Malicious software (malware) can severely impact your machine, whether you’re using a work or home computer. This guide will show you how to remove malware from an affected machine and, of course, what needs to be done in order to prevent future occurrences.

What should I do to remove malware?

Depending on the type of malware rooted into your machine, you may experience negative changes such as slowdowns, freezes, denial of service, malvertising, high resource consumption, random messages appearing on the screen, browser redirection, and so on. If you experience one or more of these signs, chances are that there’s an infection rampaging through your machine.

Malware Removal Process

To remove malware from your machine, please follow the instructions below.

  1. Disconnect your machine from the Internet
  2. Back up your machine
  3. Enter Safe Mode (with networking)
  4. Delete temp files
  5. Reset browser settings
  6. Verify proxy settings

 

Step 1. Disconnect your machine from the Internet.

Ensure that your machine has been disconnected from the Internet. If you’re running on Wi-Fi, switch off the connection from the Wi-Fi menu (Settings –> Wi-Fi). Some types of infectors may prevent you from tampering with network controllers. In this case, consider shutting down or even unplugging your WAP (Wireless Access Point).

For wired connections, sever the connection from the Ethernet menu, under Settings or unplug the cable. Disconnecting your machine from the Internet servers several functions.

For instance, if your computer is part of a larger network, severing the connection prevents malware from infecting other machines. In ransomware attacks, disconnecting the machine may hinder the malware from communicating with the C2 (Command and Control) server.

Step 2. Back up all your documents and files

Regardless of your malware infection, the first thing to do is to backup all your important files and documents. You can do that by saving your essential data on external sources such as DVD/CDs, free cloud storage services, USB sticks or external drives. Use this guide to better back up your online data. By performing a backup process, you can save your essential data on an external source to keep it safe.

Step 3. Reboot in Safe Mode with Networking

Here’s what you should do:

  1. Unplug DVDs, CDs or other USB drives from your PC and then shut it down.
  2. Restart by pressing F8 key over and over again until it takes you to the Safe Mode with Networking.

This will make your system boot up only critical processes and prevent certain malware infections from starting up.

If you are using Windows 8 and/or Windows 10, here’s how you can start your PC in Safe Mode. For older versions of Windows, such as Windows 7 or XP, follow these steps.

Step 4. Delete temporary files.

To make the scanning process smoother and simpler, you should delete all unessential temporary files from your computer.

To do this, right-click on a Windows drive, go to Properties,  and click on Disk Cleanup. From the menu, choose which files you want to delete and remove.

Step 5. Reset your browser settings

In many cases, malware will change your browser settings in order to re-infect your computer, show advertisements, or facilitate any other malicious downloads. This is why you need to review some of your browser settings.

Fixing browser shortcuts altered by malware.

  1. Access your browser. Right-click on your browser, then go to Properties.
  2. Under the Shortcut tab, you’ll see the Target field.

What can actually happen is that the malware might have altered the target field and included a malicious URL in it. What happens is that now your browser will start up on this page each time you boot it up.

Normally, the browser target should look something like this:

Chrome: “C:\Program Files (x86) \Google\Chrome\Application\chrome.exe”

In our example case, the browser was targeted to go to a suspicious website, aimed at downloading malware on your PC.

You can fix that by simply remove the URL that comes after .exe”. Browser hijackers will change the homepage. Instead of changing the “Target” field in the “Shortcut” tab, some malware might just modify your browser homepage.

For the Chrome browser

Go to the Settings in the top right corner of the browser. Once there, go to the on-startup section. The first two options don’t have any homepage whatsoever, so you can go ahead and select either one of those.

If however, you want to have your own homepage, then check the option to Open a specific page or set of pages and then click on Set pages. This should take you to this window where you can add or delete malicious links sneakily set as homepage.

Settings for Firefox

You can access the Options menu in the top right corner of the browser. This will immediately take you to the General tab, where you can reset your homepage as you see fit.

Malicious hackers can also take control of your accounts through session hijacking by entering the server and access its information without having to hack a registered account. Additionally, he can also make modifications on the server to help him hack it in the future or to simplify a data-stealing operation.

Step 6. Verify your proxy settings

There is malware that can even change what Internet service you use to connect to the web. Simply removing the malware won’t reset these proxy settings, so it’s something you should fix before considering your PC squeaky clean. To access your proxy settings, go to Control Panel -> Network and Internet and then press Internet Options.

In the Internet Options menu, go to the Connections tab and press the LAN settings button.

Make sure that Automatically detect settings is on, and that the other two options, “Use automatic configuration script” and “Use a proxy server for your LAN” are unmarked. Here’s how your settings should look like:

How to prevent malware

Now that you’ve managed to clean up your PC and remove malware, it is important to take some protection measures to prevent getting another infection. Some malware programs operate stealthily, and you may not know the infection is there. They don’t visibly affect your PC.

Instead, they may collect sensitive information of yours such as passwords, credit card data, completed forms and screenshots. We recommend following these protection measures to prevent getting your computer infected:

Use two-factor authentication management system

If among other things you were also infected with a keylogger, then there’s a high chance your passwords and accounts were compromised.

One of the first things you should do is start using the two-factor authentication management system and manage your passwords safely. There is some malware that can take full control of your passwords.

This password security guide will provide all the details needed to set strong and unique passwords to prevent malicious hackers exploiting them and lock you out of your accounts. With the two-factor authentication system, you will add another layer of protection to your account.

Always keep your software up to date

Outdated software is one of the major causes of malware infections out there, mostly because they come with many vulnerabilities exploited by cybercriminals.

Keeping up your software permanently up to date will lower the chances for malicious hackers to get inside your device or limit any possibility for them to infect computers.

We know it can become a tedious, yet necessary task to constantly update your software, particularly those that patch frequently.

Heimdal™ Patch & Asset Management is a great solution that will automatically (and silently) update your software, without any annoying confirmation pop-ups. It’s light and unobtrusive, so it won’t slow down your system.

Use a traffic-filtering solution to secure your endpoint(s)

A traffic filtering software will nicely and efficiently complement an antivirus since it scans incoming and outgoing traffic for any malware and then blocks that traffic from entering your PC. In other words, it gets difficult for new malware to reach your device. Heimdal™ Threat Prevention – Network will sanitize your Internet traffic and block malicious sources, making sure you have both your financial and confidential information safely kept.

These Free Ransomware Decryption Tools Are Your Key to Freedom [Updated 2023]

Antivirus vs Antimalware: Which One Should You Choose?

The Free Security Tools & Software You Can Use for Your Online Protection

15 Warning Signs that Your Computer is Malware-Infected

Comments

What an amazing article this is, I will surely share it.

Exquisite website I’m glad to have encountered it.

Excellent write-up. I absolutely love this website. Continue the good work!

Candyce Monticello on April 25, 2020 at 7:55 pm

Firefox tradition move but when I susceptible a join that opens firefox, It totality amercement. What do I do?

I bonk measurement individual blogs, Mommy blogs, etc. . . What is the somebody way to find these types of blogs online? The champion method I someone is retributory shadowing favorites fill jazz – accomplishment to one bloggers “favorites” then the close bloggers favorites, and so forward.. . I’ve tried Google Blogsearch but all that gives me is old tidings articles, etc. Zilch personalised at all.. . How do you search for private blogs?.

How to convert the preferences on a utility Tumblr blog?

How to get FireFox or any browser up basic on revive?

What Firefox Teaching can I get to download running videos from sites?

Can WordPress innkeeper a direct to a mmorpg business with likely hundreds of pages?

Liberty Bonifield on April 19, 2020 at 4:04 pm

I acquire a website that has been up and functional for whatever experience now, and for numerous reasons I poverty to place it with a WordPress place.. . So, how do I vantage edifice the WordPress computer – in a seperate folder from the “public_html” folder? Then when you are primed to advise it into the public_html folder, do you bang to penalize some file-paths and tie errors?.

I poverty to make a customised WordPress melody, but I don’t tally administrative right to the computer that I’m using, so I can’t lay WordPress to essay my idea. Is there another sluttish way to do it? I mortal photoshop, and notepad ++ both installed on my flash travel, but as far as I eff there is no way to lay WordPress on a bulletin aim..

My Firefox stopped employed expression the computer wasn’t saved but Net Explorers still totality. I victimized to use firefox all the minute but only late it obstructed excavation. I already checked the firewall and it allows firefox so i don’t screw what’s evil..

Firefox custom play but when I arise a command that opens firefox, It totality pure. What do I do?

Rebbeca Eppolito on April 18, 2020 at 8:57 pm

i necessity any ideas for a diary. i already do poems and surveys on it but i wanna talking some something..

A very good informative article. I’ve bookmarked your website and will be checking back in future!

Glad I found this, very helpful.
Thanks

Hello and thank you for your feedback, Mikolo! Happy to know this was useful.

A very informative article, good work, please keep it up to date. learn good things from here. Thanks

Many thanks for your kind words, Vikas! Really glad this article was useful and informative. Thank you!

Excellent and very useful article. Thanks for sharing here.!

Thank you so much for sharing this useful information with us.

Nice Article. Thanks, for your efforts. This is very useful for the user.

hello loana, i was wondering, if my CD is a movie CD will it still be infcted by malware?
and i’m very scared that the malware will install viruses to my computer, can it do that?
and i’m going to say thanks to you for helping me! ^.^

Hi and thank you for reaching out! I think that the first thing to do is scanning your CD to see if there are viruses or malware. To do that, right click on the drive where your CD was detected, and then select Scan with your Antivirus program installed on your PC. Hope this helps!

Vamshi - Canada on March 6, 2018 at 8:06 am

IOANA, Ho do you manage to write so many useful pots. Thank you very much for sharing all.

Hello, Vamshi! Thank you so much for your kind words!! Your feedback made my day 🙂 I try and do my best to write articles and guides that can help users stay safe online and protect their digital assets. Thanks for reading our blog.

Great post! Really in-depth explanations and an overall wonderful guide put together about malware and virus removal.

Thank you so much for your kind words! Happy to know this guide was useful for you.

Hi,

Thanks for sharing such a informative post with useful step by step malware removal process…!!

Hello, Sandeep! Many thanks for your kind words, it means a lot for us. If you want to gain more knowledge in cyber security, you may be interested in our free educational resources: https://heimdalsecurity.com/security-education-resources Thank you!

That’s so kind of Ioana. You help us to eradicate issues by ourself. 🙂

Hey, just recently few computers in our office seemed having a same issue… well, my PC would work fine, I would open few applications on my desktop such as, outlook, MS word, chrome, Media players etc…. suddenly the pop up came and all the open applications on my desktop were all gone at once…. the pop up window was written in Spanish ” El Sistema etc… ” and I close the error window and restart all the application again… and after some time, it happens again……. the icon of the error window seemed look like something like word document or word pad or something….. anyone having the same issue? or anyone know about this? I search the internet but I can’t find anything related to it…. I really need your help….

file description: EL y yo_descripcion grafica
file type: exe

when it crashes all the application, the pop up was written in Spanish and I quote
” EL Sistema ha vuelto al ” and others….. need help right now to figure it out….

I’m not a computer guy or something….

Hello Skella! We recommend to update your operating system and do not click or download unknown files that could infect your devices. Can you, please, send more details to our support team: support@heimdalsecurity.com ? They will respond in a timely manner. Thank you!

Thanks indeed for this valuable information!
Do you know of any program that can restore encrypted documents that got changed into THOR files?? Oh, if you can help us with this, then a heavy burden will be lifted!!
With appreciation – KF

Excellent blog, thank to your for the kind information. you can add one more virusvanish.com..

No mention of SysInternal tools such as Autoruns or Process Explorer?

Hello, we did take into account adding Sysinternal tools, however it has a high level of complexity and we wanted to make this guide simple and straightforward for the average user.

Thank you for the feedback though, it is very much appreciated!

can your microsoft word documents carry malware or viruses when you email them as attachments…I am an editor…and I’m constantly sending emailed documents back and forth…I’m wondering if I can “catch” or “spread” viruses doing this

Hi Donna!

Cybercriminals often use infected documents to spread malware, which is why you should be very careful when receiving attachments from unknown senders, especially attachments you didn’t request. In order for a document to carry malware, it has to be “programmed” to do so, so you don’t have to worry that this can happen accidentally. Maybe this article we wrote will help paint a clearer picture: https://heimdalsecurity.com/blog/practical-online-protection-where-malware-hides/. I hope it helps and it’s wonderful to see that you are making sure that your inbox is safe and clean!

Yes, excellent, hard hitting advice. I notice you didn’t mention that “bootkits” are rootkit variants, and that TDSS KILLER is able to sniff them out. It’s nice that a lot of the utilities mentioned are FREE. Also, sometimes it is necessary (and easier) to use anti-malware software on a standalone (USB/CD) drive. Other than that, seems to be all we need to know, unless there’s a “bot” in there… Thanks.

That’s a load of great information.
Well researched.
Excellent ideas on tackling the Malwares.
Many thanks …Mr Paul Cucu..!

Very usefull article.
Thanks

Excellent Guide, Thankyou.

Leave a Reply

Your email address will not be published. Required fields are marked *

GO TO TOP