How to Remove Malware Step by Step (2026 Guide)

By Thomas Løvaslokøy · Published May 31, 2026 · 9 min read

Discovering malware on your computer is stressful, but in most cases you can remove it yourself by following a careful, methodical process. This guide walks you through it step by step — from the first thing to do (disconnect) through scanning in Safe Mode, cleaning up, and the crucial after-care of securing your accounts. If you have not yet confirmed an infection, start with our guide on how to tell if your PC has malware. To run the scans below, you will want a reputable antivirus such as Bitdefender.

Step 1 — Disconnect from the internet

The moment you suspect an active infection, disconnect the machine from the internet — unplug the Ethernet cable or turn off Wi-Fi. This does two things: it stops malware from sending your data to an attacker, and it prevents it from downloading additional payloads or spreading to other devices on your network. Leave it disconnected for the removal process, reconnecting only when you need to download a tool (and then briefly).

Step 2 — Back up your important files (carefully)

If you do not already have a recent backup, copy your essential personal files — documents, photos — to an external drive before you start deleting things, in case the clean-up goes wrong. Back up data only, not program installers or system files, which could carry the infection. Be aware that some malware can spread to connected drives, so disconnect that backup drive once the copy is done and scan those files later before trusting them. If you keep proper backups already, you are in a far stronger position — which is exactly why our ransomware protection guide stresses them.

Step 3 — Boot into Safe Mode

Restart your computer into Safe Mode, which loads only essential system components and keeps most malware from running. On Windows you reach it through the recovery options (hold Shift while clicking Restart, then choose Troubleshoot, Advanced options, Startup Settings, and enable Safe Mode with Networking if you need to download a scanner). On a Mac, the equivalent is Safe Boot. Scanning from this state dramatically improves your chances of detecting and fully removing the infection, because the malicious code is not actively defending itself.

Step 4 — Run a full antivirus scan

With a reputable, fully updated antivirus, run a full scan — not a quick one. Let it complete and quarantine or remove everything it flags. If your installed antivirus was disabled by the malware or you do not have one, download a trusted product or an on-demand scanner (briefly reconnecting if needed). Running a second, different on-demand scanner afterward is a good way to catch anything the first missed, since no single engine detects everything. Choose your tool from our best antivirus roundup.

Step 5 — Clean up browsers and startup items

Malware and adware often leave behind browser hijacks and persistence mechanisms even after the core files are gone. Review your browser extensions and remove anything you did not install, reset your homepage and default search engine, and clear the browser cache. Check your list of installed programs for unfamiliar entries and uninstall them, and review startup items (Task Manager on Windows, Login Items on a Mac) for anything suspicious set to launch automatically. This step is what stops the symptoms returning after the scan.

Step 6 — Reboot, re-scan and verify

Restart normally and run another full scan to confirm the system is clean — ideally two consecutive scans with no detections. Watch over the next few days for the original symptoms returning. If threats keep reappearing or the machine still misbehaves, the infection may be deeper than a scan can reach, and a clean reinstall of the operating system is the reliable fallback. Restore your files afterward only from a backup made before the infection.

Step 7 — Secure your accounts

This step is as important as the removal itself. Many modern infections are infostealers designed to capture your passwords, so assume your credentials may be compromised. Change your important passwords — email first, then banking and anything sensitive — from a different, clean device, never the machine you just cleaned. Enable two-factor authentication everywhere it is offered. A password manager makes resetting many passwords with strong, unique replacements far faster. Finally, check your accounts for any unauthorised activity and, if your identity may be exposed, review our identity theft protection guide.

Common mistakes to avoid

• Staying online during removal, letting the malware keep communicating or spreading.
• Changing passwords on the infected machine, which can hand the new ones straight to an infostealer.
• Skipping the browser and startup clean-up, so the symptoms return after the scan.
• Trusting a single scan. Verify with a reboot, a second scan, and ideally a second scanner.
• Restoring from an infected backup, which simply reinfects you — use one from before the symptoms began.