Complete Windows 10 Malware Removal Guide (2019 Update)
Easily remove malware from your Window's computer.
Join the DZone community and get the full member experience.Join For Free
The AV-TEST Institute registers over 350,000 new malicious programs every single day. If you’ve been using computers long enough, it’s almost guaranteed that you have personal experience with malware, and you’re certainly not alone. In 2018, there have been over 800 million malware infections, and malware rates are showing no signs of slowing down.
The purpose of this Windows 10 malware removal guide is to equip you with the knowledge and skills you need to remove any active malware infection you may encounter so you can reclaim your privacy and security. Even though cybercriminals release new strains of malware every day, the methods how you can defend yourself against them are, fortunately, much more static.
15 Warning Signs That Your Computer Is Malware-Infected
Believe it or not, you often don’t need an antivirus to tell that your computer is malware-infected. If you know where to look, you should be able to figure out that something isn’t quite right with it, and the presence of malware is often the answer. Here are the 15 most common warning signs that your computer is malware-infected:
- Performance problems when using common applications.
- Stability issues, such as application sudden application crashes and the Blue Screen of Death.
- Pop-ups appearing out of nowhere.
- Suspicious ads on websites that you don’t remember having any ads.
- Slow internet without anyone downloading anything.
- New homepage in your web browser.
- New software installed on your computer.
- Disabled anti-malware.
- Strange error messages, especially right after boot.
- Redirects to strange websites.
- Ransomware messages.
- Loss of permissions and the inability to perform administrative tasks.
- New icons on your desktop.
- New browser extensions in your web browser.
- Your computer feels weird.
Remove Malware From Your Windows PC
Now that you’re familiar with the 15 most common warning signs that your computer is malware-infected, it’s time to take a closer look at the exact steps you need to take to get rid of a malware infection.
Step 1: Disconnect Your PC from the Internet
Every time you suspect that your PC may be infected with malware, the first thing you need to do is to disconnect it from the internet. Why? Because cybercriminals are no longer interested in causing chaos and destroying computers just for fun. These days, hackers want to make money, and your data is basically gold to them. Many strains of malware sit quietly in the background, monitoring your activity, and sending your personal information to some remote server.
Malware now also commonly has the ability to update itself to a newer version distributed online by its creators, and malware creators can even remotely issue commands to tweak the malware and modify its behavior. By disconnecting your PC from the internet as soon as you start to suspect a malware infection, you can greatly increase the chance of successful malware removal.
Step 2: Back Up Your Files
If you have any files at all on your computer that you would hate losing, you should back them up and store them either on a remote storage device or another computer. Simply copying them to another folder on the hard drive with the infected operating system is not enough because it’s almost guaranteed that the malware will be able to get to them.
You can, of course, back up your files manually, but there are many excellent, free data backup software solutions that can make your life easier. Clonezilla, for example, is a free disk cloning and deployment solution that can create a complete backup of your entire hard drive and restore it at your command.
Regardless of how you back up your files, you should always verify that the backup actually works. As unnecessary as this step may sound to you, we highly recommend you don’t skip it because you could greatly regret it.
Step 3: Remove Temporary Files
Temporary files are files created to temporarily contain information while a new file is being made. Malware creators love temporary files because they allow them to relatively easily install malware without notice. In fact, you can often tell that your computer has been infected by malware when you see a large number of temporary files suddenly appear in the temporary folder.
Since it takes just a couple of seconds to remove them all, it’s worth doing it before you get to the actual malware removal part of this guide. To remove temporary files in Windows 10:
- Click the Start menu and open the Settings app.
- Select “System” (it should be the first option available).
- Go to “Storage.”
- Choose the “Free up space now” option.
- Wait for Windows 10 to scan your computer.
- From the list of options available, check both “Temporary files” and “Temporary Internet files.”
- Click the “Remove files” button.
You can also remove other items taking up valuable disk space, including files in your download folder, copies of all installed updates from Windows Update, copies of your picture, video and document thumbnails, Windows upgrade logs, files in the Recycle Bin, delivery optimization files, and more.
Step 4: Enter Safe Mode
All versions of Windows 10 come with safe mode, which is a special boot option that starts the operating system in a basic state with a limited set of files and drivers. Safe mode is extremely useful for troubleshooting software and hardware issues alike, and it also comes in handy when removing malware because it makes it more difficult for malware to escape anti-malware software solutions by hiding itself in plain sight.
To enter safe mode in Windows 10:
- Click on the Start menu icon and launch the Settings app.
- Select “Update and Security” in the Settings app.
- Select “Recovery” from the menu on the left.
- You should see a section called “Advanced startup” with a button labeled “Restart now.” Click on the button and wait for Windows to take you to the recovery environment.
- There, select the “See advanced repair options” button.
- Select “Troubleshoot.”
- Click the “Advanced Options” button.
- Choose “Startup Settings” on the “Advanced Options” page.
- Click the “Restart” button located in the bottom-right corner.
- Press either the numerical key 4 or F4 to enable safe mode.
- Wait for your operating system to boot into safe mode.
Step 5: Remove the Malware
Now that your Windows 10 computer is in safe mode and your files are safely backed up, it’s time to remove the nasty malware that has been making your life so difficult.
Uninstall Unfamiliar Applications
First, open the Start menu and type “Control Panel.” You should see the Control Panel app as the suggested result. Open it and select “Programs” and then “Programs and Features.” Depending on how many applications you have installed on your computer, it may take a while for them to load, so be patient.
Now, click on the “Installed On” filter to sort the applications by install date and carefully look down the list and try to spot all apps that don’t look familiar. There’s a good chance that you’ve accidentally installed a malicious application that came bundled with legitimate software, and you might be able to uninstall it just like any other Windows application.
However, don’t expect your problems to simply go away just by uninstalling the malicious application. It’s possible that the application has allowed other malware to quietly infiltrate your computer, and if that’s really the case, you can be sure that you won’t see it on the list of installed programs and features.
Use a Malware Removal Tool
To really remove all malware from your computer, download and use at least one of many freely available malware removal tools.
If you believe in open source software, you can start with ClamWin Free Antivirus, a free and open-source antivirus tool for Windows that provides a graphical user interface to the Clam AntiVirus engine. ClamWin Free Antivirus has high detection rates for viruses and spyware, but we wouldn’t recommend it as the only malware removal tool.
Instead, use it in conjunction with the free version of Malwarebytes, which is a professional anti-malware solution that offers comprehensive protection from threats that traditional antivirus solutions aren’t smart enough to stop. You can use the free version indefinitely, and there’s also a 14-day Premium trial that allows you to experience everything Malwarebytes has to offer.
Of course, there are many, many other malware removal tools available, but one or two should be enough.
Restore Your System
Should everything else fail, you can always restore your system to the last working version, provided you’ve had the feature enabled before your computer got infected.
- Open the Start menu, type “create a restore point,” and hit Enter on your keyboard.
- Click the “System Restore…” button.
- Follow the System Restore wizard to select the last working system restore point.
After the Removal Process
Every malware removal should be followed up by certain system maintenance tasks:
- Reinstall your web browser: Many strains of malware have the unfortunate tendency to mess with popular web browsers, installing malicious extensions, inserting ads, and changing settings. If you’re using a third-party web browser like Google Chrome or Firefox, your best bet is to reinstall it. If you’re using Microsoft Edge, at least verify that its settings are correct.
- Change your passwords: Most applications today store passwords in an encrypted form, but it’s still a good idea to change all your passwords after every malware infection. A password manager like Bitwarden or LastPass can make this task much easier because it can generate secure passwords and remember them for you.
- Restore default file associations: If you’ve accidentally installed a malicious software application on your computer, it’s likely that your file associations are all messed up. Fortunately, you can easily restore them back to their default state by opening Start Menu, selecting “Settings”, then “System”, then “Default Apps”, and tap on the “Reset” button under “Reset Microsoft default options.”
- Check your internet settings: Open the Settings app and click Network & Internet → Proxy. If the “Use a Proxy Server” switch is set to “On,” disable it. We also recommend you open Notepad as administrator and use it to open the following file: c:\Windows\System32\Drivers\etc\hosts. Now, paste the following text into Notepad to reset your Hosts file to its default configuration:
# Copyright (c) 1993-2006 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # 184.108.40.206 rhino.acme.com # source server # 220.127.116.11 x.acme.com # x client host # localhost name resolution is handle within DNS itself. # 127.0.0.1 localhost # ::1 localhost
- Recover your files: Not every malware removal goes smoothly, and it’s possible that you’ve lost some valuable files that you would like to recover. With a data recovery software application like Disk Drill, TestDisk, or Stellar you should be able to recover all your documents, images, videos, and audio files in no time without any expert knowledge.
Prevent Another Malware Infection
To prevent another malware infection, you should improve your cyber-defenses using a capable anti-malware software solution. The good news is that Windows 10 already comes with one: Windows Defender. You can check if Windows Defender is active from the Settings app. Simply go to “Update & Security” and select Windows Security.
There are also reputable free anti-malware solutions like Avira and Avast, which provide a compelling alternative to Windows Defender and promise machine-learning virus protection, fantastic threat-detection, as well as real-time scanning that doesn’t tank the performance of your computer.
Just remember that it’s not recommended to use multiple real-time anti-malware products at the same time because they could prevent each other from doing what they are supposed to do.
After reading this complete Windows 10 malware removal guide, you should be able to recover from most malware infections with relative ease. Of course, new vulnerabilities are discovered all the time, and it seldom takes hackers more than a few days to take advantage of them and create malware that exploits them. The best you can do is keep your data securely backed up and make it more difficult for malware to infect your computer by installing a capable anti-malware solution.
Opinions expressed by DZone contributors are their own.