How to remove malware from Windows and Mac

Going online exposes you to a huge number of threats. If you become infected with malware, it could have very serious ramifications for your devices and your personal security.

Unless you have an up-to-date antivirus installed, it is possible for stubborn malware to sit around on your machine unnoticed. This could allow hackers to steal your data, to access your accounts, to steal your financial information, or to perform identity theft. With so much on the line, it is essential that you adequately protect all your devices against malware.

Stopping malware from making its way onto your device - known as preventative security - is by far the best way to protect yourself. However, all is not lost if you have become infected, because a good antivirus can detect malware and remove it successfully.

In this guide, we will help you remove a virus or malware from your device if you have already had the misfortune to become infected.

Does your computer have a virus?

Sometimes, it's hard to know whether you have become infected with a virus because not all exploits give away telltale signs. However, there are a few things to look out for:

  • Power-hungry exploits cause a dip in performance levels, so if your computer is getting slow or your mobile device is failing to stay charged for as long as it used to, these may be signs you have become infected.
  • Unusual activity, or an increase in the prevalence of adverts on the websites you visit.
  • Annoying popups that don’t usually appear on the websites you are visiting.
  • Device heating up or waking up at unusual times without the user doing anything.
  • Unusual account usage or device data usage levels that make little sense.
  • Unusual application running that you have never heard of.

These are just some circumstantial evidences that may provide clues that your machine is infected. For this reason, it is always a good idea to monitor both the apps running on your device and your online experience carefully, noting any changes and clues that may act as a warning.

If your device is behaving strangely or you notice unusual programs running, check online to see whether the app or service is legitimate. Checking activity logs can also be a good way to monitor whether your device is experiencing an outside influence.

For this reason, we recommend checking your bill for unusual activity, and if you think your data is being used up more quickly, check the amount of data being used up when compared to previous months.

Nothing beats an antivirus

Performing the checks mentioned above is important. However, please remember that skilled hackers might conceal themselves in your machine for lengthy periods of time without you noticing a thing.

For this reason, it is essential to use a reputable antivirus program. An antivirus will actively check for viruses, malware, worms, spyware, adware, botnets, ransomware, rootkits, and trojans.

This kind of deep-level scan is much more reliable than circumstantial evidence alone. That is why it is important not to assume that everything is ok, and instead to use a reliable security application that will:

How to remove a virus from your Windows computer

If you have a strong reason to believe that you have become infected with a virus, you will need to use a reliable antivirus to remove the exploit from your computer. Depending on the severity of the infection, you may require a deep-level removal tool known as a bootable recovery tool. These are available online for free from various sources.

Whether you need this tool really depends on the severity of the infection and we generally recommend a graduated response:

  1. Download an antivirus and attempt to remove it from within your Operating System.
  2. Boot into safe mode and attempt to remove it using your Antivirus.
  3. Use a boot disk recovery method to run a diagnostic and remove the exploit while ensuring that no malevolent processes are still running in the background to either maintain a foothold in your machine - or to somehow conceal the exploit from the removal tool.

Download and use an antivirus

In most cases, it should be possible to fix your machine from within your main Operating System. To do so, download and run an antivirus inside your main OS. Many antivirus vendors let you trial their software for free for a limited amount of time. That means you can remove an exploit from your Windows PC (and Mac or Android also) - even if you are low on money.

  1. Choose a reliable antivirus.
  2. Download and install the software on your machine.
  3. Run the antivirus and ensure that it scans your machine for all known exploits
  4. Delete any exploits found using the antivirus

Enter Safe Mode

If your antivirus finds an exploit that is hard to remove, it is possible that the software may ask you to boot up your machine in safe mode. Even if it does not, try removing the infection in safe mode because it might be more effective.

Safe mode is specially designed to limit the number of applications and services that run on your machine. By limiting the number of processes that are executed and disconnecting your PC from the internet by default, you ensure that malware is not running in the background and cannot communicate with Command and Control server (CnC). This guarantees that the malware cannot further compromise your machine or your data by sending it to cybercriminals via the internet.

You should be able to run your antivirus from within safe mode to remove any stubborn malware. This is because safe mode makes it so the malware cannot execute code designed to conceal itself or replicate itself in such a way that the antivirus cannot remove it. To enter safe mode in Windows 10:

  1. Click the Start button.
  2. Click the Power button but don’t make a selection.
  3. With the power button menu open, hold down the shift key and click Restart.
  4. Click on Troubleshoot > Advanced Options > Start-up Settings > Restart.
  5. Choose safe mode from the boot options by pressing either F4, F5, or F6 depending on whether you will require networking or command prompt.  We recommend ensuring you download the tools you need to your PC before entering safe mode, but if this is not an option you may need to boot into safe mode with Networking.

Delete your temporary files

Once in safe mode, most security experts recommend deleting your temporary files. To do so, type Disk Cleanup in the start bar to run the disk cleanup tool that comes with Windows 10. Disk Cleanup will remove temporary files and other potentially unwanted files that could cause your system to run slowly or that could allow malware to damage your system.

Run your antivirus in Safe Mode

With your temporary files removed, you are now ready to run your antivirus in safe mode. Please remember, not all antivirus applications are designed to run in safe mode. Thus, you may need to get a suitable tool.

Malwarebytes is an antivirus that can be downloaded and used in safe mode (as long as you enter safe mode with networking). Other options include: BitDefender Free Edition, Kaspersky Virus Removal Tool, Microsoft’s Malicious Software Removal Tool, and Avast.

If, for some reason, your regular antivirus does not detect any malware in safe mode, we recommend doubling up with another standalone tool. Remember that while you can only have one real-time scanner installed at a time, you can install as many on-demand malware scanners as you like.

If you need to do so, boot into safe mode with networking to download and run malware removal tools from inside safe mode. This will ensure that you can download the extra tools without allowing any malware that has made its way onto your machine from running in the background. Once installed, remember to carry out the deepest scan available in the malware removal tool.

Perform boot disk recovery

If you have been infected with an exploit that is successfully tying itself to key Windows processes, it may be very difficult to remove. The same is true if you have a deep infection that is causing your computer to become unstable and unusable. In these cases, even attempting to remove the virus in safe mode may fail.

If you have tried entering safe mode and running an antivirus but it just disappeared and wouldn't let you reopen it, then it is possible you have been infected with a rootkit that is automatically preventing the antivirus from doing its job. Under these circumstances, you will need to use a specialist tool such as Norton’s bootable recovery tool.

A boot disk recovery tool is designed to allow you to boot from a disk to run a very basic Operating System (usually a Linux based OS) to perform system recovery and malware removal. If all else fails, you may need to back up your files and then reinstall Windows.

How to recover any damaged files?

Under the very worst circumstances, Windows may have become so infected that the only thing you can do is reinstall Windows. Under these circumstances you will need to use a Live CD tool such Hiren’s BootCD (HBCD) to access and backup your files.

Once all your files have been securely backed up onto an external hard drive, and any important settings such as email client settings and device drivers have been backed up (you can do this using a tool called Double Driver), you will be able to reinstall Windows to give your machine a full refresh.

If this process sounds too techy and involved, you may need to get help from an IT specialist in order to restore your machine. Finally, remember to scan your backed up files thoroughly before opening them again on your install of Windows to ensure that the virus hasn't attached itself to any of them.

How to remove a virus from a Mac computer

If you believe that your Mac has become infected with malware, the best thing to do is to use an antivirus program inside macOS. Most antivirus manufacturers provide their antivirus for free on a trial (or limited) basis. That means you can run a scan and fix most infections on your Mac for free. To do so follow these simple steps:

  1. Choose a reliable antivirus for Mac.
  2. Install and run the security software.
  3. Perform a full scan of your computer.
  4. Delete any exploits that are discovered.

Enter Safe Mode (Safe Boot) on macOS

If you have a persistent infection on your Mac computer, you may need to enter safe mode in order to allow your antivirus to remove it. Some antivirus programs only work in safe mode, and depending on what tool you are using, entering safe mode may be a requirement:

  1. Press and hold the Shift key while your Mac is booting up.
  2. Release the Shift key when you see the login window.
  3. The words Safe Boot should appear in the upper-right corner of the screen.

Entering safe mode in Mac automatically restricts the number of processes that run. This will stop malware from doing anything in the background as you try to remove it. This ensures that it is not still potentially stealing your data or carrying out root-level processes that make it hard to remove.

Safe Boot also deletes some system caches and the kernel cache, which could help to stop some kinds of malware. In addition, Safe Boot will cause macOS to perform a basic check of your startup disk. This all helps to ensure that malware is unable to keep running in the background as you try to remove it.

Once in Safe Boot, we recommend that you delete any unwanted applications that are installed on your machine. To do this, open Finder > Applications and delete any apps you think may cause an issue. Next, update all the apps you have installed. Now, remove any unwanted extensions from Safari, Chrome, or Firefox, that you think could cause issues.

Finally, remove any login items you didn’t specifically opt for. To do this, open System Preferences > Users & Groups and click the Login Items tab. Here you can prevent any programs from running on startup by unticking the box next to programs you don’t recognize.

If any of the programs set to launch on startup are suspicious, delete them from your machine. With those steps done, launch your antivirus and perform a full scan to remove any malware that might remain. Now, reboot your Mac.

If problems persist, you may need to reinstall macOS using macOS Recovery or a bootable installer disk. Depending on how severe the malware infection is, you may need to back up all your important files, folders, drivers, and settings, before formatting the disk and reinstalling the OS.

How to recover any damaged files?

If some of your files are damaged because of the malware and become inaccessible, it is possible that they have been overwritten or corrupted in some way by the virus. The best option for dealing with this kind of loss is to recover the data from backups. However, if you have not previously backed up your data, you can try the following:

  1. Duplicate the problematic file and then open the duplicate to see if it works.
  2. Repair your HD and permissions with Disk Utility to see if that repairs the file.
  3. Try using Techtool Pro 12 because it is sometimes able to repair things that Disk Utility was unable to.

Protect against future attacks

The best way to protect against future attacks is to engage in preventative security. This guide explains how to deal with malware or viruses once they have already infected your machine, and this is important if you are already infected. However, the best way to protect your data and the health of your machine is to ensure it doesn’t get infected in the first place. To achieve this, there are several important things you must do:

  1. Install a reliable, up-to-date antivirus that can monitor for real time threats.
  2. Enable a firewall, preferably with active monitoring of outgoing as well as incoming communications.
  3. Be more careful about the websites you visit and make use of safe browsing applications that monitor for dodgy URLs.
  4. Learn about phishing and be extremely careful when opening messages or emails that could contain dodgy attachments or links.
  5. Update your Operating System and applications regularly to ensure they are patched against any new exploits and vulnerabilities.
  6. Delete any unnecessary apps that you no longer use.
  7. Password protect your machine, all your accounts, and your important files and folders with strong unique passwords. Preferably, use a password manager for stronger security.
  8. Back up your data regularly so it is recoverable. This can be done by hand by backing up to an external hard drive or automatically onto a secure cloud based backup storage solution.

Written by: Ray Walsh

Digital privacy expert with 5 years experience testing and reviewing VPNs. He's been quoted in The Express, The Times, The Washington Post, The Register, CNET & many more. 

2 Comments

laverne Lachapelle
on April 15, 2020
Reply
I believe this statement in your article is incorrect: Check your DNS Settings in Mac On a Mac, you can follow these steps to check your DNS settings. Go to Apple Menu > System Preferences and click Network Chose the Network that you are using and click Advanced Under the DNS menu it should be blank On both my 2015 iMac and my 2012 MB Pro, Under the DNS menu are the DNS servers that I am using. Or is there something here I do not understand? Always happy to be corrected if I am wrong.
https://cdn.proprivacy.com/storage/images/proprivacy/02/member-dougjpg-avatar-image-default-1png-avatar-image-default-minpng-avatar_image-small.png
Douglas Crawford replied to laverne Lachapelle
on April 16, 2020
Reply
Hi larverne. Ray is assuming that you are allowing your ISP to handle your DNS queries. If you have changed your DNS settings to a custom DNS service then you see these settings instead.
Got Something to Say?

Write Your Own Comment

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

  Your comment has been sent to the queue. It will appear shortly.

We recommend you check out one of these alternatives: