How to Remove Malware From Any Device
Strange pop-ups, a sluggish machine or settings that change on their own usually mean one thing: malware. Here is how to find it and clean it out safely, on Windows, Mac and Android.
Malware is any software written to harm you or your device — viruses, trojans, spyware, adware, ransomware and the rest. The symptoms are familiar even when the cause is hidden: a once-fast machine crawls, browser pop-ups appear out of nowhere, your homepage or default search engine changes by itself, or unknown programs launch at startup. The good news is that most consumer malware can be removed at home with free, trusted tools and a careful, methodical process. This guide walks through detection and removal on Windows, Mac and Android, and explains when a full reset is genuinely the right call.
Key takeaways
- Disconnect first. Cutting the network stops data theft and blocks the malware from downloading more.
- Safe Mode is your friend. It loads only essential software, so scanners can remove threats that resist removal while running.
- Use one trusted scanner. Microsoft Defender on Windows and a reputable on-demand scanner cover the vast majority of consumer threats — avoid stacking multiple real-time tools.
- Factory reset is the last resort, reserved for ransomware, rootkits or anything that returns after cleaning.
Signs you are infected
Not every slow computer is infected — sometimes it just needs maintenance, which is why it is worth ruling out the ordinary causes covered in how to speed up a slow computer first. But certain symptoms strongly suggest malware: a flood of pop-up or “your device is infected” ads, a browser homepage or search engine you did not set, programs you never installed, your security software disabled and refusing to turn back on, the fan running constantly while the device is idle, or friends receiving messages you never sent. On a phone, rapid battery drain, surprise data usage and apps you do not recognise are red flags. CISA notes that unexpected pop-ups and a sudden slowdown are among the most common early indicators of an infection.
First: disconnect and back up
Before you touch a scanner, pull the device off the network. Turn off Wi-Fi and unplug any Ethernet cable. This single step stops spyware from exfiltrating passwords and blocks malware from fetching extra components. If you have important files that are not already backed up and the device is still usable, copy documents and photos only — never program installers or executables — to an external drive you can scan later. Do not reuse that drive on another machine until it has been scanned clean.
Never pay a ransom or call a pop-up “support” number. Fake virus warnings that demand payment or tell you to phone a number are themselves the scam. CISA advises that you should never call numbers shown in pop-ups; close the browser instead. If you suspect a phishing trap led to the infection, review how to spot a phishing email.
Removing malware on Windows
Windows ships with a capable scanner, so you rarely need to buy anything. Restart into Safe Mode with Networking: open Settings → System → Recovery → Advanced startup → Restart now, then choose Troubleshoot → Advanced options → Startup Settings → Restart, and press 5. Once in Safe Mode, open Windows Security, go to Virus & threat protection → Scan options, choose Full scan and run it. Microsoft also offers the Microsoft Defender Offline scan, which reboots and scans before Windows fully loads — very effective against stubborn malware (see support.microsoft.com). After the scan quarantines threats, open Settings → Apps and uninstall any unfamiliar program with a recent install date, then reboot normally and scan once more to confirm.
| Threat type | Typical symptom | Best removal route |
|---|---|---|
| Adware / browser hijack | Pop-ups, changed search engine | Browser reset + full scan |
| Spyware / keylogger | Data usage, slowdown | Safe Mode full scan, change passwords |
| Trojan | Unknown background program | Uninstall + full scan |
| Ransomware | Encrypted files, ransom note | Disconnect, restore from backup, reset |
| Rootkit | Returns after cleaning | Offline scan, then factory reset |
Removing malware on a Mac
macOS has built-in protections (Gatekeeper, XProtect and a malware removal tool that runs quietly in the background), but Macs are not immune — adware and “potentially unwanted programs” are common. Start in Safe Mode: on Apple silicon, shut down, then hold the power button until startup options appear, select your disk and hold Shift while clicking “Continue in Safe Mode” (steps vary by model on support.apple.com). Then open System Settings → General → Login Items and remove anything suspicious that launches at startup, and check Privacy & Security for profiles you did not install. For a thorough sweep, run a reputable on-demand scanner. Most Mac infections live in the browser, so the browser cleanup below is essential.
Removing malware on Android
On Android, restart into Safe Mode by pressing and holding the power button, then touching and holding “Power off” until “Reboot to safe mode” appears (per support.google.com). In Safe Mode, third-party apps are disabled, which usually stops the malware. Open Settings → Apps, look for apps you do not recognise — especially any with Device Administrator rights — and uninstall them; you may need to revoke admin access first under Security. Run a scan with Google Play Protect (open the Play Store, tap your profile, then Play Protect → Scan). Reboot normally afterward. If your phone shows other warning signs, our guide to how to tell if your phone is hacked covers what else to check.
Cleaning your browser
A huge share of consumer malware is really browser hijacking: rogue extensions and changed settings rather than deep system infection. In every browser, remove extensions you did not deliberately install, then reset the browser to its defaults — Chrome, Edge, Safari and Firefox all have a “restore settings to original defaults” option. Clearing cached files removes lingering scripts; our guide on protecting your privacy online explains good ongoing habits. Once clean, set strong, unique credentials following how to create strong passwords, because any password you typed while infected should be treated as compromised.
When a factory reset is the answer
If malware keeps coming back after cleaning, if you hit ransomware, or if a scanner reports a rootkit, a full factory reset is the cleanest fix — it wipes the device and reinstalls a fresh operating system. Back up your personal files first (and scan that backup before restoring it), note your logins, then use the built-in reset: Settings → System → Recovery on Windows, Erase All Content and Settings on Mac, or Settings → System → Reset on Android. Afterward, restore documents and photos only, reinstall apps from official stores, update everything, and change every important password from the now-clean device. Finally, lock down your network with home Wi-Fi security so you are not reinfected from the same source.
Frequently asked questions
Can malware be removed without a factory reset?
Yes, in most cases. A full scan in Safe Mode with a trusted scanner, combined with uninstalling unknown apps and resetting your browser, clears the vast majority of consumer malware. A factory reset is only necessary for ransomware, rootkits, or infections that return after a proper cleaning.
Is the built-in antivirus enough to remove malware?
For most people, yes. Microsoft Defender on Windows and the built-in protections on Mac and Android handle the great majority of threats, especially when paired with Safe Mode and the offline-scan options. Avoid running several real-time antivirus tools at once, as they can conflict and slow your device.
Should I change my passwords after a malware infection?
Yes. Spyware and keyloggers can capture anything you type, so treat passwords used while infected as compromised. Change them from a different, clean device after removing the malware, starting with email, banking and any account that reuses the same password, and enable two-factor authentication.
How did the malware get on my device?
Common routes are malicious downloads, fake software updates, infected attachments, phishing links and apps from outside official stores. Pop-ups claiming your device is infected are themselves a trap. Keeping software updated, using official app stores and being cautious with links and attachments prevents most infections.
Sources & further reading
- CISA — Protecting Against Malicious Code
- Microsoft Support — Windows Security and scanning
- Apple Support — Protect your Mac from malware
This guide is independently produced. We reference primary documentation from device makers and security authorities (NIST, CISA). Tudug is reader-supported and may earn from ads.