10 Ways to Remove Malware from Infected Windows Computer

10 Pro Tips on How to Detect and Remove Viruses, Worms, Trojans, Ransomware, Spyware, Adware, and all other types of Malware from an Infected Windows Computer. 

  1. Scan & Remove Malware Using the Installed Antivirus Solution
  2. Clean an Infected PC Using a Second Opinion Malware Scanner and Removal Tool
  3. Fix Non-bootable Windows PC Using a Bootable Antivirus Rescue Disk
  4. Use Safe Mode to Detect and Remove Viruses and other Threats
  5. Use an Advanced Task Manager to Detect Malicious Programs Active on Your System
  6. Perform System Restore to Repair an Infected Malfunctioning Computer
  7. Remove Potentially Unwanted Programs/Applications (PUP/PUA)
  8. Reset or Replace the Hosts File to Recover from Browser Hijacking
  9. Use Uninstaller to Remove Potential Adware, Spyware, and Vulnerabilities
  10. Clean Temporary Files and Registry Entries of Malware Remnants

1. Scan & Remove Malware Using the Installed Antivirus Solution

The first step in the process of removing malware from a computer is running a full system scan using the installed Antivirus/Antimalware. Windows users should make a habit of scanning their computers with their antivirus once every week, fortnight, or month depending upon the activity on the computer. Almost every Antivirus comes with a Scheduled scan option. So, if you don’t want to scan the system manually then a better option would be to set customized scheduled scans.

Recommended Software: Bitdefender, Kaspersky, ESET, Trend Micro, Comodo.

2. Clean an Infected PC Using a Second Opinion Malware Scanner and Removal Tool

There is something called Detection Ratio, which is the percentage of malware detected by that antivirus out of the total number of known malware. No single antivirus can protect you from all of the malware every created, i.e., it’s not possible for an antivirus to achieve a 100% detection ratio, even if it does happen, then there are definite chances of False Positives.

Therefore, it becomes a necessity to keep at least one Second Opinion Malware Scanner tool in your computer. A Second Opinion Malware Scanner is not a real-time product i.e., it is not always running in the background of your computer, instead, it is an on-demand software, it works only when the user starts it. Moreover, most of these tools are available in the Portable mode as well, so you don’t even need to install them.

Scan your computer with them regularly. Again, set the scan frequency according to your liking. You can use more than one Second Opinion Malware Scanner but only one at a time. And, make sure that you do use the Second Opinion Malware Scanner from the company whose real-time Antivirus you are currently using on your system. This is because both of the products use the same Virus Definitions/Signatures so both of the products will give you the same scan results.

The second type of malware scanner tool that you can use are the Online Scanners. If you are low on disk space, and don’t want to install or keep a portable tool then you can use a Cloud-based Malware Scanner and Removal tools. The Scanner tools that Install on the system or are available as Portable software save the Malware Definitions/Signatures on the computer; this makes them usable in an Offline environment as well. On the other hand, the Online Scanners of the Cloud-based Malware Scanners download a small executable file, which starts the scanner, and connects to the cloud network of that antivirus. To make the process quicker, these could-based on-demand antimalware tools only detect the most susceptible locations.

The third type of malware scanners are the Multi-engine Scanners. There tools let you scan your computer with multiple antimalware or antivirus engines concurrently. These are also cloud-dependent.

Recommended Software: Zemana AntiMalware (Free), Emsisoft Emergency Kit, Norton Power Eraser, ESET Online Scanner, OPSWAT MetaDefender Client.

3. Fix Non-bootable Windows PC Using a Bootable Antivirus Rescue Disk

A Bootable Antivirus Rescue Disk boots in your RAM bypassing the normal Windows boot process. Once booted, it is able to access the file system and all of the components of Windows.

There are some malware like Rootkit that load before Windows, and thus hide from the security software installed in the computer. Using a Bootable Antivirus Rescue Disk is the best way of detecting and removing these malware because these disks boot/start using their own boot process, and nothing stored on your hard disk is able to execute by itself. So, a Malware like Rootkit is not able to execute and hide from the antimalware software.

Most of the malware created for Windows don’t work on Linux, therefore, many Antivirus companies use Linux as their base operating system or recovery environment for creating the Rescue Disks.

Recommended Software: Bitdefender Rescue CD, Kaspersky Rescue Disk, ESET SysRescue Live, Dr.Web LiveDisk, Avira Rescue System

4. Use Safe Mode to Detect and Remove Viruses and other Threats

Sometimes, you may get infected with malware that load before any other application in Windows, and thus hide themselves from the installed security products. We can use the Safe Mode to detect and remove such malware.

Safe Mode is a diagnostic startup mode in Windows. Safe Mode loads only the most essential files required for booting Windows. Most of the third-party applications and drives do not run in Windows Safe Mode. So, in a Safe Mode boot, these malware are not able to execute, and hence become detectable.

This method works the best if you use a freshly download non-cloud-based Second Opinion Malware Scanner. If you want to use a cloud-based Second Opinion Malware Scanner, then use the Safe Mode with Networking option.

You can choose to start Windows in the Safe Mode with or without Network availability.

Recommended Software: NA

5. Use an Advanced Task Manager to Detect Malicious Programs Active on Your System

The Windows Task Manager available in Windows 10 is a very competent program with a lot features. It gives a lot of information about the active processes, the hardware components used in the system, the current usage of these resources by various programs, etc. However, it still doesn’t give you much information about the reputation of a process or a program. Even if a malicious application was active in your memory, and visible in the Windows Task Manager, you won’t be able to distinguish it from safe applications. Therefore, you need a third-party alternative Task Manager program for your Windows PC. With an advanced Task Manager program, you get many additional and advanced features and tools that the Windows Task Manager does not support yet.

One computer security and malware detection related feature that most of the free third-party Task Manager alternatives have is the integration of VirusTotal. VirusTotal is an online service that analyses and scans the URLs and files using multiple antivirus/antimalware engines. The integration of VirusTotal gives you many security benefits. Different Task Manager developers follow different approach for implementing this integration. Some automatically scan all of the active processes and display the scan results in a dedicated tab in their program, while others let you right-click on the process from their program and upload to VirusTotal for analysis.

Recommended Software: Process Explorer

6. Perform System Restore to Repair an Infected Malfunctioning Computer

Performing a System Restore can be beneficial in two ways, one it gets rid of the malware, and two it restores the infected and malfunctioning computer to the previous state where it was working fine.

The use of System Restore is not limited to malware infections. It is the first tool to be used in the process of recovery from any kind of software-level Windows malfunction. If a Malware has infected and corrupted your system files, then a system restore can restore the system to an uninfected state.

Make sure that you scan and clean your computer as well after successful completion of System Restore. This is a must do thing if you have multiple partitions, and System Restore was enabled only the C:, the Windows partition. If malware infected your files on other partitions where System Restore was not enabled then System Restore will not be able to remove malware or take files to their previous state.

To increase your chances of recovery, use System Restore from inside the Safe Mode. In the normal Windows boot mode, various things can interfere with the working of System Restore such as the Antivirus.

Recommended Software: NA

7. Remove Potentially Unwanted Programs/Applications (PUP/PUA)

Potentially Unwanted Programs (PUP) or Potentially Unwanted Applications (PUA) are the programs that do not help the user in any way in the everyday computer usage. Most of the times, these get installed without a user’s knowledge or lack of attention to the installation process of programs. Some of these PUPs or PUAs can work as a malicious program. Adware, Browser Hijackers, and Bloatware are some of the examples of PUP/PUA. There are many free dedicated software that remove and prevent the installation of these unwanted things on your computer.

Recommended Software: AdwCleaner, Decrapifier, Unchecky.

8. Reset or Replace the Hosts File to Recover from DNS and Browser Hijacking

The Hosts files is an extension-less small plain text file that acts as a mini DNS for your computer. A Domain Name System (DNS) does the job of mapping the Domain names to their IP addresses. When we enter the name of a website on the URL bar of the web browser, the DNS Server converts that domain name to the IP address of that website, and then opens that website in your web browser, this IP address is the usually the IP address of the hosting server used to host the files of that website. A website could also use a different dedicated IP address specifically for their domain name.

Malware can use the Hosts file to redirect the domain names of some of the famous websites to wrong and malicious IP addresses. For example, if a Malware wants to visit you a malicious website called example.com whenever you type and enter google.com in the URL bar of your web browser then all he has to do is type the IP address of the malicious website along with the domain name google.com in the Hosts file using proper syntax. This way, some malware modify the Hosts file and redirect websites.

If your web browser does not open the websites that you type in the URL bar then your Hosts file has been modified, and you need to replace or reset it.

Recommended Software: SpywareBlaster

9. Uninstall Potential Adware, Spyware, and Vulnerabilities

Using a Program Uninstaller helps your computer in two ways – it clears up the resources for the programs that you actually use, and it removes any potential malicious programs such as Adware, Spyware, etc., or out-of-date programs that could create vulnerabilities for your system.

Use a third-party feature-rich Program Uninstaller to view all of the installed programs on your computer. If you find any programs that you don’t recognize or don’t remember installing yourself, or if there are some that you haven’t used more than once then consider uninstalling them.

Some little utility programs that users install for a one-time use can become a security flaw. If the user does not update such programs regularly, or if these are not updated by the developers to be compatible with the latest version of Windows, then you could have potential vulnerabilities on your system that hackers can exploit.

Another good practice would be removing any illegally activated software. There are great freeware or free online services for many paid applications.

You can go ahead and remove web browser toolbars as well if you find them listed in your Program Uninstaller list. These are not helpful anymore. There are great extensions, add-ons available for everything.

Recommended Software: IObit Uninstaller

10. Clean Temporary Files and Registry Entries of Malware Remnants

This one again helps in two ways – It improves the performance of the computer, and it removes any dead malware files located in the temporary files directories of the system.

Many times, antivirus and other antimalware programs such as the malware scanning and removal tools or the antivirus rescue disks will not delete the infected items, they will put them in Quarantine section or the Windows temporary file storage directories. If you have removed some PUPs/PUAs, then their registry entries could still be present in your Windows Registry.

A good disk and registry cleaner will remove all such temporary/junk files from your computer as well as the dead registry entries left by uninstalled software.

Recommended Software: CCleaner

Keep your Windows, Antivirus/Antimalware, and Software up-to-date to prevent any future malware attacks.

Leave a comment