Each year, the number of threats – as the antivirus companies like to call them – rises. Windows is still a massive target for viruses and other malware, so it isn’t too surprising that your PC or laptop has ended up with one.
Good antivirus software, including Defender which is part of Windows 10 and 11, can help a lot, but sometimes it just doesn’t detect or prevent some malware (short for malicious software) from getting through the defences.
No security software offers a cast-iron guarantee that it will stop 100% of viruses, but whether you’re running it or not, you want to know how you remove a suspected virus and get back to normal.
Here, we’ll explain everything you need to know, and show you exactly what to do.
Windows malware varies a lot as to what it does. Some particularly nasty stuff can stop Windows from booting at all, so the way to deal with an infection will depend upon whether Windows still loads or not. But whatever situation you’re in, we’re here to help you remove that virus and get your computer working again.
Here are a few indicators that malware is at work on your system:
- Windows is running very slowly
- Notifications or messages are popping up on the screen
- Apps that you don’t recognise launch without your say so
- You can’t access your files
Some of the above can be caused by problems other than malware, but it’s worth trying the suggestions below to see if they fix the issue.
If you can’t access files and see a message demanding a ransom, do not pay it. Chances are, you won’t get your files back anyway, and there are various free decryption tools for specific ransomware. Typically, these are available from antivirus makers offer these for free, and you can download them from their websites.
How to remove a virus from Windows
The obvious first step is to run a scan for viruses. Even if you haven’t installed any antivirus software, Windows includes Microsoft Defender. This scans on a schedule, but you can also right-click on a file or a folder in File Explorer and choose Scan with Microsoft Defender.
You can, of course, install some antivirus software right now. Find our recommendations of the best paid-for antivirus software as well as the best free antivirus apps.
If the scan finds something, follow any on-screen prompts to deal with the infection. The options are usually ‘remove’, ‘delete’, ‘fix’ or ‘quarantine’ and may involve rebooting your computer to completely eliminate the threat(s). The images here are from Norton 360 Deluxe.
If the scan doesn’t find anything, follow these steps carefully and in order, and do not restart your machine until you’ve completed every step:
- Some malicious programs will actively try and stop you removing them. To combat this download and run RKill.
- Download and install the free version of Malwarebytes. Launch the program, then go to Settings > Protection > Scan for rootkits. Return to the dashboard and click Scan Now
- Install and launch Malwarebytes ADWcleaner, then click Scan. This searches for, and removes, adware.
All being well, these steps should remove the problem and you should now be able to use your PC as normal.
If you’re seeing pop-up messages that appear only when you’re using a certain web browser, such as Google Chrome, try disabling all extensions. You’ll find them by going to chrome://extensions/ or by clicking on the three dots at the top right. Then click Extensions > Manage Extensions.
You can also try uninstalling Chrome and using a different browser (such as Microsoft Edge) and seeing if the notifications stop.
How to remove a virus when Windows won’t boot
If Windows won’t load, you can’t run a virus scan. In this case you’ll need a ‘recovery tool’ that you can use to boot up your computer. And to create one of those you’ll need access to a second PC or laptop, along with a USB flash drive which will have any existing contents wiped.
One option is to download the Norton Bootable Recovery Tool
Though Norton says it’s ‘easy to use’, that’s not really true. It’s provided as an ISO file, which is designed to be put on a CD or DVD.
However, it can also be used on USB drive. So, grab a spare USB flash drive and download the free Rufus tool. Run it, and follow the instructions below. You can find full instructions on Norton’s website, but here’s the overview:
- Navigate (on the working computer) to the Norton Bootable Recovery Tool file you just downloaded
- Launch Rufus
- Insert a USB drive (at least 1GB capacity) and wait for Rufus to detect the USB drive
- This process will erase all files on the USB drive, so copy off any files you want to keep
- In Rufus, under Format Options, select Create a bootable disk using, and select ISO Image from the drop-down menu
- Click the CD Drive icon and navigate to the saved NBRT.iso file location
- Click Start. Then click OK
- Once the process has finished click Close
Now insert your recovery disc or USB drive into the infected PC and press the power button to turn it on. Rather than letting Windows try to start, you need to go into the BIOS menu. A key on your keyboard will allow you to open the BIOS. This is often F2 but you should see a message on-screen telling you which key to press.
We can’t tell you exactly what to do here as each laptop and PC differs, but look for ‘Boot’ options, then set your USB drive as the ‘first’ drive.
Save your changes and exit the BIOS. Your PC should now boot from the USB flash drive.
You should see a ‘Welcome to NBRT page’. Select Boot, then follow the prompts to begin a scan.
Once complete you’ll be presented with any findings and recommended next steps. Be sure to ‘fix’ only genuine threats because your actions cannot be undone.
Once you’re happy with your selections click Fix, and OK when prompted for confirmation. Click Reboot when the process has finished
How to stop your Windows computer getting another virus
The best way to prevent future infections is to ensure that your computer is running up to date antivirus software.
The best antivirus software should protect you from malicious email attachments, but you should be careful not to open them unless you are confident about what they contain and that they are from a reputable source.
You should download software only from trusted sources, one of which is the Microsoft Store that’s built into Windows.
When you are browsing the web, double-check the address of the website to ensure it is the real deal and not a fake one looking to steal your login details or trick you into downloading malware.
Check out more tips for staying safe from ransomware.