If you think your computer is infected, the first few minutes matter. A suspicious pop-up, sudden slowdown, browser redirects, unknown programs, or warning emails can all point to malware, and it is easy to make the situation worse by clicking around or logging into accounts. This step-by-step guide explains what to do immediately if you think your computer is infected, how to contain the problem, how to clean the device safely, and when it is smarter to stop troubleshooting and get professional help.
The goal is not just to remove malware. It is also to protect your files, online accounts, and other devices on your home network. By following a calm response plan, you can reduce the risk of data theft, prevent the infection from spreading, and make better decisions about scanning, restoring, or reinstalling your system.
Key Takeaways
- Disconnect the computer from the internet and stop using sensitive accounts right away.
- Do not rush to click alerts, install random cleanup tools, or keep browsing as normal.
- Use Safe Mode and a trusted security scan to check for malware and suspicious programs.
- Change important passwords from a different clean device, not the possibly infected computer.
- If the infection is severe or keeps returning, restore from a clean backup or consider a full reinstall.
Disconnect the computer and stop risky activity
Take the device offline immediately
If you suspect malware, disconnect the computer from Wi-Fi or unplug the network cable. This can help stop malicious software from communicating with remote servers, spreading across your network, or stealing more data.
If the device is a laptop, turn off Bluetooth as well if you do not need it. If you use shared folders or network-attached storage at home, keeping the infected device connected increases the risk to other systems.
Stop logging into accounts
Do not sign in to email, banking, shopping, cloud storage, or work accounts from that computer until you know it is clean. Some types of malware are designed to capture passwords, browser cookies, and payment details.
The U.S. Federal Trade Commission specifically advises users to stop logging into online accounts with sensitive information if malware is suspected. You can read their guidance here: FTC advice on malware detection and removal.
Quick Tip: If you already typed a password on the suspicious computer, assume it may be exposed and plan to change it from a different clean device.
Check for common signs of infection
Symptoms that often point to malware
Not every computer problem is a virus, but certain patterns are strong warning signs. The more of these you notice at once, the more careful you should be.
- Unexpected pop-ups or fake security alerts
- Browser homepage or search engine changes you did not make
- Programs opening or closing on their own
- Very slow performance with no clear reason
- Unknown apps, toolbars, or extensions
- Files disappearing, changing names, or becoming inaccessible
- Friends receiving strange messages from your email or social accounts
Do not rely on one symptom alone
A slow computer can also be caused by low storage, too many startup apps, or failing hardware. What matters is the combination of unusual behavior, especially if it started right after opening an attachment, downloading software, or clicking a suspicious link.
For a general overview of warning signs and recovery steps, the National Cybersecurity Alliance has a useful reference: How to tell if your computer has a virus and what to do about it.
Do not click random alerts or install unknown cleanup tools
Fake antivirus warnings are common
One of the most common mistakes after suspected infection is trusting the wrong pop-up. Malware often pretends to be a security warning and pushes you to click “fix now,” call a phone number, or install a so-called cleanup app.
If a warning appeared in your browser, close the browser window instead of interacting with the message. If the screen seems locked, restart the computer and avoid reopening the same tabs.
Use only security tools you already trust
If you have a reputable antivirus or built-in security tool already installed, use that. Avoid downloading unfamiliar software from ads, pop-ups, forum comments, or unofficial download pages while you are in panic mode.
| Action | Safer choice |
|---|---|
| Pop-up says your PC is infected | Close the window and run your own trusted security scan |
| Search results show many “free cleaners” | Use your existing security software or the device maker’s official guidance |
| Someone offers remote help through a popup number | Do not call; verify support through official channels only |
Boot into Safe Mode and run a full scan
Why Safe Mode can help
Safe Mode starts the system with a limited set of drivers and startup items. This can make it easier to scan and remove malware because some malicious processes may not load the same way they do during a normal startup.
Dell’s support guidance explains the value of using Safe Mode when malware may be starting with Windows. See: Dell guidance on identifying and repairing malware-infected systems.
Run a full system scan, not just a quick one
Once in Safe Mode if available, update your security software if you can do so safely, then run a full system scan. A quick scan may miss hidden files, scheduled tasks, startup items, or less obvious locations where malware can persist.
If your security tool finds threats, follow the recommended quarantine or removal steps. Restart only when the scan is complete and the tool tells you what to do next.
Review recent downloads, apps, and browser extensions
Look for what changed recently
Think back to what happened before the problem started. Did you open an attachment, install a free converter, allow a browser notification, or download a game mod, cracked software, or email invoice?
That timeline can help you identify the source. Remove suspicious programs you do not recognize, especially anything installed at the same time the symptoms began.
Check the browser carefully
Many home users are hit by browser-based threats rather than classic viruses. Review extensions, notification permissions, default search settings, and homepage settings in every browser installed on the computer.
- Remove extensions you do not remember installing
- Turn off suspicious site notifications
- Reset browser settings if redirects continue
- Sign out of the browser if you suspect account sync abuse
Protect your accounts from a clean device
Change important passwords elsewhere
If there is any chance the infected computer captured login details, use a different trusted device to change your passwords. Start with your email account, because email access often allows password resets for many other services.
Then update passwords for banking, shopping, cloud storage, social media, and password manager accounts. If possible, enable multi-factor authentication on important accounts.
Watch for signs of account misuse
Check recent login activity, security alerts, and sent messages. If you see password reset emails you did not request, unfamiliar devices, or messages you did not send, secure those accounts immediately.
Quick Tip: Prioritize your email and financial accounts first. If attackers control your email, they may be able to reset many other passwords.
Back up important files carefully
Save personal files, but avoid copying risky items
If the computer still works and you have not backed up your important data, copy essential personal files to external storage before taking more drastic steps. Focus on documents, photos, and other irreplaceable files.
Be careful not to back up suspicious executable files, unknown installers, or scripts. If ransomware is involved, encrypted files may still need to be saved in case a future recovery option becomes available, but they should be stored separately and clearly labeled.
Scan backups before restoring them elsewhere
Do not immediately move backed-up files onto another everyday computer. Scan them first with trusted security software before opening anything, especially archives, macros, or downloaded program files.
Decide whether to remove, restore, or reinstall
When malware removal may be enough
If the infection appears limited, your security software successfully removes it, and the computer behaves normally afterward, you may be able to continue using the device. Still, monitor it closely for repeat symptoms, strange network activity, or recurring browser changes.
When a restore or reinstall is the safer option
If malware keeps coming back, security tools cannot remove it, files are altered, or you suspect credential theft or remote access, a more thorough recovery is safer. Restoring from a clean backup made before the infection can be a good option if you have one.
In more serious cases, wiping the system and reinstalling the operating system is often the most reliable way to regain trust in the device. This takes more time, but it can be the right choice when you cannot be confident the computer is truly clean.
| Recovery option | Best for |
|---|---|
| Security scan and removal | Minor or early infections with clear detection and successful cleanup |
| System restore or clean backup restore | Problems that started recently and a known-good restore point or backup exists |
| Full reinstall | Persistent malware, account compromise concerns, or low confidence in cleanup |
Check other devices and your home network
Think beyond one computer
If the infected system was connected to your home network, review other devices too. This is especially important if you share files between computers or use the same passwords across multiple accounts and devices.
Run security scans on other computers, update phones and tablets, and make sure your router uses a strong password and current firmware if updates are available from the manufacturer.
Watch for phishing after the infection
Some infections lead to follow-up scams. You may receive fake support emails, account warnings, or invoices designed to exploit the same incident. Stay cautious for a while after the initial cleanup.
Know when to get professional help
Situations that justify expert support
Home troubleshooting has limits. If the computer contains business data, tax records, financial information, family photos you cannot replace, or signs of ransomware, it may be worth getting professional assistance rather than experimenting.
- You cannot complete a scan or the tool keeps crashing
- The device will not boot normally
- You suspect remote access or identity theft
- Important files are encrypted or inaccessible
- The infection returns after removal attempts
Choose support carefully
Use official support channels from your device maker, operating system provider, or a reputable local repair service. Avoid phone numbers shown in pop-ups or search ads that pressure you to act immediately.
How to reduce the chance of this happening again
Simple habits that make a big difference
After you recover, spend a few minutes improving your setup. Many infections happen because of a small gap: outdated software, reused passwords, unsafe downloads, or disabled security features.
- Keep the operating system, browser, and apps updated
- Use reputable security software and let it update automatically
- Back up important files regularly
- Use unique passwords and a password manager if possible
- Enable multi-factor authentication on important accounts
- Be cautious with attachments, downloads, and browser prompts
If you think your computer is infected, the best response is calm, fast, and methodical. Disconnect it, stop using sensitive accounts, scan it with trusted tools, protect your passwords from another device, and do not hesitate to restore or reinstall if trust in the system is gone.
Frequently Asked Questions
Should I turn off my computer if I think it has malware?
Usually, disconnecting it from the internet is the first priority. Turning it off can be reasonable if the system is acting aggressively or you need to stop activity immediately, but if you plan to run scans and back up files, a controlled process is often better than repeated forced shutdowns.
Can I change my passwords on the infected computer?
It is safer to change passwords from a different clean device. If the infected computer has a keylogger or browser-stealing malware, new passwords entered there could also be captured.
Is a factory reset enough to remove a virus?
Sometimes, but not always in the way users expect. A proper full reset or clean reinstall can be effective, but you should still back up carefully, avoid restoring infected files, and secure your online accounts afterward.
How do I know if the malware is really gone?
You can never rely on one sign alone. A successful full scan, normal system behavior, no recurring pop-ups or redirects, no unknown startup items, and no suspicious account activity are all good signs. If trust is still low, a clean reinstall is the safer long-term option.