How to remove malware from a Mac or PC

Usually, the first step to remove malware from a Mac or PC is to immediately disconnect from the internet and enter Safe Mode to help limit the damage to your system and data. Then, check Activity Monitor (Mac) or Task Manager (PC) for malicious applications and run a malware scanner. When you’re finally back online, you need to clear your cache.

Here’s our comprehensive, step-by-step guide to removing malware from your computer and re-securing your device and sensitive data against malicious software.

How to remove malware from a PC

To remove malware from your PC, disconnect from the internet, enter Safe Mode, check Task Manager for suspicious processes or high resource usage, scan for malware, analyze your web browser for malicious extensions, and then clear caches and temporary files.

Here’s a closer look at each step in detail:

1. Disconnect from the internet

Disconnecting from the internet prevents additional data from being sent to a malware server and stops the malware from spreading further. It also blocks the malware from receiving updates or new instructions that could complicate its removal.

2. Enter Safe Mode

Booting into Safe Mode starts your computer with the minimal set of drivers and services needed to run your operating system. This can prevent malware from activating, helping to isolate the malicious code, and allowing you to remove it.

Here’s how to enter Safe Mode on Windows 10 or 11:

1. Press Windows + I  to open settings, and click Update & Security (Windows 10) / System (Windows 11) > Recovery.
2. Select Restart Now under Advanced Startup.
3. When your computer restarts and the Choose an Option screen appears, select Troubleshoot > Advanced Options > Startup Settings  > Restart.
4. Your computer will restart again and present a list of options. Select 4 or F4 to enable Safe Mode. If you need to use the internet to download a malware scanner, press 5 or F5 to enable Safe Mode with Networking.

3. Monitor your PC’s activity

Reviewing recent activity and processes on your PC using Windows tools like Activity history, Event Viewer, or Task Manager can help you identify and remove malicious applications by revealing suspicious behaviors, unauthorized access, or unusual resource usage.

Review Activity history

Activity history shows a timeline of apps, files, and activities on your PC. Here’s how to check it:

• Windows 10: Go to Settings > Privacy > Activity history
• Windows 11: Go to Settings > Privacy & security > Activity history

Review Event Viewer

Event Viewer shows detailed logs of system, security, and application events on your PC. Follow these steps to identify and investigate suspicious activity:

1. Type Event Viewer in the Windows search bar and hit Enter.
2. Expand Windows Logs, and choose the event log category you want to view.
3. Review events to pinpoint suspicious activity.

Review Task manager

Task Manager shows real-time data on running processes, system performance, and resource usage. Use the keyboard shortcut Ctrl + Shift + Esc to launch Task Manager, and then look for suspicious processes that are consuming excessive system resources, running unexpectedly, or have unusual names that may indicate malicious activity.

4. Scan for malware

Use trusted antivirus software to perform a full system scan for malicious files, processes, and applications on your PC. Then, review the scan results and follow the onscreen recommendations to remove detected malware and other threats.

Norton AntiVirus Plus delivers real-time protection against modern online and offline threats, such as scams, malware, ransomware, spyware, and phishing attacks. Equipped with multiple layers of cutting-edge security, including Smart Firewall, it helps defend against today’s most sophisticated cyber risks, keeping your devices and data safer.

5. Reset your web browser

Malware can modify your web browser settings to redirect you to malicious websites that can reinfect your PC. Use the steps below to check and restore your homepage and connection settings in common browsers.

On Chrome

To reset your settings on Chrome:

1. Click the three vertical dots in the top right corner and select Settings > Reset settings.
2. Click Restore settings to their original defaults > Reset settings.

To reset your settings on Edge:

1. Click the three horizontal dots in the top right corner and select Settings > Reset settings.
2. Click Restore settings to their default values > Reset.

6. Clear your cache

Use Windows’ built-in tool Storage Sense to clear temporary files and system cache. As well as freeing up disk space and improving performance, it can also help eliminate lingering malware by removing files it may use to hide or spread through your device.

To clear your system cache with Storage Sense:

1. Navigate to Windows Settings > System > Storage.
2. Toggle on Storage Sense.
3. Specify how often Storage Sense should run and what files the program should delete.
4. To clear the cache right away, click Clean now.

You should also clear your browser cache, which you can do within your browser settings.

How to remove malware from a Mac

Removing malware from a Mac involves isolating the threat, identifying suspicious behavior, and restoring your system to a secure state. By using built-in tools, such as Activity Monitor and Safe Mode, alongside third-party antivirus software, you can detect and eliminate malicious programs while helping to protect your device from future infections.

1. Disconnect from the internet

Disconnecting from the internet isolates your Mac, preventing malware from spreading to other devices on your network or extracting sensitive data. Plus, it blocks hackers from getting remote access to your system.

If you need to download a malware removal tool, complete the download first, then disconnect and don’t reconnect until the malware has been fully removed.

2. Enter Safe Mode

Safe Mode, often referred to as safe boot, starts your Mac in a diagnostic mode that allows you to troubleshoot issues without malware interference.

Before entering Safe Mode on your Mac, determine whether it uses an Intel or Apple silicon processor by clicking the Apple icon in the menu bar and choosing About This Mac. If the first line says Chip, you have a Mac with Apple silicon; if it says Processor, you have an Intel-based Mac.

• On Apple Silicon Macs: Hold the power button, then restart your computer and hold the power button until you see the start-up options or login window. Then select the option to Safe Boot.
• On Intel-based Macs: Hold the shift key, then restart your computer and hold the shift key until you see the start-up options or login window. Then select the option to Safe Boot.

3. Delete temporary files

Deleting your browser cache and temporary files on your Mac helps remove potential hiding places where malicious files or code may be embedded to evade detection.

To delete temporary files on Mac:

1. Open Finder and press Shift + Command + G.

2. Type ~/Library/Caches into the search bar and press enter or return.

3. Select the files you want to remove, press Command + Delete to move the files to the Trash, and enter your password to confirm.

4. Check Activity Monitor

Activity Monitor is a built-in macOS tool that provides real-time insights into your computer's performance, including memory usage, disk activity, and network activity. It can help detect malware by identifying unusual processes consuming excessive resources.

To check Activity Monitor and stop malware-driven processes:

1. Open Launchpad and search for Activity Monitor.

2. Look for processes that are consuming excessive CPU or memory, have suspicious names, or are running unexpectedly.

3. Double-click the Process Name of the item you suspect, select Quit (represented by the X in a circle at the top), and confirm.

5. Use a malware scanner

Use a reputable antivirus or anti-malware scanning tool designed for macOS and perform a full system scan to detect and remove malicious software reliably. Ensure the app is up-to-date for maximum protection, and follow its instructions to quarantine or delete any detected malware.

If you already have an antivirus program on your computer, try using a different scanner for this malware check to help identify threats your primary antivirus may have missed. If you do so, you may need to uninstall your current antivirus app first.

Norton AntiVirus Plus is an Apple-approved malware scanner that integrates seamlessly with macOS and utilizes advanced predictive analysis and cloud-based threat intelligence to help detect and remove a wide range of malware including viruses, ransomware, spyware, and Trojans.

6. Check your browser for malware

Google removed its Chrome Cleanup Tool in March 2023, and Safari doesn’t have a built-in virus scanner either. So to make sure your browser hasn’t been configured maliciously, look for unfamiliar extensions, adware pop-ups, or changes to your search engine.

First, reconnect to the internet and then follow the steps below to reset your Chrome or Safari browser.

Resetting Chrome on Mac

1. Click the three vertical dots in the top right corner of your Chrome browser and select Settings > Reset settings.
2. Click Restore settings to their original defaults > Reset settings.

Resetting Safari on Mac

1. Click the Safari menu in the top left corner of the browser window and select Settings > General.
2. Select Homepage next to New windows open with and New tabs open with.
3. Enter your preferred homepage web address next to Homepage.

What if the malware removal is unsuccessful?

If malware removal is unsuccessful, sometimes the only way to be sure your PC or Mac is free of malware is to reinstall your operating system and applications from scratch entirely.

This process wipes your computer's hard drive clean and reinstalls the operating system software from scratch. It erases all data on the drive, including files, documents, photos, and any other personal information. That’s why it’s important to regularly back up important files to an external hard drive or cloud storage.

When restoring from a backup, ensure it was created before the malware infection — otherwise, you risk reinfecting your machine.

Reinstalling Windows

If you don’t have a recent backup, try reinstalling Windows with installation media — this helps resolve software corruption issues without affecting your files, settings, or apps. But, if all else fails, you’ll need to reset your PC. Here’s how:

• Windows 10: Settings > Update & Security > Recovery > Get started (under Reset this PC) > follow the on-screen instructions.
  
• Windows 11: Settings > System > Recovery > Reset PC (under Reset this PC).

Reinstalling macOS

Before reinstalling macOS on your MacBook or iMac, first open Finder and select Applications > Utilities > Disk Utility > Erase to remove stubborn malware compromising your system's core files or startup code, providing a clean slate for reinstalling the operating system.

Then follow Apple’s guidance on how to reinstall MacOS.

How to help protect your devices from malware

The list of ways malware or viruses can get on your computer is almost endless, but you can dramatically reduce your chances of falling victim to malware by following key Cyber Safety practices.

To minimize the attack surface of your PC or Mac:

• Get an antivirus: Robust antivirus software like Norton AntiVirus Plus can detect, block, and remove malware such as ransomware, viruses, and spyware, in real time.
• Keep software updated: Regularly update your operating system and apps to patch vulnerabilities that malware can exploit.
• Avoid clicking suspicious links: Be cautious with unfamiliar links in emails, messages, or websites to prevent phishing and malware downloads.
• Enable a firewall: Activate a firewall on your device or router to help filter and block malicious or unauthorized internet traffic.
• Download from trusted sources: Install apps and software exclusively from official stores or verified websites to avoid malicious programs.
• Clear your downloads and trash often: If you’ve deleted downloads or moved suspicious files to the trash, empty the trash immediately after.
• Disable auto-run for external devices: Prevent USB drives or external devices from automatically running to reduce the risk of infection.
• Back up your data regularly: Keep backups of important files to recover from potential malware attacks like ransomware.

Secure your PC or Mac

With Norton AntiVirus Plus, you can not only find and remove malware from your device with a click of your mouse, but also help keep your computer virus-free thanks to real-time scanning, automatic detection, and a Smart Firewall that can block threats before they cause harm.

FAQs

How do devices become infected with malware?

Devices are commonly infected with malware through phishing emails, unsafe websites, or infected USB drives. Additionally, vulnerabilities in outdated software or weak passwords can provide cybercriminals with easy access to your device.

How do I remove malware from Android?

To remove malware from an Android device, begin by ensuring your Android device has the latest software updates. Open the Google Play store settings and select Verify Apps. Remove any untrusted apps from your device.

How do I remove malware from my iPhone?

To remove malware from an iPhone, begin by installing the latest software updates on your iPhone. Clear your device’s browsing history and restart the device. If malware is still present, consider restoring an older version of your iPhone from the cloud or use an antivirus program to remove it.

How do I remove malware from my iPad?

To remove malware from an iPad, begin by installing the latest software updates to your iPad. Clear your device’s browsing history and restart the device. If malware is still present, use an antivirus program to remove it.

Will a factory reset remove malware?

A factory reset can remove most types of malware by restoring your device to its original settings, effectively wiping all data, apps, and infections. However, this step will also cause you to lose any files, photos, or other data that wasn’t backed up before the infection.