If your PC suddenly shows fake security warnings, opens strange browser tabs, or blocks normal security updates, you may need to remove malware on Windows before the infection gets worse. Effective cleanup is not about one magic button. It is about doing the right steps in the right order so the malware cannot keep running while you try to remove it.
This guide explains how to confirm you have a real malware problem, clean an infected Windows 10 or Windows 11 system, choose the best removal method, and know when a reset is the safer option. By the end, you should have a practical plan instead of guessing.
Key Takeaways
- Start by disconnecting the PC and backing up only personal files, not unknown installers or executable files.
- Windows Security is the right first step for most people, but Defender Offline Scan is better when malware loads before Windows does.
- Manual cleanup is useful for obvious browser hijackers or rogue apps, but it is risky if you are not sure what you are deleting.
- Microsoft’s Malicious Software Removal Tool helps with specific prevalent threats, but it is not a full replacement for antivirus.
- If security tools keep getting disabled or symptoms return after every reboot, a reset or clean reinstall is often the faster and safer answer.
How to tell if you need malware removal right now
Not every slow PC is infected. A full drive, too many startup apps, or a bad update can also make Windows feel unstable. The difference is that malware usually adds suspicious behavior, not just poor performance.
Common warning signs
- Your browser redirects searches, changes the homepage, or shows push notification spam.
- Unknown apps, toolbars, or startup programs appear without you installing them on purpose.
- Windows Security turns off, closes unexpectedly, or will not update.
- You see fake support alerts, repeated pop-ups, or demands to download a cleaner.
- Your accounts show unusual sign-ins, passwords stop working, or messages are sent that you did not send.
When it may be something else
If the only symptom is a slow startup or loud fan noise, check storage space, updates, and startup apps first. But if several of the warning signs above happen together, treat it as a likely malware infection and scan the system immediately.
How to remove malware on Windows safely
1. Disconnect the PC and back up only what you need
Turn off Wi-Fi or unplug Ethernet before you start. This helps stop active malware from downloading more components, sending data out, or spreading through synced services. Then back up documents, photos, and other personal files you cannot replace.
Quick Tip: Back up files such as documents, images, and videos, but do not back up unknown EXE, MSI, SCR, or ZIP files from an infected PC unless you are certain they are safe.
2. Run Windows Security full scan, then Defender Offline Scan if needed
Open Windows Security, update protection if the PC can still connect safely, and run a Full Scan first. If threats keep returning after restart, or Windows Security will not stay open, run Microsoft Defender Offline Scan. That scan reboots the PC and checks the system before normal startup, which is useful against malware that hides while Windows is active.
If your scanner keeps crashing or the PC is too unstable, reboot into Safe Mode and try the scan there. Safe Mode is not always necessary, but it can help when normal startup is working against you.
3. Remove suspicious apps, startup items, and browser changes
Look for recently installed software you do not recognize, especially fake cleaners, cracked software, bundled downloaders, or random browser tools. Uninstall suspicious programs, review startup apps, and remove unknown browser extensions. For browser hijackers, resetting the homepage, default search engine, and notifications can be as important as running the antivirus scan.
4. Use a second-opinion tool if symptoms persist
Microsoft provides guidance for the Malicious Software Removal Tool, which is designed to find and remove specific prevalent threats. It is helpful as a follow-up check, but it does not replace full antivirus protection.
If you are dealing with a stubborn infected file, startup item, or obvious unwanted program, Bitdefender also offers a useful reference on manual malware removal on a Windows computer. Manual removal makes sense only when you know what changed. Guessing can make the system harder to repair.
Which malware removal option should you choose?
The best option depends on what the infection is doing. Start with the least risky method, then move to more advanced or disruptive steps only if the problem remains.
| Option | Best for | Main strength | Limitation | Type of user |
|---|---|---|---|---|
| Windows Security Full Scan | First-pass cleanup | Built into Windows and easy to trust | May not fully undo browser or startup changes | Beginner |
| Defender Offline Scan | Threats that return after reboot | Scans before normal Windows startup | Requires a restart and interrupts work | Beginner to intermediate |
| MSRT | Checking for specific prevalent threats | Official Microsoft follow-up tool | Narrow scope compared with full antivirus | Cautious home user |
| Manual cleanup | Obvious rogue apps or browser hijackers | Can remove the exact cause quickly | Higher risk if you misidentify files or settings | Intermediate user |
Windows Security Full Scan
Short summary: This is the default starting point for most infected home PCs.
Why it stands out: It is already built into Windows, so you do not need to add more software to a compromised system.
Best for: Everyday users who suspect adware, a trojan, or a bad download and want the safest first step.
Not ideal for: Cases where malware disables security tools or where the main problem is a browser that still has altered settings after the scan.
Practical usage context: You installed a fake video converter yesterday and now the PC behaves oddly. Run this first before deleting random files.
Microsoft Defender Offline Scan
Short summary: This scan reboots the machine and checks it outside the normal Windows session.
Why it stands out: It can catch threats that hide in memory or load very early in startup.
Best for: Users who keep seeing the same detection return, or whose antivirus seems blocked during normal use.
Not ideal for: A simple browser extension problem or anyone who cannot pause work for a reboot.
Practical usage context: Windows Security finds something, you restart, and the same warning comes back immediately. That is the right moment to try Offline Scan.
Malicious Software Removal Tool
Short summary: MSRT is a targeted Microsoft cleanup tool for certain widespread malware families.
Why it stands out: It gives you a narrow, reputable second check without replacing your normal protection workflow.
Best for: Users who want confirmation that common prevalent threats have been removed after the main scan.
Not ideal for: People looking for a full antivirus suite, real-time protection, or a tool that resets every browser hijack.
Practical usage context: Your system seems cleaner, but you want one more Microsoft-based check before you trust the PC again.
Manual cleanup of apps and browser settings
Short summary: This means removing the exact program, extension, task, or setting that changed your system.
Why it stands out: It is often the fastest way to stop forced search engines, push notification abuse, and rogue utilities that scanners only partially fix.
Best for: Users who can clearly identify what was installed or changed shortly before the problem began.
Not ideal for: Anyone unsure whether a file belongs to Windows, because deleting the wrong item can break legitimate features.
Practical usage context: A coupon extension keeps reopening after scans. You remove the extension, reset the browser, and uninstall the related app that was bundled with it.
What to avoid and when to reset Windows
Mistakes that make cleanup harder
- Downloading several random cleanup tools from search results while the PC is already compromised.
- Deleting system files because they look unfamiliar.
- Restoring old installers, scripts, or cracked software from backup right after cleanup.
- Logging into banking, email, or work accounts before the machine is clean.
- Assuming the infection is gone just because the pop-ups stopped for one session.
Signs a reset is the smarter move
A reset or clean reinstall takes more time, but it is often the most trustworthy option after a deep compromise. If the PC keeps fighting every cleanup step, stop spending hours on partial fixes.
- Security tools will not run, or they get disabled again after every restart.
- Unknown admin accounts, remote access behavior, or ransomware-style warnings appear.
- Browser policies, startup entries, or homepage changes keep returning.
- Windows itself becomes unstable, corrupted, or impossible to trust for sensitive use.
If you decide to reset, back up personal files only, reinstall Windows from a clean source, and change important passwords from a different trusted device.
After removal: secure your PC
Once the scans come back clean, update Windows, your browser, and common apps such as PDF readers and office tools. Remove extensions you no longer need, review startup apps, and make sure automatic updates stay enabled.
Quick Tip: Change the passwords for email, banking, social media, and your password manager from a different clean device first. If a keylogger was active, changing passwords on the infected PC too early can expose the new ones as well.
Frequently Asked Questions
Can Windows Defender remove malware by itself?
Often, yes. For many home users, Windows Security is enough to detect and quarantine common threats. If symptoms continue after a full scan, try Defender Offline Scan and then review browser and startup changes.
Should I remove malware in Safe Mode?
Not always. Safe Mode is most useful when scans will not run normally, the PC is unstable, or the malware loads at startup and interferes with cleanup. If Windows Security works normally, start there first.
Is it safe to delete infected files manually?
Only if you are sure what the file is and what it does. Manual deletion can help with stubborn leftovers, but it is easy to remove the wrong file and damage Windows. Quarantine or guided removal is safer for most people.
When should I factory reset an infected PC?
Reset the PC when malware keeps coming back, security tools are disabled, remote access is suspected, or the system no longer feels trustworthy. A reset is also sensible when cleanup would take longer than rebuilding the machine properly.