If your computer is acting weird, you are in the right spot.
This guide covers two paths. Cleanup Path B is for when your system is still functional – you can log in, run software, and work. Most infections land here, and most can be removed without losing a single file. Cleanup Path C is the nuclear option – when the infection is deep enough that cleaning isn’t worth the gamble, and a fresh Windows install is the only outcome you can actually trust.
Not sure which path fits your situation? ‘Do I Have a Virus?’ covers how to read the symptoms and make that call before you start clicking things.
Path B
Cleanup Path B – Your PC Still Works
The goal is systematic: cut off the malware’s ability to run, find it, remove it, verify it’s gone. Don’t skip steps and don’t reorder them – the sequence matters.
Disconnect From the Internet
First thing: pull the internet cable or kill Wi-Fi. Some malware is actively talking to remote servers – uploading data, downloading more payloads, taking orders. Cutting the connection stops that cold. You’ll reconnect later when you need tools, but stay offline for now.
Boot Into Safe Mode
Safe Mode loads Windows with the bare minimum – core processes only, no third-party drivers, no startup programs. Most malware won’t run here because it has nothing to latch onto. Scanning an active infection while Windows runs normally is like mopping the floor with the tap still on.
Disable Startup Items and Scheduled Tasks
Malware survives reboots by adding itself to startup or scheduling a task to relaunch it. Clear both before you scan.
When in doubt, search the task name online. Entries pointing to files in AppData\Roaming with no clear publisher are a red flag.
Uninstall Programs You Don’t Recognize
Some malware – especially adware and browser hijackers – installs itself like a normal program. Before scanning, do a quick manual pass.
If something refuses to uninstall or immediately comes back, note the name. Some adware variants (Conduit, MyWay, Search Marquis) have dedicated removal tools you can find by searching the name directly.
Run a Full Scan
Not a quick scan – a full one. Quick scans only check the most common infection points; you want every file looked at.
Run Defender first, then Malwarebytes. If either finds something, remove it, reboot, scan again. Repeat until both come up clean.
Fix Your Browser
Scanners don’t always clean browsers completely. If your homepage or search engine changed, or you’re seeing unexpected ads, do this manually.
chrome://extensions, remove anything you didn’t install. Then Settings → Reset settings to restore defaults.edge://extensions, remove unknowns. Settings → Reset settings → Restore settings to their default values.Resetting keeps bookmarks and passwords but clears extensions and startup pages – that’s usually enough to break a hijack.
Update and Verify
Most malware gets in through known vulnerabilities in outdated software. Patch them now or you’re leaving the same door open.
- Windows Update: Settings → Windows Update → install everything available
- Update your browser from its settings menu
- Run one final Malwarebytes scan after rebooting to confirm you’re clean
If symptoms persist despite a clean scan, you may be dealing with something deeper. At that point, Path C is the more honest answer.
Path C
Cleanup Path C – When Cleaning Isn’t Enough
Some infections aren’t worth chasing. Rootkits in the bootloader, ransomware that’s already encrypted your files, a system so tangled you can’t trust what’s running – these call for a clean slate. A fresh install is the only way to be certain nothing survived.
Back Up Your Files – Carefully
Save your data before wiping anything, but be deliberate. An infection that’s been running a while may have touched files you’re about to copy.
What to save: documents, photos, videos, browser bookmarks, email data, game saves, software license keys.
- Use an external drive – skip the cloud until files are confirmed clean
- Copy data files only – no program folders, no executables (.exe, .dll, .bat files can carry infections)
- After reinstall, scan the backup drive with Malwarebytes before copying anything back
Create a Windows Installation USB
You’ll need an 8 GB+ USB drive and a clean computer to create it on – don’t do this from the infected machine.
Before you wipe: grab your Windows product key. It’s on a sticker on the PC, in your purchase email, or recoverable with a free tool like ProduKey – run it on the infected machine before the drive gets wiped.
Install Fresh Windows
Insert the USB, restart the infected PC, and press F12, F2, Del, or Esc during startup to access the boot menu and boot from USB.
The malware is gone – along with everything else, which is exactly why the backup step comes first.
Restore and Reinstall
- Run Windows Update immediately – patch everything before installing anything else
- Scan the backup drive with Malwarebytes, then copy your files back
- Reinstall apps from official sources only – never from old program folders
A fresh install is a genuine reset. Before loading everything back, think about what you actually use. Reinstalling the same stack that got you infected would be a waste of all the work you just did.
After Cleanup
Keep It That Way
In short: keep Windows updated, download software from official sources only, treat unexpected email attachments with suspicion, and back up your files regularly.
One addition worth making: a VPN won’t remove malware, but it closes an attack vector that has nothing to do with what you download. A lot of infections start on public Wi-Fi – cafes, airports, hotels – where someone on the same network is intercepting traffic or redirecting you to malicious sites before anything even reaches your device. A VPN encrypts everything end-to-end, so even a compromised network can’t do much with what it sees.
Stay Protected With ZoogVPN
Clean your PC. Then protect your connection.
Removing malware deals with what’s already on your device. But getting reinfected is often about what happens on the network before anything reaches your device at all.
ZoogVPN encrypts your internet connection so attackers on public Wi-Fi can’t intercept your traffic, redirect you to fake sites, or inject anything into pages you visit. Works on Windows, Mac, iPhone, and Android – one subscription, up to 10 devices.
Think of the steps above as cleaning up a mess. Think of ZoogVPN as not making the mess in the first place.
- Roksolana KogutRoksolana dives deep into online privacy, security, and the tools that make the internet work better for everyone. She has a natural taste for taking technical subjects and making them feel approachable, useful, and worth reading.
