What to do if you're a victim of malware

A man holding a tablet, researching information about malware threats.

Trojan horses, bots, adware, ransomware, macro viruses, rogueware, spyware, worms and phishing attacks target Internet users every day. The more we use the Internet, the more vulnerable we are to threats. There are many security measures that Internet users can put in place to minimize putting themselves at risk from malicious attacks.

Over the past two decades, the Internet has evolved from something of a novelty to a tool most of us heavily rely upon every single day. The Internet has completely changed the way we do things, from how we work to how we communicate, socialize, shop and learn. When we think about how much we depend on the Internet in our daily lives, it's hard to imagine life without it.

But, as much as the Internet is an indispensable tool, using it leaves us vulnerable to malicious threats. There are an abundance of Trojan horses, bots, adware, ransomware, macro viruses, rogueware, spyware, worms and phishing attacks that target Internet users every day. Crimeware attacks and identity fraud can happen to anyone at any time and the more we use the Internet, the more vulnerable we are to threats.

There are many security measures that Internet users can put in place to minimize putting themselves at risk from malicious attacks. If you are a victim of an attack, check out steps you can take in response to the incident.



If you're a victim of a crimeware attack you should disconnect from the Internet immediately. If you're connected via Wi-Fi, phone or Ethernet cable, you need to disable the connection as soon as possible to prevent data being transmitted to the criminal. Breaking your network connection is the best way to put an immediate stop to the attack.

You can disconnect your Internet connection by physically unplugging from the router or network connection and also disabling the connection on your device via the following the steps:

  1. Click on the Start menu
  2. Click on 'Settings'
  3. In the settings menu select 'Network Connections'
  4. Right-click and select the 'Disable' option.

If an attack takes place while you are at work, you should contact the IT department immediately. Your company's IT team needs to know about the infection to stop it from spreading or compromising your personal data and that of the company. Your IT department will then be able to take the right steps to recover the damage caused. If an attack takes place on your personal device, you should contact your Internet Service Provider (ISP).

img what to do if youre a victim of malware

Scan your Device

It's good practice to have antivirus software, such as Norton™ AntiVirus or Norton™ Internet Security, installed and up-to-date in case this kind of incident occurs. Antivirus and antispyware software are the best tools to protect against crimeware. Run periodic diagnostic scans with your software; set up automated scans at regular intervals to further protect your device.

As well as being able to detect crimeware threats from your device, which might otherwise go unnoticed, antivirus and antispyware programs can often remove the threats as well.

In some instances, the software may detect the crimeware but might not be able to remove it.

Create a backup

It's good practice to create regular backups of your files and folders. While the aim of crimeware is largely to steal information or data, there's a good chance that files may be lost or destroyed during the recovery process. You can back up files with flash drives and other types of removal media like CDs and DVDs, or by using backup software.

Monitor Your Online Behavior

Be aware of what you’re clicking on. Avoid suspicious-looking websites and advertisements, and remember if something seems strange or too good to be true, it is.

Reinstall your operating system

Depending on the severity of the attack, it might be necessary to reinstall the operating system of your computer. Some threats are very sophisticated and can hide deep in the system using rootkit techniques, meaning they'll go unnoticed by antivirus software.

Norton software can return your system to its last stable state before the infection took place. In other situations, the date of infection might not be known, and more sensitive data might be put at risk. In this case, the safest option might be to recover your files and reinstall your operating system.

Online fraud

Close all accounts

If you find you are the victim of online fraud or identity theft, the first thing you should do is close all affected accounts immediately. If you work quickly, you should be able to close accounts before the thief has time to access them. Closing or freezing your accounts can save you a lot of time and stress later when it comes to disputing fraudulent purchases made by a cybercriminal. It’s always a good idea to contact the financial institution and discuss the impact an attack would have on your accounts and what the necessary steps are to take if the account has been compromised.

Set up fraud alerts

Set up a fraud alert with the three national consumer reporting agencies, Equifax, Experian and TransUnion. Contacting just one of these companies sets up the alert for all three. The fraud alert tells creditors to contact you directly before making any changes to existing accounts or allowing you (or someone using your identity) to open up new ones. This is an essential step to control the amount of damage an identity thief can do with your stolen information. This step also allows you to order your credit reports from each of the agencies for free.

Keep an eye on your credit reports

Keep an eye on your credit reports from each of these agencies as the information in the reports might differ somewhat. It might take some time for fraudulent activity to appear on your reports, which is why some agencies offer all-in-one reports or just-in-time alerting services for an additional fee. In some cases, it might be worth considering one of these quick turn-around reports depending on the level of threat and the potential impact.

Look for signs of identity theft

It's a good idea to be extra vigilant following an incident of identity theft. Look out for things arriving in the post such as credit cards you haven't applied for, or anything else that seems suspicious. Review your credit card bills and bank statements thoroughly every month. You should also make sure that you're receiving all your utility and other bills that are sent to your home address. In some circumstances, you might be contacted by vendors regarding accounts you haven't opened or debt collectors may contact you regarding purchases made by someone else.

Take These Additional Steps

Take the following additional steps to protect yourself from online fraud: *Create strong passwords featuring numbers and symbols, and change them often. *Avoid using unsecured public WiFi networks. *Don’t overshare on social media platforms.

Taking precautions

Security risks online are common and can cause massive amounts of damage when an attack takes place. While we can't control the actions of cybercriminals, we can take the necessary steps to protect ourselves and minimise the risk of becoming a victim of cybercrime by installing good Internet security software, backing up our data and being vigilant.


Don’t wait until a threat strikes.

Security threats and malware lurk on Windows PCs, Macs, and Android and iOS devices. If you use more than one device – like most of us do – you need an all-in-one security suite. Meet Norton Security Premium.

Enjoy peace of mind on every device you use with Norton Security Premium.

Norton logo
  • Norton
Norton empowers people and families around the world to feel safer in their digital lives

Editorial note: Our articles provide educational information for you. Our offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about Cyber Safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses. The Norton and LifeLock brands are part of Gen Digital Inc. 


    Want more?

    Follow us for all the latest news, tips and updates.