11 Real Signs Your Computer Has a Virus (vs. What's Just Normal)
Most "I think I have a virus" panics are actually a full disk, an old machine, or a single runaway app — not malware. The signs that genuinely point to infection are different in kind: a process you don't recognise eating the CPU at idle, pop-ups or new search pages appearing when no browser is open, your antivirus disabled or unable to update, friends getting messages you never sent, and a redirected browser homepage you keep changing back but can't. Open Task Manager (Windows) or Activity Monitor (Mac), sort by CPU, and look for an unfamiliar process: that one check separates infection from ordinary slowness faster than any scan. If you spot the real signs below, disconnect from the internet and get the machine properly cleaned — a restart hides symptoms without removing the cause.
What this guide covers
Why most "virus" scares aren't actually viruses
Here is the uncomfortable truth from twenty years of fixing computers: the large majority of people who message us convinced they have a virus do not. They have a four-year-old laptop with a disk that's 96% full, forty browser tabs open, and twelve apps that launch at startup. The machine is slow, it stutters, the fan runs — and that feels like an infection. It isn't. It's entropy.
This matters because the wrong diagnosis leads to the wrong fix. People reinstall Windows, buy a new machine, or — worst of all — call the phone number on a pop-up and hand a stranger remote access. So the most useful thing this guide can do is teach you to tell the two apart. Real malware behaves differently from ordinary decline. It does things the machine was never designed to do, on its own, without your input. That distinction is the whole game.
The single most reliable test costs nothing and takes thirty seconds: open Task Manager on Windows (Ctrl + Shift + Esc) or Activity Monitor on Mac (in Applications › Utilities), click the CPU column to sort, and watch it while you do nothing. A healthy idle machine has nothing pegged. If an unfamiliar process is sitting at 40, 70, or 100% while you touch nothing, that is the fingerprint of malware — most often a cryptominer quietly using your laptop to mine currency for someone else.
The 11 signs that genuinely mean malware
These are the symptoms that, in our experience, actually correlate with infection. The more of them you can tick, the more confident the diagnosis. One alone can be a coincidence; three together rarely is.
- An unknown process eats the CPU at idle. The number-one tell. Cryptominers and bots run hardest when they think you're not looking — so the machine is hottest and slowest when you're not doing anything.
- Pop-ups appear when no browser is open. Ads inside a website are just ads. Ads or warnings that appear on your bare desktop are adware running as software on the machine.
- Your search engine or homepage changed by itself — and changes back the moment you fix it. A browser hijacker is reasserting itself. This is one of the most common 2026 infections, especially on Macs.
- Your antivirus is switched off or won't update. Disabling security tools is the first thing serious malware does. If Windows Defender or your AV keeps turning itself off, treat that as a red alert, not a glitch.
- Friends receive messages or emails you never sent. Your email or social account is being used to spread the infection or run scams from your name.
- New toolbars, extensions, or apps you never installed. Especially browser extensions you don't remember adding — they often arrive bundled with "free" downloads.
- Files are encrypted or renamed with a strange extension, plus a ransom note. This is ransomware. Disconnect immediately; do not pay.
- Redirects mid-click. You click a normal link and land on a casino, dating, or "you've won" page. A redirect injector is intercepting your traffic.
- The machine sends data when you're not using it. The disk light or network activity churns at 3am. On a laptop, the battery drains fast overnight with everything "closed."
- Security or banking sites suddenly look wrong, throw certificate warnings, or won't load — a sign something is tampering with your connection.
- Settings you can't change. You can't open Task Manager, can't reach security settings, or an admin password you set no longer works. Malware locks the doors behind it.
- Fake "infection" alerts with a phone number to call. Ironically, the loud "YOUR PC IS INFECTED — CALL NOW" banner is itself the malware (or a scam). Real security software never asks you to phone a premium number.
If several of these match, you're not imagining it. A clean machine doesn't do these things. For Windows users, a proper sweep means more than running a scan — it means checking autorun entries, scheduled tasks, and the hosts file, which is exactly what our remote Windows support covers. For the network-tampering signs (8, 9), see WiFi and network help too, since a compromised router can mimic them.
Symptom-to-meaning table
Use this to translate what you're seeing into what it actually is — and how worried to be.
| What you see | Most likely meaning | Virus? |
|---|---|---|
| Unknown process at high CPU while idle | Cryptominer or bot malware | Yes — high confidence |
| Pop-ups on the desktop, no browser open | Adware installed as software | Yes |
| Homepage/search keeps reverting after you change it | Browser hijacker | Yes |
| Antivirus disabled or can't update | Malware protecting itself | Yes |
| Files renamed + ransom note | Ransomware | Yes — act now |
| Slow, but no unknown process; disk near full | Old machine / full disk | No |
| Fan loud, machine hot in summer or abroad | Thermal / environment, not malware | Usually no |
| Ads only inside a website | Normal aggressive web ads | No |
| Slow boot with many startup apps | Too many login items | No |
| "You have 14 viruses, call this number" | Scareware / tech-support scam | Scam — never call |
Don't guess, and don't reinstall everything in a panic. We connect securely, read your live process list, startup items, and browser extensions, and tell you in minutes whether it's malware or just an aging machine — then remove the real thing properly. Flat $149.99 USD, and if we can't fix it you pay nothing under our No Fix, No Fee guarantee.
Book a remote virus check — $149.996 scary-looking things that are completely normal
Before you assume the worst, rule out the everyday culprits. None of these is a virus, and treating them as one wastes time and money.
- The fan runs loud and the machine is hot. Usually thermal, not malware — especially in hot or humid places, where the environment overwhelms the cooling. (We wrote a whole climate-by-climate guide on this.)
- Slow startup after an update. Big OS updates re-index files and rebuild caches for a day or two. Give it time before panicking.
- A 100% disk spike right after boot. Windows Search indexing and antivirus's first scan of the session are doing their jobs. It settles within minutes.
- Ads inside a free website. If they vanish when you close the tab, they were never on your computer.
- The battery drains faster than last year. Lithium batteries lose capacity with age — that's chemistry, not a virus.
- A "this site is not secure" warning on an old http page. That's your browser doing its job, not an infection.
The line is simple: normal problems are about resources and age; infections are about behaviour the machine performs on its own. If nothing is acting independently — no unknown process, no self-reverting settings, no messages sent in your name — you're almost certainly looking at wear, not malware. If you've been travelling and the symptom is heat and noise rather than odd behaviour, our MacBook support team can confirm it's thermal in a single session.
What to do if you see the real signs
If you've matched several genuine signs, work in this order. Speed matters more than perfection.
- Disconnect from the internet. Turn off WiFi or pull the cable. This stops data leaving and stops the malware downloading more of itself.
- Stop using the machine for anything sensitive. No banking, no logging in, no typing passwords until it's clean.
- From a different, safe device, change your critical passwords — email first, then banking, then anything reused. Turn on two-factor authentication. This is core cybersecurity hygiene after any infection.
- Do not pay any on-screen ransom or call any pop-up phone number. Paying funds the next attack and rarely returns your files.
- Get it properly cleaned, not just restarted. A reboot makes symptoms vanish while the autorun entry survives. Real removal hunts down the startup hooks, scheduled tasks, and extensions the installer left behind.
This last step is where most DIY attempts fall short and where a technician earns their keep. Travelling and worried your account is already compromised? Read our companion guide on what to do in the first 10 minutes after being hacked. And remote workers handling client data should treat any infection as a potential breach — our remote-worker IT support covers exactly that scenario.
Wherever you are in the world, we can take a look the same day:
Frequently asked questions
How can I tell if my computer has a virus or is just slow?
The reliable tell is a runaway process. Open Task Manager (Windows) or Activity Monitor (Mac) and sort by CPU. If a process you don't recognise sits near the top while you're doing nothing, that points to malware. Age, full disks, and too many startup apps cause ordinary slowness without any unknown process pegging the CPU, so a clean process list usually means it's age, not infection.
Can a Mac get a virus?
Yes. The bigger Mac threat in 2026 is not classic viruses but adware, fake "Mac cleaner" apps, and browser hijackers that change your search engine and inject ads. They are real malware, they slow the machine, and they survive a restart. A Mac that suddenly opens new search pages or shows pop-ups outside the browser is almost certainly infected, not broken.
Do pop-ups mean I have a virus?
It depends where they appear. Pop-ups inside a web browser, on sketchy sites, are usually just aggressive ads and stop when you close the tab. Pop-ups that appear on your desktop when no browser is open, or "Your computer is infected, call this number" warnings, are the real warning sign — that is malware or a scareware scam, and you should never call the number.
Will antivirus remove every virus?
Not always. Mainstream antivirus catches known malware well, but newer adware, browser hijackers, and "potentially unwanted programs" are often missed or only quarantined while their leftovers keep running. Properly removing an infection usually means finding the autorun entries, browser extensions, and scheduled tasks the installer left behind, which is exactly what a technician does by hand.
What should I do first if I think I am infected?
Disconnect from the internet to stop data leaving and to stop the malware fetching more, then stop using the machine for banking or passwords. Do not pay any on-screen demand or call any number a pop-up gives you. From a second safe device, change your most important passwords. Then get the machine properly cleaned rather than just restarting it, because a restart hides symptoms without removing the cause.