How to Remove Malware from Windows 10 & 11: A Complete Step-by-Step Guide

Before You Begin: Signs Your PC May Be Infected

Malware doesn't always make itself obvious. Your PC might be compromised if you notice: unusually slow performance, frequent crashes or BSODs (Blue Screen of Death), programs opening or closing on their own, unexpected network activity, or antivirus alerts you've been dismissing.

If you're experiencing any of these, follow the steps below carefully and in order.

Step 1: Disconnect from the Internet

Before doing anything else, disconnect your PC from the internet — either by unplugging the Ethernet cable or turning off Wi-Fi. Many malware types communicate with remote servers to receive instructions or exfiltrate your data. Cutting the connection limits the damage while you clean the system.

Step 2: Boot into Safe Mode

Safe Mode starts Windows with the minimum set of drivers and programs — most malware cannot run in this environment.

1. Press Windows + R, type msconfig, and press Enter
2. Go to the Boot tab and check Safe boot → Minimal
3. Click OK and restart your PC

Alternatively, hold Shift while clicking Restart and navigate to Troubleshoot → Advanced Options → Startup Settings → Restart → Safe Mode with Networking.

Step 3: Delete Temporary Files

Malware often hides in temporary file directories. Before scanning, clear these out:

• Press Windows + R, type %temp%, and delete all files in the folder
• Also run the built-in Disk Cleanup utility (search for it in the Start Menu)

This can also speed up the subsequent scan.

Step 4: Run a Malware Scan

Use at least two scanning tools for the best results — no single scanner catches everything.

• Windows Defender (built-in): Open Windows Security → Virus & Threat Protection → Scan Options → Full Scan
• Malwarebytes Free: Download from malwarebytes.com, install, update definitions, and run a full scan
• HitmanPro: A second-opinion scanner that's effective against rootkits and persistent threats

Quarantine or delete everything the scanners flag. Restart your PC between scans when prompted.

Step 5: Check for Suspicious Startup Programs

Malware often adds itself to startup to persist after reboots. To review what's running at startup:

1. Press Ctrl + Shift + Esc to open Task Manager
2. Click the Startup tab
3. Look for anything unfamiliar or with an unknown publisher
4. Right-click suspicious entries and choose Disable

For a deeper view, use Autoruns from Microsoft Sysinternals — it shows every program set to run automatically on your system.

Step 6: Check Installed Programs

Go to Settings → Apps → Installed Apps and sort by install date. Remove anything you don't recognise, especially items installed around the time your issues began.

Step 7: Scan for Rootkits

Rootkits are particularly dangerous — they hide deep in your system and can survive standard scans. Use GMER or Kaspersky TDSSKiller (both free) to specifically scan for rootkit activity.

Step 8: Restore Browser Settings

Malware often modifies browser settings. Reset all your browsers to defaults and remove unfamiliar extensions (see our adware removal guide for detailed steps).

Step 9: Change Your Passwords

Once your system is clean, change passwords for important accounts — especially email, banking, and social media. Do this from a different, trusted device if possible, in case a keylogger was active.

When to Consider a Full Reinstall

If malware persists after all the above steps, or if you suspect a serious rootkit or ransomware infection, a clean reinstall of Windows may be the safest option. Windows 10 and 11 both include a Reset this PC option under Settings → System → Recovery that can reinstall the OS while keeping your files.

Removing malware takes patience, but working through these steps methodically will resolve the vast majority of infections.