How to Remove Malware: Removal Steps for Windows & Mac

eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

Antivirus programs and firewalls are pretty good at catching malware before it can infect devices, but occasionally malware can slip through defenses, endangering personal and financial information. When that happens, all isn’t lost; it’s possible to recover from most cyber attacks with tools and techniques available to average users.

We’ll go over malware removal tools and steps, and offer some tips to keep your devices from getting reinfected. These steps will work in most cases, but if you’ve been hit by ransomware, see our guides to ransomware decryption, removal and recovery.

Confirming Your Device is Infected With Malware

You want to start by confirming that your device is infected with malware and determine what kind of malicious infection you’re facing. We’ll go over the indicators of an attack below, but here’s a graphic summarizing what to look for:

Common Signs of Malware Infection

Slowed System Performance

One symptom of malware is if your device suddenly becomes noticeably more sluggish than normal, taking longer to open apps or respond to commands. Malicious software frequently uses a large percentage of your device’s resources, resulting in visible decline in performance.

You Can’t Access the Control Panel

Malware may block your access to the control panel or other system settings in some instances. If you discover that you are unable to access these critical functions, this might be an indication of a malware infestation preventing you from making any changes to regain control of your machine.

Unexpected Crashes

If you notice frequent and unexpected system crashes or application failures that interfere with your device’s usual operation, there’s a possibility that your device is infected. Frequent freezes can be a sign that something is amiss too.

Strange Pop-Up Window Messages

Unwanted pop-up advertisements or messages that display even while you are not surfing the internet might indicate the presence of adware or other types of malware. These pop-ups may ask you to install malicious software or disclose personal information.

Unusually High Network Activity

If you see an increase in network activity, especially when you are not actively using the internet, this might indicate that malware is transmitting or receiving data from your device. Monitoring your network can help you detect any suspicious activity.

Your Antivirus is Randomly Disabled

Malware often disables antivirus software, leaving your device open to further infection. If you discover that your antivirus or security software has been turned off without your knowledge, this might be an indication of malware attacking your system.

Missing or Corrupted Programs

Malware can cause your installed programs to disappear, fail to launch, or display errors. It might be to blame if you find programs missing or behaving strangely.

Programs Accessing the Internet Without Permission

If you discover strange apps, or applications accessing the internet without your consent, malware may be using connections to download further harmful files or communicate sensitive data to external (“command and control”) servers.

Being alert and recognizing when your machine suddenly changes operating patterns could give you an early warning sign that your device is compromised with malware. If you suspect malware, you must act quickly, using dependable antivirus software and following correct removal procedures to restore your digital environment.

Also read:

How to Remove Malware on Windows (PC)

Removing malware from a Windows PC requires a systematic approach to ensure the malicious software is eradicated. Here’s a step-by-step guide to assist you in eliminating malware from your Windows computer.

1. Disconnect from the Internet

Unplugging your computer from the internet ensures that the malware cannot communicate with its source or download additional malicious components. Cutting off its access is the first line of defense.

2. Enter Safe Mode

Safe Mode boots your computer with a minimal set of drivers and services, preventing most types of malware from running. It allows you to troubleshoot and remove the malware without interference from active malicious processes.

  • Click on the Windows logo
  • Type in Settings in the search bar and click on the result
  • Click on Updates & Security
  • Under Advanced Startup, choose Restart Now
  • Once your device has restarted, click on the following: Troubleshoot > Advanced options > Startup Settings > Restart
Windows options with Troubleshoot on highlight.
Troubleshoot menu with Advance options on highlight.
Advanced options menu with Startup Settings on highlight.
Startup Settings menu with the Restart button on highlight.

Images from Microsoft

3. Use Antivirus or Anti-Malware Software

Antivirus and anti-malware software is designed to detect, quarantine, and remove malicious programs. They employ extensive databases of known malware signatures and advanced heuristics to identify suspicious behavior, ensuring a thorough scan of your system. Hopefully starting in Safe Mode will allow your AV software to work; just scan and let it do its job.

4. Use Windows Defender

Windows Defender is a free antivirus program integrated into newer Windows versions (and it’s pretty good, we might add). Once activated (hopefully you did that when you first got your PC), it continuously monitors your system for malware threats. It offers real-time protection, scanning downloads, attachments, and programs as they run, providing an additional layer of security. Windows also has a built-in firewall and other security features too; we recommend using them if you don’t have paid security software installed.

Here’s how to access Windows Defender:

  • In the bottom left corner of the screen, click the Windows logo. The Start screen will appear.
  • To open the application, scroll down and choose Windows Security.
  • Check the Windows Security panel to see if your machine has an antivirus product installed and functioning.
    • Green checkmark: An antivirus product is installed and running on your computer. Because Windows Defender protects your computer, you do not need to enable it.
    • No checkmark: There is no antivirus on your machine, and Windows Defender is not activated. Please continue to the following steps to enable Windows Defender and keep your computer protected.
  • As indicated, select Virus & threat protection.
  • Then click the Virus & Threat Protection button.
  • Enable real-time protection.

Select the Windows Defender Offline scan option, then click Scan now. With any luck, it will be able to scan and remove any malware. Regardless of the success of that, it’s a good idea to take a manual look at the processes running on your machine.

5. Manually Uninstall Suspicious Programs

Investigate the list of installed programs. Malware often disguises itself as seemingly legitimate software. Look for programs with unfamiliar names or publishers and uninstall them. Be careful to avoid removing essential system files. You may also be able to hit Ctrl-Alt-Del and use Task Manager to look for and shut down any suspicious processes running on your machine.

  • Start by selecting the Windows logo in the lower-left corner of your screen. Type “Control Panel” into the search field that displays and choose it from the results.
  • Navigate to the “Programs” area of the Control Panel. To proceed, choose “Uninstall a program.”
  • You may arrange the list by installation date if you believe that a recently installed program is causing the problem. To locate any newly added apps that may be suspicious, look in the “Installed on” column.
  • Simply choose the application(s) you want to uninstall and then click the “Uninstall” button. You may also right-click on the application and select “Uninstall” from the context menu.

6. Remove Temporary Files

Temporary files can harbor malware. Disk Cleanup not only frees up disk space but also removes potentially malicious temporary files, ensuring that malware hiding in these locations is eradicated.

Hit the Windows button and R > type %temp% > delete all files in this destination > empty your recycling bin

7. Restore Your System

System Restore allows you to revert your system files and settings to a previous point in time. If your computer was functioning normally before the malware infection, restoring it to a state before the infection occurred can effectively remove the malware.

8. Update Your Software

Malware often exploits vulnerabilities in outdated software. Regularly updating your operating system, browsers, and other software ensures that you have the latest security patches, reducing the risk of malware attacks.

9. Reset Browsers

Malware frequently alters browser settings, injecting unwanted extensions or changing the homepage. Resetting your browsers to default settings removes these changes, ensuring a clean and secure browsing environment.

10. Educate Yourself

Knowledge is a powerful defense against malware. Stay informed about the latest threats, phishing techniques, and best practices for online safety. Being aware of potential risks empowers you to recognize and avoid them effectively. For employees, security training programs are a very good idea.

How to Remove Malware on Mac Devices

To ensure your system is completely clean, removing malware from your Mac requires a number of actions. Here’s a complete guide to removing malware from your Mac.

1. Disconnect from the Internet

Malware often relies on the internet to spread or communicate with its control server. By disconnecting from the internet, you prevent the malware from further infecting your system or sending data back to its source.

2. Enter Safe Mode

Safe Mode is a diagnostic mode in macOS that loads only essential system software. Booting into Safe Mode can prevent certain types of malware from loading, making it easier to remove them.

  • Click on the Apple logo on the upper left side of your screen.
  • Choose About this Mac.
  • Identify if your Mac is Apple Silicon or Intel-Based.

For Silicon Macbooks

  • Turn off your Macbook. If it’s necessary, do a hard shutdown by pressing the power button until all lights are out.
  • Press and hold the power button and let go once you see the loading start up screen.
  • Select the startup disk.
  • Hold the Shift button and select Continue in Safe Mode.
  • To exit Safe Mode, restart your Macbook.

For Intel Macbooks

  • Restart your Mac.
  • Immediately press and hold the Shift key.
  • Log on to your Mac by entering your device password. Then you can use your Mac in safe mode.
  • To exit Safe Mode, restart your Macbook.

3. Use Activity Monitor

Activity Monitor is a built-in utility on macOS that shows you all the processes running on your Mac. By using it, you can identify suspicious processes or applications that might be malware and terminate them.

Open Finder > “Applications” > “Utilities” > “Activity Monitor” > “Application” > “Quit”

4. Remove Malware from Login Items

Malware often adds itself to your login items so that it starts running automatically when you log in. Check your login items in System Preferences > Users & Groups and remove any suspicious or unknown applications from the list.

5. Start Malware Scanning

Use reliable antivirus or anti-malware software to perform a thorough scan of your system. Make sure the software is up-to-date to detect the latest malware threats.

6. Check Browser Homepage

Malware can change your browser’s homepage without your consent. Reset your browser settings to default and ensure that your homepage and search engine haven’t been hijacked by malware.

7. Delete Cache

Malware can hide in your system or browser’s cache. Clear your cache to remove any potentially infected files.

Clear Browser Cache


  • Open Safari.
  • Click on “Safari” in the top menu and select “Preferences.”
  • Go to the “Privacy” tab.
  • Click on “Manage Website Data.”
  • Click “Remove All” to delete all website data, or select specific websites and click “Remove” to delete data from specific sites.

Google Chrome

  • Open Chrome.
  • Click on the three-dot menu in the upper right corner.
  • Select “Settings.”
  • Scroll down and click on “Privacy and security” in the left menu.
  • Under “Privacy and security,” click on “Clear browsing data.”
  • Select “Cached images and files” and any other data you want to delete.
  • Click “Clear data.”

Mozilla Firefox

  • Open Firefox.
  • Click on the three-line menu in the upper right corner.
  • Select “Options.”
  • In the left menu, click on “Privacy & Security.”
  • Scroll down to the “Cookies and Site Data” section.
  • Click “Clear Data.”
  • Check “Cached Web Content” and click “Clear.”

Clear System and User Cache Files

Using Finder

  • In Finder, click on “Go” in the top menu and select “Go to Folder…”
  • Enter the following path: ~/Library/Caches
  • Delete the contents of the “Caches” folder. Be careful not to delete system-critical files.

Using Finder

  • Go to ~/Library/Caches (same as in the first step).
  • Delete the contents of the “Caches” folder. These are user-specific cache files.

8. Uninstall Suspicious Applications

Go through your Applications folder and uninstall any applications that you don’t remember installing or that seem suspicious. Drag the unwanted app to the Trash and empty the Trash to completely remove it from your system.

9. Remove Pop-Up Ads

Pop-up ads are often a result of adware, a type of malware. Clean up your browser extensions or add-ons to remove any adware-related extensions. Also, make sure your browser settings do not allow pop-ups.

10. Remove Adware and Malware from Extensions

Adware and malware can install malicious browser extensions without your knowledge. Go to your browser’s extension or add-on manager and remove any suspicious or unfamiliar extensions. Ensure you only keep the ones you trust and recognize.

Can You Use Malware Removal Tools?

Malware removal tools are critical in protecting your computer from a wide range of cyber threats. Installing a trustworthy malware cleanup application on your Mac or Windows computer is critical for keeping a safe working environment. Combined with real-time protection and regular updates, these tools can dramatically improve your entire cybersecurity posture.

There are free malware removal tools available from well known names like Avast and Malwarebytes; we cover these tools in our guide to rootkit scanner and removal tools, including some for Linux too.

But with the free protections offered in Windows and MacOS, and free firewall options too, there’s no excuse not to have good security on your devices. And activate your router’s security features too. Malware protection is a whole lot simpler than malware removal, and it can be had for free too. And use your devices in non-administrator accounts whenever possible to remove some of the biggest opportunities for malware.

Feature Partners

Mobile Device Security

A word on mobile malware: There really aren’t any good free solutions for Android devices, so we highly recommend paying for one. And reboot your mobile devices daily to wipe out any temporary malware that may be residing there. iPhone users who access sensitive data may want to use lockdown mode, and always restrict apps as much as you possibly can.

For more on Windows, Mac and mobile device security, read How to Prevent Malware: 15 Best Practices for Malware Prevention.

Bottom Line: Removing Malware Is Not As Hard As You Think

Removing malware from Mac and PC systems is not as difficult as it seems due to several factors. There are accessible antivirus and anti-malware tools available with user-friendly interfaces, which make it easier to scan and remove malware. Regular software updates enhance the system’s ability to detect and remove malware, while comprehensive malware databases and machine learning help identify malicious files.

Both Mac and PC systems offer safe mode options, allowing users to boot their computers with minimal drivers and processes, simplifying malware diagnosis and removal. A lot of online support communities provide expert advice and step-by-step guides from others who have faced similar malware issues.

Preventing malware through safe browsing habits and downloading software from official app stores or trusted sources also reduces the risk of malware. By staying informed and using reliable antivirus and antimalware tools, you can effectively remove malware from computer systems — if not avoid it entirely.

Get the Free Cybersecurity Newsletter

Strengthen your organization’s IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices.

Kaye Timonera Avatar

Subscribe to Cybersecurity Insider

Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.

Top Cybersecurity Companies

Top 10 Cybersecurity Companies

See full list

Get the Free Newsletter!

Subscribe to Cybersecurity Insider for top news, trends & analysis