Your IP: Unknown · Your Status: Unprotected Protected

Blog How-To

How to remove malware: the ultimate guide

May 08, 2018 · 18 min read

How to remove malware: the ultimate guide

It finally happened. You downloaded a file from an email you trusted that shut your computer down, or your phone started to run slow after you connected to an unsecure public wifi because “one time couldn’t hurt, could it?” Now that your device is infected by malware, how do you get rid of it?

What is malware?

Malware is any malicious software that is designed to infiltrate a system and achieve something against the interests of the owner of that system. This can include everything from damaging the system and shutting it down to stealing data and bandwidth or monitoring the user’s activity.

Viruses are just one of many different types of malware that you should watch out for. Here’s a brief overview of the different types you should look out for:

Adware is a relatively innocuous type of malware that focuses on making money rather than harming your computer. This aggressive advertising-supported software displays banner advertisements on websites and application windows.

Adware mostly spreads through automatic downloads that start when visiting a certain website. It can also come bundled with a free version of an app or software that will install the adware without your knowledge. Symptoms include increased CPU usage and annoying banners you keep seeing not only online, but when using programs as well.

Spyware is made to (surprise!) spy on you. This malware hides in the background, monitoring your computer usage and Internet browsing activity. It can harvest passwords, banking details and emails, and can even perform keystroke logging or change security settings. All of the information it gathers is sent to a remote user. It can also download and install other malicious applications without your permission.

Much like a biological virus, a computer virus is a type of malware that spreads from host to host and reproducing itself. Attached to files or programs, it can be spread through Internet downloads, email, social media, or text messages. However, a virus cannot infect a computer autonomously – it needs a user to run the program it is attached to. The harm caused by viruses ranges from minor annoyances like desktop wallpaper alterations to major system crashes or the complete loss of data.

In comparison to viruses, worms can seem quite innocent, as they themselves do not actually cause any damage to a system. A worm’s entire purpose is to copy itself and spread across a local drive or network.

Worms can also be paired with “payloads” that they deploy to damage a system or extract information, but they don’t have to. The first worm, Creeper, simply notified infected users of its presence. Other worms, though not explicitly damaging, have crashed thousands of computers simply through the sheer volume of traffic generated by their replication.

Trojan malware got its name from the Trojan horse of Greek legend. Trojans infiltrate computers by hiding in innocent-looking programs like various applications, games, or even video or music files. Once they’re in, they can create backdoors for hackers to get into your system and collect your data or even completely lock you out of your computer.

Ransomware is one of the most serious cyber threats due to its ability to spread quickly and cause expensive damage. Ransomware is designed to make a profit. Once the malware infects a machine through a system vulnerability, it encrypts all of the data, locking the user out. Then, it asks the victim to pay a ransom to decrypt the files.

How to tell if you have malware

The first step to responding to an attack is recognizing the effects. Unfortunately, that can sometimes be difficult to do, as some types of malware are designed to work imperceptibly – at least until they’ve done their damage.

Your device runs slowly: A common symptom of malware is when your computer or smartphone suddenly starts to run slower than usual. However, there are many other things that could bog down your device, so you’ll have to follow the process of elimination to see why your device is taking its time processing your requests. If you aren’t running too many apps or programs and your device isn’t overloaded with files but it still runs slowly, you may be compromised.

Your internet connection is sluggish: Many different types of malware can seize your online bandwidth for their own purposes. Some use your device to help launch DDoS attacks, while others can use your device as a platform to replicate themselves and infect even more users to harvest personal data. However, just like with CPU speed, there are plenty of other issues that could cause this symptom. Once you’ve ruled out a bad internet connection, background downloads, and anything else that could eat up your bandwidth – check your speed again. If it’s still slow, you should investigate further.

Another facet of this issue specific to smartphones (or to USB plug-in wireless internet for computers) is data usage you can’t account for. If you’re not a heavy data user and suddenly find yourself going over your limits even though your habits haven’t changed, it’s time to investigate. The best-case scenario is that a new setting you didn’t know about on a trusted app is automatically using your data to communicate with a cloud database. This can happen if you set an app to update automatically or to automatically sync photos or music with a cloud drive However, it can also be an indication that malware is sending your data to someone behind your back.

Suspicious pop-ups and notifications: If you browse without a pop-up blocker (which you really shouldn’t do), encountering the occasional annoying pop-up online shouldn’t be much of a surprise. If you start getting them while working offline, however, you’re in trouble. In the best-case scenario, you’ve simply downloaded a disreputable piece of software that uses invasive tactics to get you to pay up. However, such unexpected pop-ups can be a sign that your computer is infected with malware.

Ironically, these pop-ups often claim to be warnings that you’ve been infected with a virus – and that the only way to get rid of it is to buy a piece of bogus antivirus software provided by the hacker. Pop-ups on websites that have never had them before can also be an indication of malicious software (but before you panic, you may want to ask the website admin if they’ve recently started to allow pop-ups).

Your device crashes: Some more dangerous types of malware can gain root access to your device and manipulate the most basic elements of its system. When these changes clash with other device processes, they may crash your device (whether intentionally or not). If your device suddenly starts crashing frequently – especially if you recently downloaded a new app or file – there’s a chance that your computer is under attack.

Your friends receive messages from you that you didn’t send: Some types of malware spread by stealing your identity and sending messages on your behalf. If your friends and family start to respond to suspicious messages that you know you didn’t send, that’s a sure sign that your device has been infected. These messages might send files that will spread the attack if opened or can ask your friends to transfer money to bank accounts owned by hackers.

Apps or programs you didn’t download: Sometimes, legitimate programs come bundled with other apps or software that you might inadvertently install without knowing. These aren’t always a problem, but they’re certainly a potential threat. The appearance of unrecognized icons on your desktop or your phone’s home screen will be your first clue. If you find an icon you didn’t install, don’t open it – simply try to figure out whether it’s something you need and whether or not you can safely uninstall it.

These can also often show up as additional unwanted toolbars or browser extensions that you never downloaded. Some seasoned Internet users might remember, with a shudder, a certain purple gorilla named Bonzi Buddy that invaded users’ browsers in the late ‘90s and early ‘00s…

You can’t access your files and receive a ransom message: Most malware tiptoes its way onto your device. Ransomware, on the other hand, comes in guns blazing. Ransomware is designed to encrypt the victim’s files, making them completely inaccessible. The hackers will then send a ransom message demanding payment for the victim to access the files. Whether or not you pay, you are completely at the hacker’s mercy. Dealing with a ransomware attack can be difficult, but there are a few steps you can take to protect yourself.

Your system stops listening to your commands: In the interest of self-preservation, some malware will try to block access to system settings or tools that could help you get rid of it. These can be your Windows task manager, your Mac activity monitor, your built-in security scanner, or just your regular system settings or control panel. If you find that your settings have been changed without your permission or your computer is trying to restrict your from accessing certain system administration tools, this could be a strong indication that your computer is infected.

You get redirected while browsing: When you browse the internet, get into the habit of keeping your eyes on the URL bar, especially when the page is loading. If either the website you’re visiting or the computer you’re using are infected, malware can redirect you to suspicious websites and ads. Sometimes, it can even impersonate the website you were visiting and collect any information you enter. The next time you check a sensitive account (like your Paypal account, for example), make sure you know the correct URL. If the root URL changes to something you don’t recognize while using it, watch out! That could mean that you’re being redirected to a malicious site.

Plus, a very common setting that malware often changes is your browser’s home address. If your home address when you open your browser looks suspicious, that’s a dead giveaway!

Your security programs have been disabled: You should always have your security programs enabled (and if you don’t, shame on you!). These include built-in firewalls, malware detectors, and other software that you might have installed from a reputable source or that came standard with your device. Either way, if you suddenly discover that they’ve been disabled, you need to find out why.

Phone bill discrepancies: Some phone-specific malware acts by quietly sending SMS messages to expensive private numbers that charge exorbitant sums. If you receive an unusually high phone bill, review your call and SMS histories or contact your service provider to see if your phone might’ve been infiltrated.

How to fight back

So you think you have malware. Now what? Well, it depends on your device. Different devices can be targeted by different viruses or worms and will have different tools to help out, so we’ll make sure we cover the most popular categories.

How to remove malware from Android

Android’s open app store is a blessing and a curse. The same accessibility that allows new app makers to flourish also makes it easy for hackers and scammers to push malicious apps that will do everything from selling your data to draining your bank account. Google does make an effort to filter their app store, but malicious code still makes it in on a regular basis. Apps unsupported by the app store are even more dangerous.

Because of the way both Androids and iPhones are designed, there are not yet any known “viruses” for them – not of the sort that exist for regular computers. In both cases, hackers and scammers gain access primarily through apps that they trick the victim into downloading and authorizing, so let’s start there (Note: Jailbreaking your smartphone can open new vulnerabilities. Do so at your own risk!).

1. Once you’ve observed a potential sign that your Android is infected by malware, the first step is easy – turn off your phone. This will prevent the malicious app from doing any more damage than it already has and give you time to do some research using another device.

2. While your phone is shut down, try to find out what you can. What exactly were the symptoms? Can you find any info about other users with the same issue? When did the problem start? Did the beginning of the symptoms coincide with the installation of a new app? If so, search the name of that app and see if it has been revealed to be malware.

3. Once you have some idea of what you’re dealing with, start your phone up in safe mode. The safe mode instructions vary from device to device, so consider finding the instructions for your model online. On most, you can start by pressing the power button as you would when turning your phone on regularly. Then, while the Google startup animation plays, hold the volume down button until the animation ends. You should then see an on-screen indication that your phone is running in safe mode.

But what is safe mode and how will it help you? When your Android starts up in safe mode, it will only allow its default apps to run. This will allow you to eliminate the suspected malicious app without suffering any more damage to your system or your security than you already have.

4. If your work in Safe Mode didn’t help, you may have to do a factory reset. This is a rather inconvenient measure since you’ll have to reinstall and redownload everything your phone had before it was infected. However, this is one of the most powerful tools in your arsenal against malware. To do a factory reset, follow these instructions from Google.

5. Once any suspicious apps have been removed, it’s time to deal with the consequences of the attack. By now, you may have some idea of how you’ve been compromised. If the app sent suspicious messages to your friends on your behalf, message anyone who received them to notify them that they shouldn’t respond to that message. If the app compromised your bank account, call your bank immediately for advice on how to secure your account. Change your passwords to any websites and services that the app might have accessed. Your work at this stage will vary depending on the type of malware, so use your common sense.

How to remove malware from iPhone

iPhones are known for their powerful built-in security measures, but this can leave some users more lax about their security than they should be. No fortress is impenetrable, and even iPhones can be compromised by malware. Just like Android, the main way for hackers and scammers to compromise an iPhone is through innocent-looking apps that hide their malicious payloads (Note: Jailbreaking your smartphone can open new vulnerabilities. Do so at your own risk!). Because Apple exerts more control over their app store, users are less likely to encounter malware, but it’s far from impossible and has happened before.

If you suspect that your iPhone has been affected by malware, here’s what you should do:

1. Turn off your iPhone. This is the most surefire way to prevent the malware from doing any more damage or communicating with its owner while you look for a solution using another device.

2. Retrace your steps to figure out when you think you might have downloaded the offending app. When did the problems or irregularities start to appear? Does that time coincide with a specific new app you downloaded?

Some apps might immediately start to cause problems while others are more subtle. Armed with that information, you can also do some research about whether the malware app is a known problem and whether anyone has discovered more about how it attacks its victims.

3. Depending on what you’ve discovered in step 2, you’ll want to restore a backup from the cloud to a date before you had the offending app. To do this, simply click here for the instructions from Apple’s support page.

4. If your backup doesn’t do the trick, it’s time to bring out the big guns. A factory reset may be highly inconvenient, but it’s virtually guaranteed to secure your device, since few if any pieces of malware have been able to infect iPhones so deeply that they’d survive a factory reset. To do this, follow Apple’s instructions for factory resets.

5. At this point, your malware is most likely gone. However, it’s time to begin the recovery process. Figure out how the malicious code might have compromised you and use your common sense to secure yourself. Change your passwords. Contact your bank to check for suspicious transactions or notify them that someone else may have your data. Check to see if any suspicious messages have been sent on your behalf and contact the people who received them.

What you do now will depend on the malware you contracted, but this would be a great opportunity to do a full security overhaul!

How to remove malware from your Windows computer

Removing malware from a Windows PC can be very simple or highly complicated depending on how deeply it has penetrated your system. The potential threats are also more diverse, as Windows machines have traditionally served as punching bags for hackers due to their ubiquity. Malware here isn’t limited to apps, either – almost every type of virus, worm or trojan can infect a Windows system.

For better or for worse, there are countless tools available to clean your Windows PC. Going over all of them would be enough to fill a separate article at a later date, so we’re only going to cover the most generally applicable options.

1. Start by shutting down your PC and starting it up in safe mode. For detailed instructions on how to do so, check out Microsoft’s instructions. This will run your machine in its most basic settings. If the malware symptoms persist when running in Safe Mode (or Safe Mode with Networking), the malicious code has probably penetrated fairly deep into your system. If the problem is gone, there’s a better chance that you’ll be able to get rid of the malware without doing anything drastic like a system reset.

2. If the problem has stopped, you’re not done, but you can breathe easier. Some malware can be removed simply by uninstalling it, so browse the list of programs on your PC and see if there are any that seem suspicious or that you know shouldn’t be there. If the problems began recently, then a recently installed program might be the culprit.

If the issue persists after you’ve uninstalled them, find a reputable system scanner and antivirus and install them onto your PC. You’ll want to scan your system in Safe Mode as well because some malware is designed to interfere with your scanner.

3. If the problem persists after you’ve scanned your computer and eliminated any malware that it found, you may have to go deeper. There are more advanced tools to potentially eliminate a deeply rooted virus, but one of two “nuclear options” is reinstalling Windows 10 on your hard drive. Malware that infects your system at the BIOS level is rare, so this method will wipe out 99% of all threats. Before you begin, you’ll have to make some preparations. Back up any vital files you are reasonably sure aren’t infected – or upload them to the cloud so they don’t infect any of your other devices (Note: regular backups are a great idea!). Securely store any passwords or product keys that you’ll need when restoring your PC to a usable state.

Now that you’re ready, there are two ways to proceed. Windows 10 allows you to reinstall right from the start menu, giving you a “factory fresh” clean slate. To do so, go to your Settings panel (from the Start menu), open the Update & security tool, and select “Recovery”. There are a few options there, but at this stage, we suggest using “Reset this PC”. You’ll be given the option to keep or delete your files. If keeping them doesn’t eliminate your problem, you’ll want to back up what you can and then do the same process over while deleting everything.

Completely wiping your hard drive before reinstalling Windows 10 is beyond the scope of this guide, as this is a risky process that usually involves specialized software. We suggest looking for complete instructions online or bringing your computer to a local computer technician to wipe and reinstall your system for you. Don’t forget to make sure you have your Windows product key handy!

4. If you had to go beyond using scanning software to eliminate your malware, chances are you’ve had time to think about how to mitigate the damage of your attack. If you haven’t already, start doing what you can to contain it. Change the passwords to all of your online accounts, contact your friends and family to notify them that they may be at risk, and contact your bank to make sure that there haven’t been any suspicious transactions. The clues that tipped you off to the malware in the first place may give you an idea of what you have to do to minimize its effects. Even once it’s gone, stay vigilant – the attacker may still have your data and may still try to do something with it.

How to remove malware from your Mac

Just like iPhones, Macs are generally fairly secure and don’t get malware very often. However, it does happen. It often comes hidden in apps or browser extensions that were dishonest about what they do or that are bundled with other software that you trusted when installing it. Therefore, it’s worth exploring these avenues before getting to the more serious anti-malware measures.

1. To begin, it’s a good idea to play it safe and shut down your Mac as soon as you have a good idea of what the symptoms of your attack are. You can use another device to do some research on whether or not other users have had similar issues. Since malware on Macs is relatively rare, there’s a good chance that there will be information available on the issue you’ve encountered and how to resolve it.

2. When you do start up your Mac, do so in safe mode. Safe mode will boot your computer with its most basic settings and block any third-party apps – malicious or not – from automatically running on startup. If the issue is gone, you might not have had malware at all – or safe mode has prevented it from operating. Follow these instructions to turn on safe mode on your Mac.

3. Now that you’re back in, delete any suspicious apps on your Mac. Look for apps that you downloaded recently or whose appearance coincided with the beginning of your malware symptoms. Not every unrecognizable app is malicious, however – it’s worth looking up their names online if you’re not sure. Sometimes, trusted apps can be to blame. If the app publisher was hacked, they might have distributed malware without their knowledge.

4. If you couldn’t find any suspicious apps or if nothing changed when you removed them, don’t panic. The trouble could be due to a browser extension, which you’ll have to remove through your browser window. The instructions for this step may vary depending on what browser you use, so try to find instructions online.

5. If neither of these measures worked, it’s time to try something a bit more involved. Fortunately, Apple saves much of its users’ data in the cloud, so resetting your computer to its factory settings shouldn’t be too painful. Back up any essential files that aren’t stored in the cloud and then follow Apple’s directions for a full factory reset. A combination of these measures should remove any malware that made it to your computer. If not, your best bet will probably be to take your computer to a licensed Apple retailer for repair services!

6. The final step is to make sure you’re on top of any potential fallout from the malware attack. Just because the app is gone doesn’t mean the hacker hasn’t already used it or hasn’t already received your data. Change your passwords to any online accounts you have, starting from the most sensitive ones. Contact your bank to check for suspicious operations. Consider notifying them of the attack as well so they can flag your account for heightened monitoring. Check to see if you’ve sent any suspicious messages to friends and family, and if you have, message them to tell them what’s up. Use your common sense to figure out what you have to do.

How to stay secure

Hopefully, these steps will help you get rid of malware no matter which of your devices got infected. Now that you’ve cleaned your device and dealt with the aftermath, it’s time to examine how you got infected in the first place and what you can do to make sure this headache never happens again!

Get anti-malware/anti-virus software: One of the most comprehensive defenses against any malicious code is a piece of reputable security software. As always, premium tools are the way to go. The best software packages are backed by dedicated teams of developers who monitor the latest threats and respond to them with updates as quickly as possible. The right tool will scan any files you download or app you want to install for harmful functions and warn you before you continue. You can also run periodic scans to make sure nothing made it past their initial filters.

Become a vigilant Internet user: Learn to recognize the symptoms of malware and the shady places online that distribute it. Don’t ever click on any pop-ups, and if they have fake “X” icons to close them, make sure you click on the real one! Get a browser extension like uBlock Origin (which is free and open-source) to block any known malicious ads. Mouse-over or right-click on links before clicking on them to see where they take you. Always keep an eye on your URL when you browse, because even legitimate websites can get hacked. The hackers can then redirect users to a URL that looks similar but isn’t – and where visitors are far from secure. Some malware injects ads and hyperlinks into website text, but these will often look different from the links and ads you’re used to seeing. If you can notice the differences, you’ll learn to tell whether you’re looking at a shady website or something more malicious.

Secure your online traffic: VPNs are more than just powerful privacy tools. The encryption a VPN provides will close off numerous avenues of infiltration for potential hackers and their malware. With NordVPN, you’ll also get CyberSec, a built-in feature that flags malicious websites before they have a chance to deliver their payloads. Because NordVPN supports up to six devices per account, you can easily secure your Android or iPhone, too!

Back up your files: Strictly speaking, performing frequent backups of your files may not actually prevent you from getting malware, but it will make attacks much easier and less damaging to deal with. Device resets are a nearly guaranteed way to wipe out most malware, but they’re very hard to do if every wipe means losing important files. With frequent, secure backups, that won’t be a problem.

Do your homework: Before downloading an app, read some reviews online – and be sure to find at least one negative one as well. What do they say? Are users complaining about features or performance, or are there more serious issues at play? Has anyone accused the app of being malware? Are they outliers or is it a common complaint? You should also read about the most serious vulnerabilities facing your device or operating system. If you know them, you can avoid them.

Keep your software up to date: The next time a trusted app or even your OS asks you to confirm an update, don’t be so quick to cancel or delay it. In addition to providing feature and performance improvements, updates usually patch up security vulnerabilities that developers have found in their software. These can be pre-emptive fixes or responses to a quickly spreading global bug, but in either case, you’ll want to update your software as soon as the update is available.

Change your passwords and keep them secure: Learn how to craft a secure password that you’ll remember. When you discover malware on your device and eliminate, one of the first things you’ll want to do is change your passwords. Even if the malware is gone, the hacker who spread it might still have your password – but it’ll be useless as soon as you change it.

Learn your devices inside and out: Whether it’s a smartphone or a PC, your device has plenty of built-in settings that can go a long way to make it more or less secure. Browse your settings and find out how they can change your security environment. Both Android and iOS smartphones can restrict apps from outside their curated app stores – make sure that these restrictions are turned on! Windows 10 PCs come with a fairly powerful built-in firewall and scanner. Make sure these are on and running at their most powerful setting.

Daniel Markuson
Daniel Markuson successVerified author

Daniel is a digital privacy enthusiast and an internet security expert. As the blog editor at NordVPN, Daniel is generous with spreading news, stories, and tips through the power of a well-written word.

Subscribe to NordVPN blog