Removing malicious software from your device
Before you begin, consider your IT knowledge level. If you're not confident with IT, we strongly recommend seeking expert help to find and remove the malware. Following these steps incorrectly could result in data loss or device damage.
Help Us Improve: Share your experience by filling out this Impact form. This will help us better protect future victims.
Malware Infection - Start Here!
1. Disconnect Your Device: Immediately disconnect your device from all other devices and the internet to prevent the infection from spreading. This also stops the malware from communicating with cyber criminals. Unplug external hard drives and USBs, and disconnect from Wi-Fi or wired internet until you're ready to clean the device.
2. Be Careful What You Type: Many types of malware include keyloggers that capture what you type and send it to cyber criminals. Avoid logging into any online accounts.
3. Protect Payment Details: If you were tricked into buying a fake malware scanner or clean-up tool, contact your bank immediately and cancel the card to prevent unauthorized use.
Removing Malware from a Windows Device
1. Remove Unknown Apps: Manually remove any suspicious software. In Windows 10, go to ‘Apps and Features’ in the start menu and uninstall any unfamiliar apps.
2. Enter Safe Mode: Safe Mode runs only trusted applications, likely preventing the malware from functioning. Turn off and restart your computer, then press F8 repeatedly as soon as you see anything on the screen. Choose ‘Safe Mode with Networking’. Keep the PC disconnected from the internet. Methods for entering Safe Mode vary by Windows version (e.g., Windows 7, 8, 10). Search here for instructions specific to your version if F8 doesn't work.
3. Delete Temporary Files (optional): Deleting temporary files can speed up the malware scan and may remove some malware. Use Disk Cleanup by typing "Disk Cleanup" in the search bar.
4. Download a Malware Scanner: Reconnect to the internet to download a malware scanner, then disconnect again to perform the scan. Use both real-time and on-demand scanners. Reliable (and free) options include Malwarebytes, Avast, BitDefender Free Edition, and Microsoft Defender Advanced Threat Protection. If downloading the scanner on the infected device is difficult, use another computer to download it onto a USB and transfer it to the infected device.
5. Run a Malware Scan: Install and run the malware scanner. Follow the instructions to remove any detected malware. If the scanner fails to run or disappears, you may have a deep infection like a Rootkit, and reinstalling the operating system might be necessary. If the first scan doesn't find anything, try one or two more scanners.
6. Fix Your Web Browser: Check and reset your browser's homepage and connection settings to prevent reinfection. Clear your browser cache.
7. Recover Your Files: If malware or damage prevents Windows from working, back up your files to an external drive before reinstalling Windows. Be cautious not to transfer the malware.
8. Reinstall the Operating System: Use the 'Factory Reset' feature or reinstall the operating system. Follow guidance from the Microsoft Help site.
9. Change Your Passwords: Update all your passwords, including those for the device and any online accounts.
10. Notify Your Bank: Inform your bank about the cyber attack. They may monitor your account or issue new cards and security details.
Removing Malware from a Mac
1. Shut Down and Restore: If you have a recent Time Machine backup (or something similar), shut down your Mac and restore it from the backup (restore MacOS and files) Apple Guide. Make sure the backup is from a time before the malware infection. Keep external devices disconnected during restoration. Use a malware scanner to check external devices before reconnecting them.
2. Download a Malware Scanner and Scan the Mac: If you don't have a backup, download a malware scanner and scan for malware. Use both a real-time scanner and an on-demand scanner. Start with an on-demand scan, then follow up with a real-time scan. Download scanners like Malwarebytes and Avast directly from their websites or from the Mac App Store (Bitdefender). Preferably, use a clean computer to download the scanner onto a USB, then run the scan on the infected device offline.
3. Check Browser Settings & Clear Cache: Malware can modify your web browser's homepage and settings. Check your homepage and connection settings, and clear the browser cache by going to your browser's settings.
4. Empty Download Folder: Drag everything in your download folder to the trash and empty it.
5. Recover Your Files: If you can't find or remove the malware or if MacOS is damaged, back up your files to an external drive before reinstalling the operating system. Be cautious not to transfer the malware.
6. Reinstall the Operating System: Reinstalling the OS wipes the device clean and reinstalls the software. Use the Apple Support guide to do this.
7. Change Your Passwords: Update all your passwords, including those for the device and any online accounts.
8. Notify Your Bank: Inform your bank about the cyber attack. They may monitor your account more closely or issue new cards and security details.
Removing Malware from an Android Device
1. Switch to Safe/Emergency Mode: Put your phone or tablet into Safe mode to prevent third-party apps, including malware, from running. On many devices, press and hold the power button, then select Safe mode. If this doesn't work, Google 'How to put [your model name] into Safe mode'.
2. Find and Remove the App: Go to settings, then 'Apps'. Find the malicious app, open its info, and select uninstall. If the uninstall button is greyed out, the app may have admin status. Go to security settings, find 'Device Admin Apps', untick the app, and deactivate it. You should now be able to uninstall the app.
3. Download an Anti-Malware App and Run a Scan: After removing the malicious app, download an anti-malware app like Malwarebytes or Avast from the app store and run a scan.
4. Change Your Passwords: Update all your passwords, including those for the device and any online accounts.
5. Notify Your Bank: Inform your bank about the cyber attack. They may monitor your account more closely or issue new cards and security details.
Report the Crime
Report all cyber crime to the FBI’s Internet Crime Center at ic3.gov.
How to Avoid Malware Infections in the Future
Back-Up: Regularly back up your files using an external hard drive or a cloud service. Disconnect the external drive after use to prevent infection.
Use a Good Antivirus Solution: This will stop most older ransomware versions and provide removal options for new threats.
Do Your Updates ASAP: Install software updates promptly, as they often include security fixes. Enable automatic updates if possible.
Trust No One: Be cautious with links and attachments in emails or messages. Legitimate accounts can be hacked to send malicious content.
Download Apps Only from Official App Stores: Apps from official stores are usually scanned for malware. Disable the option to download apps from outside the app store.
Check App Permissions: Ensure apps only have necessary permissions. Be wary of apps requesting admin status.
Support our Blog
If our blog helped you resolve your cyber issue, we kindly ask you to consider making a "pay it forward" contribution. Your support enables us to continue providing updated cyber solutions for you and others.
