How to Remove Malware from your PC

Get rid of viruses and other unwanted nasties.

It’s difficult to give a simple check list to follow when removing malware from your PC. You really need to know exactly what the malware is before you can decide on the best cause of action. And identifying the malware is usually more difficult than the turn-key solutions to remove it.

However, here are some generic ways to remove malware and other unwanted programs.

As always, if symptoms persist, consult your IT Professional, helpdesk staff or local 14 year old computer nerd.

Option 1: Nuke it from Orbit

Factory Reset and Restore from Backup

This may sound like a heavy-handed approach, but it has the highest success rate and requires the least amount of thought.

Unfortunately, you need a backup of your documents, files and photos. And often people don’t have one of those.

Yes, now is a good time to make a backup, if you don’t already have one!

(Getting your backups right is a bit tricky, so I won’t go into the detail of setting one up here.)

Alternately, if your important files are in a cloud storage service (eg: DropBox, OneDrive or Google Drive) you already have a backup.

  1. Do a Factory Reset - either via a Recovery Reset or re-installing Windows. This will delete everything on your computer - including malware.
  2. Reinstall your programs, perferably after fresh downloads or from original disks.
  3. Restore your documents and files, by syncing your cloud storage or loading them from a backup.
  4. Put back any desktop pictures, shortcuts and other customisations.

Option 2: Just Remove Them

PUPs or Potentially Unwanted Programs

For things which aren’t actually malicious, but just unwanted, you can usually just remove them via Add or Remove Programs. These sorts of programs can come pre-installed with your computer, or can be downloaded as part of other “free” programs (remember, if you aren’t paying for a product, you are the product).

They often claim to make your computer faster, safer and better. But usually, they do the exact opposite.

  1. Press Windows key / Click the Windows Logo in the bottom left.
  2. Type Add or Remove Programs and press enter.
  3. Find the programs or apps you’d like to remove. Be sure to make a note of their names, just in case you want to put them back.
  4. Click Uninstall and go through the uninstallation process for the app.

Alternately, you can find Add or Remove Programs in Settings (Windows 10) or Control Panel (Windows 7 or 8).

Add or Remove Programs From Windows 10

Add or Remove Programs From Windows 7

Be aggressive in what you remove. Removing PUPs rarely makes your computer slower, less secure or any worse. If you realise you removed something accidentally, simply re-download and re-install.

Removing unwanted programs via Add or Remove Programs is highly unlikely to cause permanent damage; Windows rarely lets you delete truly critical programs.

Option 3: Run a Virus Scan

Older and Less Dangerous Malware

For real malware, you can run a virus scan to find and remove it.

Of course, if your anti-virus software should have stopped the virus as soon as it landed on your computer (using real-time scans). The fact that the virus got on your computer says either a) something is broken with your anti-virus, or b) the malware is actually newer or more advanced than you think. Either way, you should probably contact a professional or a nerd to straighten everything out.

Windows comes with a perfectly functional, completely free and always up to date virus scanner called Windows Defender. (Note: On Windows 7, you need to manually download and install Windows Security Essentials. Same product, different branding).

You may install 3rd party anti-virus software if you like, but I’ve never the alternatives compelling enough.

  1. Press Windows key / Click the Windows Logo in the bottom left.
  2. Type Windows Defender and press enter.
  3. Check the Full scan option.
  4. Click the Scan Now button.
  5. Wait. The scan may take anywhere from a few minutes to several hours.

Scan all the things!!

Option 4: Manual Removal

For New or Unknown Malware or if you just want to show off.

This requires you to manually locate and remove the malware. For this we’ll make use of two SysInternals tools: Process Explorer and Autoruns, and Windows Safe Mode.

Most malware can be removed by a) killing it while it’s running and b) removing how it loads when your computer starts. And the tools above will help us do just that.

The tricky part is knowing what programs are “good” and what are “bad”. Malware will often try to hide by naming itself the same as common programs or core Windows components.
This comes with experience, knowing what is installed on a virgin computer and knowing what you’ve installed on your computer.

The randomly named programs in the Process Explorer screenshot below are pretty suspicious though. You kill them by right clicking and selecting Kill.

I Never Installed NmP2DG3cTBA5aVwB.exe!!

Autoruns lists all the different places that Windows will automatically run programs. The tabs to check for unusual things are:

  • Login
  • Scheduled Tasks
  • Services

Suspicious Startup Programs

  1. Download the SysInternals Suite. If possible, do this on another computer which does not have malware on it. Copy it to the infected computer using a USB thumb drive.
  2. Reboot into safe mode. This will stop 99% of malware from running, so you don’t need to worry about killing it.
    1. In Windows 7: restart your computer and press F8 before you see the Windows fire flies.
    2. In Windows 8 and 10: hold Shift while you click the Power button and Restart (or use another method).
  3. Start Process Explorer (procexp.exe) and check there’s no malware running.
  4. Start Autoruns (autoruns.exe) and delete any malware
  5. Autoruns will tell you where the malware files are located. Find and delete them.

Option 5: See Option 1

Serious or Advanced Malware

If options 2 and 3 don’t work and option 4 yields nothing as well, then it’s time to nuke it from orbit!

Really, its best to start from number 1.

Conclusion

If you find your computer has malware, the best course of action is to factory reset and then re-load your programs and data.

But for less serious malware, you can uninstall or remove it using built in tools.

Manual removal is only recommended for professionals.