A computer infected with malware becomes slow, displays unexpected ads, redirects browsers, or worse, steals personal information. Many people think the only solution is to format the disk and lose all their files. The reality is that in most cases, you can remove malware without going to that extreme if you act methodically with the right tools.
Step 1: disconnect from the internet
As soon as you suspect an infection, unplug the Ethernet cable or disable Wi-Fi. Many malware programs download additional components or send data to remote servers. Cutting the connection limits the damage and prevents the virus from spreading to other devices on the network.
Step 2: boot into safe mode
Windows Safe Mode loads only essential drivers and programs. Most malware does not run in this mode, making removal easier. To enter Safe Mode:
- In Windows 10 and 11, go to Settings > Update & Security > Recovery > Advanced startup > Restart now.
- Select Troubleshoot > Advanced options > Startup Settings > Restart.
- Press 4 or F4 to start in Safe Mode.
Step 3: remove suspicious programs
Open Control Panel > Programs > Programs and Features. Review the list of installed software looking for names you do not recognize or that were installed recently without your permission. Uninstall them. Pay special attention to browser toolbars, system optimizers, and unknown video players.
Step 4: clean temporary files
Malware often hides in temporary folders. Press Win + R, type %temp%, and press Enter. Select all and delete. Then use the Windows Disk Cleanup tool to remove unnecessary system files. This does not remove malware by itself, but it reduces the places where it can hide.
Step 5: run a second-opinion antivirus
Windows Defender has improved significantly, but for persistent infections a second tool is useful. Malwarebytes offers a free version that detects threats other antivirus programs overlook. Download it from another device if necessary, transfer it via USB flash drive, and run it in Safe Mode.
The full scan can take between 30 minutes and 3 hours depending on disk size. Do not cancel the process. When finished, follow the instructions to quarantine or remove what was detected.
Step 6: check browser extensions
Many malware programs operate as browser extensions. Open Chrome, Edge, or Firefox and review installed extensions. Remove anything you did not personally install. Reset the browser settings to default to remove modified search engines and suspicious home pages.
Step 7: verify system startup
Press Ctrl + Shift + Esc to open Task Manager. Go to the Startup tab. Disable any program you do not recognize or that has a generic name like "System Update" or "WinHost." Malware often disguises itself with official-sounding names to go unnoticed.
Step 8: check the Windows registry (advanced users only)
If the malware persists, it may have inserted itself into the Windows registry. Press Win + R, type regedit, and navigate to:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Look for entries with paths to executables in temporary folders or with suspicious names. Delete them only if you are sure of what you are doing. An incorrect registry modification can render Windows unusable.
Step 9: update everything and change passwords
After cleaning, connect the computer to the internet and update Windows, the browser, and all programs. Many malware programs exploit vulnerabilities already patched in older versions.
Change the passwords for email, online banking, and social media from another clean device. If the malware included a keylogger, your passwords may have been compromised.
Prevention is better than cure
To avoid future infections:
- Do not download files from unknown sites.
- Be wary of emails with unexpected attachments, even if they seem to come from someone you know.
- Keep the operating system and applications updated.
- Use a standard user account for daily tasks, not the administrator account.
- Perform regular backups to an external hard drive disconnected from the network.
When formatting is unavoidable
If after the entire process the computer still shows anomalous behavior, if you find ransomware that encrypted your files, or if the malware has disabled the antivirus and you cannot reinstall it, then formatting is the safest option. Use a Windows installation drive created from another clean computer to ensure you are not reinstalling from infected media.
Keeping a computer free of viruses not only protects your files: it protects your identity, your finances, and your privacy. If you have old devices you no longer use because they got infected or became slow, do not throw them away. At Crezendo we accept laptops, phones, game consoles, tablets, and peripherals in any condition. Our technical team cleans, repairs, and restores donated devices so under-resourced students in Panama can use them. Even devices with severe malware can be recovered with proper formatting and put to use for education. Donate your used technology and help close the digital divide.
