Using Windows Security
Open Windows Security. The fastest way to do this is to enter Windows Security in the Start menu and click the "System" search result. You can also get here by going to Settings > Update & Security > Windows Security > Open Windows Security for Windows 10 or Settings > Privacy & security > Windows Security for Windows 11. Consider the symptoms of malware. If you're experiencing any of the following symptoms, use this method to help you scan (and remove) spyware, adware, and/or virus infections from your Windows computer or laptop: Unexpected system crashes and BSOD (Blue Screen of Death). Your web browser keeps getting redirected to pages you didn't click. You see apps and toolbars that you didn't install. You see pop-up windows claiming you must pay money or Bitcoin to regain access to your files. Random network activity with heavy bandwidth usage. You see a pop-up that says you have to download some file to fix an issue on your computer. Your computer is running extra slow for no good reason with excessive hard drive activity. Apps, tools, and antivirus on your computer are disabled (or you get an error when trying to run them). When using a browser, your computer redirects to a webpage. Your browser opens randomly and you didn't open it.
Click Virus & threat protection. It's at the top of the left panel and will open a new window.
Click Scan Options or Run a new advanced scan. If you're using a newer Windows 10 or Windows 11 version, you'll find Scan Options under "Current Threats." If you're using an older version of Windows 10, you'll see Run a new advanced scan under "Threat history."
Select Windows Defender Offline scan. It's the last option in the right panel. Use this article on How to Perform an Offline Scan with Windows 10 Defender. Essentially, the laptop or computer goes offline to scan and contain any malicious malware it finds so the malware can't use online features to protect itself.
Click Scan now. It's at the bottom of the right panel. Windows Defender will now scan your computer for malware. When the scan is finished, your computer will reboot. Continue to the next step once the computer comes back up.
Return to the Virus & protection screen. Follow the same steps as you did a moment ago to navigate to this part of your settings. If threats were found, you'll see the number and a description under the "Scan options" header at the top. If no threats were found, there's no need to continue with this method.
Click Threat history. It's under the description of found threats. This displays more information about what was found in the scan. If malware was found, Windows Defender will usually quarantine it automatically. You'll see the name of the malware under the "Quarantined threats" header.
Click Remove all. It's under the "Quarantined threats" header.
Follow the on-screen instructions to complete the removal. Once you've removed all of the malware, you should see "No threats" under the "Quarantined threats" header.
Using Malicious Software Removal Tool (Windows)
Go to the Microsoft Malicious Software Removal Tool page. You can do this by visiting https://www.microsoft.com/en-us/download/details.aspx?id=9905 in a browser. Use this method if you are unable to run a scan or update your anti-malware tool. You can also use this method if your usual anti-malware tool fails to fix the issue. If you can't use a web browser or connect to the internet on the infected PC, download the tool to a working computer, and follow the download steps on a working computer. You can then copy or burn the tool to removable media and insert that into the infected PC.
Click Download. It's the red button near the center of the page. If you see a screen that displays recommended downloads, remove the check marks from each download, then click No thanks and continue to DirectX End-User Runtime Web Installer at the bottom-right corner.
Save the tool to your computer. Select the Downloads folder if not already selected, and then click Save to start the download.
Copy the tool to removable media (if you're using a different PC). If you are downloading the tool on a different computer because you aren't able to do so on the infected one: USB drive: Connect the drive to the PC, then copy the tool (the file that begins with "Windows-kb" and ends with ".exe") to it from the Downloads folder. CD/DVD-ROM: If the infected computer has a CD/DVD-ROM drive, you can burn the tool to a disc instead.
Double-click the tool. It starts with "Windows-KB" and ends with ".exe." You'll typically have to click Yes to verify that you want to run the tool. If the malware prevents you from running the tool, you'll need to run the tool in Safe Mode. Follow these steps to reboot into Safe Mode, then try again: Click the Start Windows Start menu and select Power Windows Power. Hold ⇧ Shift as you click Restart. Navigate to Troubleshoot Advanced Options and click Restart. Press 4 or F4 at the menu to enter Safe Mode. If these steps don't work, see Activate Safe Mode in Windows 10.
Click Next. A list of scan options will appear.
Select "Full Scan" and click Next. This starts the scan, which may take several hours to complete. Alternatively, you can select Quick Scan to do a short scan of the areas of your computer most likely to contain malware.
Review the results. You'll see one of four possible results once the scan is complete: No infection was found: The issue may not be malware-related. It's also possible that the tool hasn't been updated to include the latest malware. Check the download page frequently for updates (click the "+" next to "Details" to see the date), then re-download the tool once updated. At least one infection was found and removed: Malware was found and successfully removed. Now that you're in the clear, make sure to update Windows as soon as possible. An infection was found but not removed: This means the PC is infected, but the tool is not equipped to remove it. Try downloading another tool, such as https://www.malwarebytes.com/mwb-download, and running it the same way as you did this one. An infection was found and was partially removed: If you can, try to update and use Windows Defender to finish the job. If that doesn't work, download another tool, such as https://www.malwarebytes.com/mwb-download and run it the same way as you did this one.
Using Mac
Restart your Mac in safe mode. To do so, hold the shift key before the Apple logo appears after clicking "Restart" from the Apple menu. Safe mode prevents software from starting automatically. Just installing an update to an out-of-date Mac is usually all you need to do to get rid of malware, but follow the steps in this method if that simple solution isn't working for you.
Locate the malicious app. This is usually in the /var/Applications folder, but it can be elsewhere on your computer. If you don't know the name of the malicious app, you can use Activity Monitor when your computer or laptop isn't in Safe Mode to look for software that is using a lot of resources. Look for any apps that you don't remember installing from the App Store. You can also use trustworthy malware-removal apps like Malwarebytes.
Drag the app to the Trash. This will delete the malware from your computer.
Empty the Trash. This will permanently remove the malware and prevent accidental recovery or execution.
Preventing Malware
Protect your computer with an antivirus/anti-malware program. Windows 10 and Mac come with built-in security features, including a built-in antivirus, a firewall, a warning when installing unknown apps, and process isolation. Make sure that these features are always enabled. If you want to try a different antivirus, you can look into options like Avast, BitDefender, Malwarebytes, and AVG. Make sure the antivirus/anti-malware definition files are always up-to-date, as new malware is created daily. EXPERT TIP Jeremy Mercer Jeremy Mercer Computer Repair Technician Jeremy Mercer is the Manager and Head Technician at MacPro-LA in Los Angeles, CA. He has over ten years of experience working in electronics repair, as well as retail stores that specialize in both Mac and PC. Jeremy Mercer Jeremy Mercer Computer Repair Technician Malware Bytes is a great option that works on Mac and PC. It's a safe program that is free to use and will clear out most of the malware from your computer. If you notice a slow down on your computer, or pop-ups and strange programs, run Malware Bytes. Regardless, you should run the program once a week.
Beware of fake anti-malware apps. If you're browsing the web and suddenly see a pop-up message that claims you have a virus or malware, do not follow the instructions on the pop-up—these are usually malware in disguise. Instead, close all open windows, then use Windows Defender to do a thorough scan of your computer.
Keep your computer up to date. New security patches and updates are added to Windows and Mac all the time. These updates mostly address security issues, so downloading them and keeping your computer updated is a good idea.
Keep your web browser up to date. If your web browser notifies you that an update is available, install it immediately. Updates are often pushed through when security vulnerabilities are found. EXPERT TIP Jeremy Mercer Jeremy Mercer Computer Repair Technician Jeremy Mercer is the Manager and Head Technician at MacPro-LA in Los Angeles, CA. He has over ten years of experience working in electronics repair, as well as retail stores that specialize in both Mac and PC. Jeremy Mercer Jeremy Mercer Computer Repair Technician An important step is clearing out your cache to keep viruses out. You should also clean out your trashbin regularly and keep up with your software maintenance.
Never call a fake technical support phone number. If you see a pop-up or window that demands you call someone to remove malware (or regain access to your files), know that this is always a scam. No reputable anti-malware app will ever make you call someone to remove malware. Similarly, never trust someone who calls you on the phone to claim your computer is infected. Scammers will often try to convince you to pay money or Bitcoin to fix a problem that doesn't exist. Close the window (or hang up the phone), run an anti-malware scan, and go about your day.
Don't open macro-enabled documents from unknown or unexpected senders. Macro viruses are infections that spread through the sharing of Office documents, and are usually spread via email. If you receive an email you aren't expecting (or from someone you don't know) that contains a .doc or .docx attachment, don't open the file. Also be wary of websites that offer free templates for download—research the site before downloading these files, as they may be spreading viruses.
Use strong and unique passwords on the web. All of your web and app accounts should have their own unique passwords. If a hacker gets a hold of one of your passwords, you won't want them to be able to gain access to all of them! If you have a hard time remembering different passwords, try a password manager like LastPass or DashLane.
Comments
0 comment