How to Remove a Virus from My Computer (Windows & Mac)

Before you touch anything: disconnect and don't pay

The first move when you suspect an infection is the simplest one: get the machine off the internet. Pull the Ethernet cable or turn off Wi-Fi. This cuts the malware's line back to its operator, stops it downloading more payloads, and prevents it from spreading to other devices or syncing junk into your cloud accounts. It costs you nothing and it buys you a clean workspace.

The second move is about your nerves. If a full-screen page is shouting that your computer is infected, your files are locked, or "Microsoft" / "Apple" needs you to call a number — slow down. That is almost always scareware: a fake alert designed to panic you into calling a fake support line. Real operating systems and real antivirus tools never put a phone number on a warning. Never call it, never pay, never let anyone "remote in" from that number. (Already on the phone with one? Read how to spot a scam contact and hang up.)

If you only suspect something is wrong but aren't sure, our companion guide on the signs your computer has a virus walks through the symptoms. This article assumes you've decided to clean it.

Windows: safe mode removal, step by step

Safe Mode loads Windows with only the essentials, which usually stops malware from launching — making it far easier to remove. On Windows 11/10: open Settings → System → Recovery → Advanced startup → Restart now, then choose Troubleshoot → Advanced options → Startup Settings → Restart, and press 5 for Safe Mode with Networking (you'll want networking only to download a scanner). Then work through this list:

1. Uninstall suspicious apps. Go to Settings → Apps → Installed apps, sort by install date, and remove anything you don't recognize that appeared around when the trouble started — "optimizers", toolbars, unknown "VPNs", fake driver updaters.
2. Check startup & scheduled tasks. Open Task Manager (Ctrl+Shift+Esc) → Startup apps and disable anything unfamiliar. Then open Task Scheduler and look for odd tasks that re-launch programs or hit strange URLs — malware loves to hide here so it comes back after a reboot.
3. Run an on-demand scan. Install Malwarebytes (free) and run a full scan, or use a Microsoft Defender Offline scan (Windows Security → Virus & threat protection → Scan options), which reboots into a clean environment to catch rootkits the live system can't.
4. Clear temp files. Run Disk Cleanup or empty the temp folder — many droppers stage their files there.

Reboot normally and watch the machine for a few minutes before declaring victory.

Mac: safe boot and PUP cleanup

Macs get malware too — mostly adware and PUPs (potentially unwanted programs) like fake "Mac cleaners," aggressive "flash player" installers, and search hijackers. To clean one up:

1. Safe Boot. On Apple Silicon, shut down, then hold the power button until Options appears, pick your disk, hold Shift, and choose Continue in Safe Mode. On Intel Macs, hold Shift at startup. Safe Mode stops most login-item malware from running.
2. Quit and remove bad apps. Open Activity Monitor, force-quit anything with a suspicious name eating CPU, then drag the matching app from Applications to the Trash. Beware "MacKeeper"-style cleaners that demand payment — they are the problem, not the fix.
3. Kill login items & profiles. Go to System Settings → General → Login Items & Extensions and remove unknown items and background agents. Then check System Settings → General → Device Management / Profiles — adware often installs a configuration profile to lock your browser settings. Delete any profile you didn't add yourself.
4. Scan. Run Malwarebytes for Mac (free) for a second opinion and to catch leftovers.

Reboot normally and confirm Safari/Chrome open to your real homepage.

Browser hijackers, adware and scareware

The most common "virus" people actually have isn't a virus at all — it's a browser hijacker or adware that changed your search engine, redirected your homepage, or buried you in pop-ups and push notifications. Clean the browser directly:

• Remove extensions you don't recognize. In Chrome/Edge go to the Extensions page and delete anything unfamiliar; in Safari, Settings → Extensions. One rogue extension can re-infect everything else.
• Reset search, homepage & new-tab. Set them back to your real choices. If they snap back on their own, a profile, scheduled task, or login item is forcing them — go back and remove that root cause.
• Revoke notification spam. Site notifications (Settings → Privacy/Notifications) are a huge source of fake "virus detected" pop-ups. Block the offenders.
• Use the browser's own reset. Chrome and Edge have a "Restore settings to their defaults" option that clears hijacks without deleting your bookmarks or passwords.

Remember: closing a scary pop-up is fine — you do not have an emergency just because a webpage said so.

Ransomware: what to do (and what not to do)

Ransomware is the one case where you should stop the DIY removal and get help. If your files have been renamed with a strange extension and a note demands payment in crypto to unlock them, do this:

• Disconnect immediately — unplug network and external drives so it can't encrypt more or reach backups.
• Do not pay. Paying funds the attacker, marks you as a target, and frequently doesn't restore your files anyway.
• Don't wipe yet. Some strains are decryptable for free; preserve the encrypted files and the ransom note.
• Restore from a clean backup once the machine itself is verified clean — never restore onto a still-infected system.

Ransomware recovery is delicate, and a wrong move can destroy any chance of getting data back. This is a good moment to bring in a professional — and a good reason to lock down your accounts proactively with our cybersecurity hardening service afterward.

Why a single scan isn't enough

People assume that when an antivirus says "threats removed," the job is done. Often it isn't. A scanner is excellent at deleting the obvious malware file — but modern infections are multi-part. The file the scanner deletes is just the payload; the persistence mechanisms that keep bringing it back commonly survive:

What's left behind	Where it hides	What it does
Autorun / Run keys	Registry, Startup folder (Win); Login Items (Mac)	Relaunches malware at every boot
Scheduled tasks / cron / launch agents	Task Scheduler (Win); LaunchAgents (Mac)	Re-downloads the payload on a timer
Browser extension	Chrome/Edge/Safari profile	Re-hijacks search & re-injects ads
Configuration profile	Device Management (Mac)	Locks browser/DNS settings
Modified hosts file	System hosts file	Silently redirects sites you visit

That's why the manual steps above matter, and why you should check the hosts file too — it should not contain entries for banks, Google, or your antivirus vendor. When the leftovers run too deep to clear by hand, a full backup-and-reinstall of the operating system is the cleanest cure.

Lock your accounts and verify it's gone

Two steps separate a real cleanup from a hopeful one.

1. Change passwords from a clean device. Assume the malware may have logged keystrokes or stolen session cookies. From your phone or a different, trusted computer, change the passwords for your email, bank, and any account whose credentials were saved in the browser — then turn on two-factor authentication everywhere it's offered. If you were traveling when this happened, our guide on what to do if you're hacked while traveling has the priority order.

2. Verify at idle. Reboot, leave the computer alone for five minutes touching nothing, then open Task Manager (Windows) or Activity Monitor (Mac). At true idle, CPU, disk, and network should be quiet. Spikes from a process you don't recognize, fans roaring for no reason, or the browser homepage snapping back all mean something survived — go another round, or get help.

Not near any of our locations? It doesn't matter — we work entirely over a secure remote session, worldwide: