “127.0.0.1 localhost.” If you see other entries, malware redirections. Delete them.
13. Run System File Checker. Windows: Open Command Prompt as Administrator. Type: sfc /scannow. Scans Windows system files. Replaces corrupted ones. Fixes malware damage.
14. Create a new user profile. Malware sometimes corrupts your user profile. Create new local admin account. Log into new account. Delete old account. Transfer files first.
15. Use System Restore. Windows: Control Panel > Recovery > Open System Restore. Choose restore point from before infection. Restores Windows but keeps files. Malware often removed.
16. Backup your files. Copy important files to external USB. Do not copy .exe files. Do not copy unknown files. Scan USB with antivirus after backup.
17. Reinstall Windows. If nothing works, wipe everything. Use Windows Media Creation Tool (Microsoft official). Create installation USB. Boot from USB. Delete all partitions. Install fresh Windows.
18. Reinstall from backup after clean install. After fresh Windows, install antivirus. Scan your backup. Then copy files. Don’t copy old programs. Reinstall programs from official sources.
19. Change all passwords after cleaning. Assume malware stole your passwords. Change email, banking, social media, crypto passwords. Use different computer or phone. Use strong passwords. Enable 2FA.
20. Identify infection source. How did malware get in? Sketchy download? Phishing email? USB from friend? Avoid that source going forward. If you don’t know, you’ll get reinfected.
