You've Got Malware — Now What? A Step-by-Step Recovery Guide

Finding out your computer has malware is a horrible moment. Whether it's a ransom note, a browser full of adverts you didn't put there, or your antivirus firing warnings — the instinct is to panic and start clicking things. Don't. The actions you take in the first few minutes make a big difference to how this plays out.

Here's exactly what to do, step by step.

Step 1: Disconnect from the Internet Immediately

Before anything else, take the machine offline. Disable Wi-Fi, unplug the Ethernet cable, or turn on Airplane Mode. This does two things:

Stops malware from sending your data to a remote server
Prevents it from downloading additional payloads or instructions

Many modern malware strains are modular — they phone home to get more components or to receive commands. Cutting the connection limits the damage.

Step 2: Don't Pay Any Ransom

If you're dealing with ransomware, you'll likely see a demand for payment in cryptocurrency in exchange for your files. Do not pay. Here's why:

There's no guarantee they'll give you a working decryption key
Paying confirms you're a target willing to pay, which often leads to further attacks
The payment itself doesn't remove the malware — you could end up paying and still infected

Note down or photograph the ransom note — it often identifies the specific ransomware strain, which can help with recovery.

Step 3: Boot into Safe Mode

Safe Mode starts Windows with the minimum necessary drivers and services, preventing most malware from loading at startup. This makes it much easier to detect and remove threats.

To boot into Safe Mode on Windows 10/11:

Hold Shift and click Restart from the Start menu or login screen
Go to Troubleshoot → Advanced options → Startup Settings → Restart
Press 4 or F4 for Safe Mode, or 5/F5 for Safe Mode with Networking

Use Safe Mode with Networking only if you need internet access to download tools — otherwise plain Safe Mode is safer.

Step 4: Run a Full Malware Scan

With the machine in Safe Mode, run a thorough scan with two tools — it's worth using both as they catch different things:

Windows Security (Defender) — built in to Windows 10/11. Open it and run a Full Scan.
Malwarebytes Free — download it from a clean device, copy it over via USB, and install it. Run a Threat Scan.

Let both scans complete fully. Quarantine and remove everything they flag. Then restart and run both scans again to confirm the system is clean.

If the malware is preventing scans from running: this is a sign of a more serious infection (rootkit, bootkit). At this point, professional help is the right call — trying to fight it yourself risks making the situation worse.

Step 5: Check Your Startup Programs and Scheduled Tasks

Some malware installs persistence mechanisms — scripts that re-download and reinstall the infection after you remove it. After scanning, check:

Task Manager → Startup apps — look for anything unfamiliar
Task Scheduler — search for it in the Start menu; check for tasks with random-looking names or unusual locations
Registry Run keys — these are more advanced; search for HKCU\Software\Microsoft\Windows\CurrentVersion\Run in Registry Editor and remove anything suspicious

Step 6: Change Your Passwords — From a Different Device

Assume any password you've typed on the infected machine could have been captured by a keylogger. Priority changes from a clean phone or another PC:

Email accounts (these are the master key to everything else)
Banking and financial services
Any site where you have payment details saved
Social media accounts

Enable two-factor authentication (2FA) on your email and banking accounts if you haven't already — it significantly raises the bar for attackers even if passwords are compromised.

Step 7: Consider a Clean Windows Reinstall

If the infection was serious — ransomware, rootkits, persistent trojans — the safest option is a clean reinstall of Windows. It sounds drastic but it's the only way to be genuinely certain the system is clean.

Before you do:

Back up important files to an external drive (scan them afterwards before opening)
Make a note of software licences you'll need to re-enter
Download Windows installation media from Microsoft's official site on a clean device

A fresh install takes about an hour and leaves you with a completely clean system.

How to Prevent Reinfection

Once you're clean, take these steps to make reinfection much less likely:

Keep Windows Update on automatic — most malware exploits known vulnerabilities that updates patch
Use a reputable antivirus — Windows Defender is decent; Malwarebytes Premium adds real-time protection for a modest annual cost
Be cautious with email attachments — especially unexpected ones, even from people you know
Don't download software from random websites — stick to official sources and the Microsoft Store for Windows apps
Use a password manager — Bitwarden is free, open source, and excellent. Unique passwords per site means one breach doesn't cascade
Enable 2FA wherever you can — especially email, banking, and social media

Infected and Not Sure What to Do?

We remove malware and viruses regularly — often without needing to reinstall Windows. Remote support available, same-day response.

Get Help Now