Malware prevention and removal guide
Posted on January 28, 2019 By Dennis
Cybercriminals now favor phishing far more than they do malware, but viruses are still a clear and present danger to computer users worldwide. The best way to defeat criminals and the malware they create is to take the proper steps to prevent infection altogether. If you do get infected, there are dozens of useful tools that can help you remove malware from your system. Most antivirus software will also actively monitor your computer’s operating system and your network activity to help prevent further infections.
The following guide will help you get started on proper malware prevention and will help you remove any active infections that may be threatening your online privacy. It will list some of the best free malware removal and prevention tools and a number of paid tools which are worth considering.
What is malware? Malware types and variants
Malware is a portmanteau of the words “malicious software”. This type of computer program is designed to hide within your file system against your knowledge and wishes.
Some malware is designed to be discrete and exists completely undetected until something triggers it. Other malware will begin doing damage to your computer’s file system almost immediately after it’s installed. Regardless, any malware on your system is bad and should be removed as soon as possible to prevent damage to your operating system, data loss, and further infection.
Malware types and variants
Different types of malware will be designed to infect different parts of your computer and perform a multitude of harmful actions. Some may hide in your system for days or weeks, silently recording your keystrokes and using your internet connection to send information such as usernames, passwords, and credit card data back to third parties. Others may start rewriting files on your system, making it difficult to perform normal functions or access critical parts of your operating system. Some malware may even be designed to evade removal efforts, rendering normal removal tools and processes completely ineffective.
Here are a few malware types you may encounter:
- Ransomware: Locks your computer and demands payment to unlock
- Spyware: Hides on your computer and discretely gathers information
- Adware: Inserts ads and pop-ups onto your computer and web browsers
- Trojan: Pretends to be another program to trick your operating system into installing it
- Keylogger: Records and transmits everything you type onto your computer
- Rootkit: Gives unauthorized users access to your computer and file system
- Worm: Self-replicating program that infects and overwhelms a network or computer
All malware types can be removed using antivirus software. And all types of malware can be avoided using best practices, as well as real-time antivirus tools that monitor your network and computer for suspicious activity and potential threats.
How to tell if your computer is infected with malware
Depending on the type of malware you have on your computer, it may be extremely obvious that something is wrong. Alternatively, since some malware are designed to hide completely, you could have an infected machine and never know it.
Look for common signs of an infection
Given many malware infections are obvious and quickly broadcast their presence, here are a few signs that you may have some type of malware on your computer:
- Pop-ups appear on your computer or in your web browser unexpectedly and without warning
- Your web browser homepage seemingly changes by itself
- Additional toolbars appear on your web browser
- Your computer runs slowly and uses a lot of resources, even after a restart and without other programs running
- Strange programs you do not recognize are requesting permission to install other programs or access parts of your computer
- You lose permission and access to critical parts of your operating system
- Access to your computer is locked behind a ransomware message with a demand for payment to unlock (typically in Bitcoin or other cryptocurrencies)
- Any behavior that seems out-of-the-ordinary for your computer
Recognizing the more subtle signs of a computer infection may require knowing how your computer normally operates and identifying when something doesn’t seem quite right.
Remember, however, that not every type of malware will reveal itself through any form of behavior. Some will have almost no discernable impact on your computer, as they may be designed to hide and steal data for as long as possible before detection. Only taking proactive steps will completely protect your privacy.
How to remove malware from an infected computer
If you do find your computer is showing obvious signs of infection, or you’ve revealed malware after running an antivirus scanning tool, you should work to remove the malicious program immediately. The suggested tools above will let you remove any malware they find for free, but you should take a few additional steps before hitting the “delete” button.
Special note: You may find it necessary to disconnect your computer from the internet if the malware on your computer appears to be particularly damaging or appears to be trying to download or send information. If that’s the case, you will need a second device to download your preferred antivirus tool and run that tool from a USB drive on your infected machine. You will also need to save any critical files to a physical backup device, such as a USB drive or an external hard drive. Note, however, that you should only backup critical documents and photos. Do not transfer programs to your physical medium, as program files may be infected.
Create a backup of your critical files
Before removing any malware from your system, backup all of your critical system files and create a restore point. There are a few reasons to do this first:
- The malware on your computer may have infected a critical part of your file system, and removal may create errors
- Your malware removal tool may accidentally delete a necessary file or a file that was misclassified as malware
You can use an automatic online data backup service like iDrive to backup your critical files to the cloud, or even manually transfer some of your files to cloud drive locations such as Google Drive or Dropbox. Note, however, that backing up your files may also result in unintentionally backing up infected files. As such, I recommend only backing up trusted documents and images instead of programs. Most programs can easily be redownloaded, and any programs you paid for should either have an installation disc, a download link in your email that you can re-use, or a license key that you can re-enter after you install the program again.
Creating a system restore point will allow you to restore your file system to a previous state. This can help you return your file system to the way it was before you removed malware, just in case anything goes wrong.
To create a system restore point in Microsoft Windows, do the following:
- Open the System Restore panel by going to your system search bar and typing in “restore point”, then clicking on Create a restore point (or press the Windows key + Q on your keyboard and follow the same process)
- This process will open the System Properties window to the System Protection tab
- Next, click on Create and then enter a description, such as MalwareRemoval[Date], where [Date] is the date you’re performing the malware removal.
- Your computer will generate the restore point. You can find your restore point by going to System Properties > System Protection > Restore > System Restore > Choose a different restore point. Any restore points you’ve created, or that your computer automatically created following different actions, will be listed there.
Creating a system restore point and making a backup of your critical files is a good practice even when you’re not dealing with malware. It’s also a good way to prevent future malware infections from causing damage to your computer.
Run a system scan using an antivirus tool
Once you’ve backed up your important files and created a restore point, your next step is to scan your computer for malware.
A large number of high-quality tools will get the job done. Some of these tools will perform free scans and may even remove a fair number of threats at no cost to you. Others may perform free scans but require payment to remove infections. Some will charge money, either a one-time fee or a subscription fee.
Which tool you use will depend on your needs. I recommend that you start with a free malware scanning tool, and then move to a paid option if your computer is still acting suspiciously, or if you’re sure there’s an infection that a free tool simply won’t remove (such as ransomware).
The following free tools are among the best options on the market to start with:
- Windows Defender (included with Microsoft Windows Vista+)
- Panda Dome Free
- AVG Free Antivirus
- Avast Free Antivirus
- Avira Free Security
Most scanning tools work similarly. You’ll likely be able to adjust how deeply into your system the tool scans. For best results, I recommend using the most in-depth scanning option your selected tool offers.
For example, with AVG Free Antivirus, you would perform the Deep Scan:
Deep scans will take a while, anywhere from 15-30 minutes or more, depending on the size of your file system. You can perform other tasks while the scan is running, but to avoid complicating anything, it’s best to let your system sit while the scan runs. If your computer is set to automatically sleep after a period of inactivity, change your settings beforehand, just in case.
A note on Windows Defender
Windows Defender comes included with modern versions of Windows. It’s designed to automatically detect viruses and other malicious activity, but you can also use it as a malware scanning tool. If you have another antivirus tool installed, Windows will automatically prefer that option for you. However, if you do not want to install another tool, you can run a scan using Windows Defender.
To run a scan using Windows Defender, do the following:
- In your Windows search bar, type in “Windows Defender” (or press the Windows logo key and the “Q” key simultaneously to open the search bar, then type in the phrase)
- Click on Open Windows Defender Security Center to open the app
- Click on Virus & threat protection
- Now, click on Run new advanced scan
- Finally, select Full scan or Windows Defender Offline scan if you’re dealing with a particularly difficult infection
Remove malware from your computer
The final process is to remove the malware from your computer. Most malware tools you use will include this option for any malware located on your machine, including any malware the tools moved to quarantine. Some tools will only move files to quarantine and require you to pay a premium price for final removal, while others will automatically remove those tools without moving them to quarantine. The free options listed in this guide all remove malware at no charge.
Once you’ve run the malware removal process, you will likely be prompted to restart your computer. If not, I recommend manually restarting your computer to ensure the removal process is complete. Additionally, if the file is moved to quarantine, but not deleted automatically, you may want to open the quarantine folder from your malware removal tool and manually delete the quarantined malware files.
You may need to restart your computer in safe mode. Here’s how
Some particularly aggressive malware may actively stop antivirus tools from running on your computer. If this happens, restarting your computer in Safe Mode may help regain access and functionality to your malware removal tools.
Here’s how to restart Windows 7 and 8.1 in Safe Mode
- Restart your computer
- Once Windows begins to load, press the F8 key in one-second intervals
- If successful, Windows will load an Advanced Setup screen
- Press F4 to enter Safe Mode to get access without internet, or F5 to enter Safe Mode With Networking to get access to a version of Safe Mode that includes internet access
- You know you’re in a booted Safe Mode version when you see the words Safe Mode in the corner of your screen
Here’s how to restart Windows 10 in Safe Mode
Microsoft introduced several methods to enter Safe Mode with Windows 10:
Method 1: While logged into Windows
- Tap the Windows logo button and the “i” button on the keyboard at the same time to open Windows Settings (or type “Windows Settings” into your Windows search bar)
- Click on Update & Security and then on Recovery
- Then, click on Advanced startup
- Upon restart, Windows will show a screen that lets you choose your troubleshooting method. Select Troubleshoot, then Advanced options
- Next, select Startup settings, and then Restart
- Your computer will now restart again, and you will be shown a few more restart options. Select 4 or push F4 to open windows in Safe Mode, or 5/F5 to open Windows in Safe Mode with Networking
Method 2: From the sign-in screen
- Restart your computer using any method, or log out to return to the sign-in screen
- Hold down the Shift key and press the Power button simultaneously. In the selection window that appears, choose Restart
- Upon restart, you’ll get a new menu of options. Go to Troubleshoot > Advanced options > Startup settings > Restart
- Finally, push either 4/F4 to open up Safe Mode or 5/F5 to open Safe Mode with Networking
Method 3: Automatic repair mode
Windows automatically enters repair mode if it fails to boot properly after several attempts. This can be the result of malware that’s impacted the normal boot process. However, you can get Windows to enter Automatic Repair Mode manually by interrupting the normal boot process yourself three times (such as by hard restarting your computer using the power button). Once the computer has restarted, use the same process in Methods 1 or 2 (Troubleshoot > Advanced options > Startup settings > Restart)
What is Windows Safe Mode? Why use it?
Windows Safe Mode opens up a version of Windows that has limited functionality. In most cases, the areas of your file system where malware is rooted will not open in Safe Mode, but can still be accessed and removed by antivirus scanning and removal tools that may be designed to work in Safe Mode.
Safe Mode is not invulnerable, however. Some malware may be so deeply embedded in your file system that they still cause problems even in Safe Mode. In situations like that, you may need to completely remove and then reinstall Windows (a last resort, but an effective option if necessary).
There’s also the possibility that you’ll need to install an antivirus scanning and removal tool onto an external drive or a flash drive and run the removal process from there. Not every antivirus tool is accessible or functional in Safe Mode, and particularly troublesome malware may still prevent antivirus tools installed on your computer operating, even when you reboot in Safe Mode.
How to prevent malware infections
Once you’ve cleared away any malware from your system (or verified that there aren’t any issues), your next step should be to prevent any future malware infections. This can be done through two methods:
- Install a real-time antivirus program that will constantly monitor for malicious activity
- Use best practices while online to avoid downloading malicious files
A combination of both will help you avoid most malware, and will cover you just in case any malware does find its way to your computer.
Install a real-time antivirus tool
Any of the free antivirus tools mentioned in the removal guide above will work as real-time monitors against malware infections. That includes Windows Defender. If you plan to use Windows Defender, you may need to adjust its settings to strengthen its functionality as a real-time antivirus tool.
If you need additional features beyond just scanning and malware removal, however, a paid option is going to be your best avenue. A few well-rated AV tools that will get the job done and offer advanced features include:
- Avira Antivirus Pro ($35.99/year)
- Comodo Internet Security Pro ($39.99/year)
- eScan Internet Security Suite ($49.95/year)
- Vipre Advanced Security ($54.99/year)
- AVG Internet Security ($79.99/year)
Most of the free tools listed above (excluding Windows Defender) will let you upgrade to a paid version.
Use best practices to avoid getting infected
The best thing you can do to help secure your privacy online is to actively avoid the kind of activities that may make you more vulnerable. Here are a few key best practices you can employ today to increase your security while online.
- Do not click on suspicious-looking links. Always hover over (or long press on mobile devices) any links that look suspicious. Make sure the URL and link text match
- Do not open emails from unverified or suspicious sources. Your spam filter should catch most malicious links, but if you receive a suspicious email with an email address that’s a long string of letters and numbers, delete it or mark it as spam
- Use an adblocker. Ad blocking tools, such as AdLock, AdGuard, and the Stands Fair Adblocker, will help block malicious advertisements. These options also allow you to whitelist websites you trust to help ensure those sites continue to earn advertising revenue
- Do not download files from untrustworthy websites. Most reputable websites host their own apps for download. However, some sites will use third-party services to host their programs. There are dozens of good and trustworthy download sites out there, including Softpedia, FileHippo, Ninite, and CNET (formerly Download.com). If a download site is loaded with ads and includes a large number of misleading ads that are designed to look like download links, consider it untrustworthy
In general, if anything you find online seems suspicious or untrustworthy, it’s best to avoid clicking on it.
Setup your web browser to block suspicious pages and/or links
Although your real-time antivirus tool will help you when you accidentally download malicious files, most web browsers also include tools to help users filter and block potentially malicious websites.
- Click on the Settings button on the top right of your browser (three vertical dots)
- Click on Settings
- Scroll down and click on Advanced
- Under Privacy and security, enable Safe Browsing (click the bar to turn it blue)
- Click on the sandwich menu button on the top right (three vertical lines)
- Click on Options
- On the right, click on Privacy & Security
- Scroll down to locate Security
- Under Security, click to enable “Block dangerous and deceptive content”
- Make sure “Block dangerous downloads” and “Warn you about unwanted and uncommon programs” is also selected
For Microsoft Edge
- Open Microsoft Edge and click on the three dot icon on the top right
- At the bottom, click on Settings
- Under Advanced settings click on View advanced settings
- Scroll down the bottom of the list and make sure “Help protect me from malicious sites and downloads with Windows Defender SmartScreen” is turned ON (click to turn the bar blue if it’s gray)