Malware

How to remove malware from your PC or Mac


Authored by a Symantec employee

 

Malware — short for malicious software — refers to various types of programs written with the purpose of gaining access to a computer for malicious intent, and often without the user’s knowledge. Traditionally, the goal of malware has been to generate revenue, either by stealing your personal information for resale on the dark web, or by encrypting data and demanding ransom payment in order for a victim to regain access to their files. Malware can infect computers and devices in several ways.

Malware comes in a variety of forms, such as viruses, spyware, adware, ransomware, and Trojans. And, contrary to the popular belief that Macs are safer than PCs, both platforms can be vulnerable to malware.

Cybercriminals can use malware to steal personally identifiable information (PII), which can include Social Security numbers, debit and credit card numbers, banking account passwords, and more.

Stolen personal information could make you vulnerable to identity theft. That’s one big reason you should know the signs of malware and understand the process for malware removal.

One indication of malware is when your computer starts to act oddly. Here are some common signs to look for in a potentially infected computer: slow performance, multiple pop-up windows, an unfamiliar browser toolbar, and ads with inappropriate images or that are difficult to close.

How your devices can get infected with malware

There are a number of ways that your device can be infected with malware, but many times it comes from a malicious website, or a site that attempts to install malware onto your device. Malicious websites work in a couple of ways. They often require some action on your part by asking you to install software that your computer appears to need, or by asking for permission to install one program, but installing a different one.

However, in the case of a drive-by download, the website will attempt to install software on your computer without asking for permission first. Drive-by downloads can be installed when you look at an email, browse a website, or click on a pop-up window with text designed to mislead you, such as a false error message.

If you think your computer has been infected, use this step-by-step guide to learn how to remove malware from Mac and PC computers.

Step 1: Disconnect from the internet

Disconnecting from the internet will prevent any more of your data from being sent to a malware server or the malware from spreading further. It’s important to stay offline as much as possible if you suspect that your computer has been infected. If you need to download a removal tool, disconnect after the download is complete and don’t connect again until you are sure that the malware has been removed.

Step 2: Enter safe mode

Safe mode, often referred to as safe boot, is a way to start your computer so that it performs checks and allows only the minimum required software and programs to load. If malware is set to load automatically, this will prevent the malware from doing so, making it easier to remove.

For Mac:

1. Start (or restart) your Mac, then immediately press and hold the Shift key. The Apple logo will appear on your display.
2. Release the Shift key when you see the login window (if you are asked to log in twice, learn more about what to do here).    

For Windows:

1. Restart your PC.
2. When you see the sign-in screen, hold down the Shift key and select Power → Restart.
3. After your PC restarts, to the “Choose an option” screen, select: Troubleshoot → Advanced Options → Startup Settings.
4. On the next window, click the Restart button and wait for the next screen to appear.
5. A menu will appear with numbered startup options. Select number 4 or F4 to start your PC in Safe Mode. (safe mode).

Step 3: Avoid logging into accounts during malware removal

Be careful to not expose passwords though a copy-paste function or by clicking a show password box if you suspect your computer has been infected. Keylogger viruses are a common component of malware, which run invisibly and are designed to capture your keystrokes. To avoid sharing your personally identifiable information, refrain from logging into sensitive accounts while your device is infected.

Step 4: Check your activity monitor

If you know that you’ve installed a suspicious update or application, it’s important to close the application if it’s running. You can do so by using your activity monitor. This shows the processes that are running on your computer, so you can manage them and see how they affect your computer’s activity and performance.

Malware can take up resources on your computer, so check the CPU tab to see which applications are working the hardest. If you are able to find the suspicious application, you can close out of it through your activity monitor and then delete the application from the Finder menu (Mac) or uninstall it from your System Settings (Windows).

For Mac:

In Finder select → Applications → Utilities → Activity Monitor → Select Application → Quit

For Windows:

Settings → Administrative Tools → Resource Monitor → End task → Right Click → End Process

Step 5: Run a malware scanner

Fortunately, malware scanners can remove most standard infections. It’s important to keep in mind that if you already have an antivirus program active on your computer, you should use a different scanner for this malware check since your current antivirus software may not detect the malware initially. If you believe your computer is infected, we recommend downloading an on-demand scanner from a reliable source, such as the Norton Security Scan, and then installing security software which provides protection against existing and emerging malware, including ransomware and viruses, such as Norton Security software.

Step 6: Fix your web browser

It’s common for malware to modify your web browser’s homepage to reinfect your Mac or PC. Check your homepage and connection settings using the steps below for common browsers. Note that you will need to connect your computer to the internet to complete the following steps.

Internet Explorer (for Windows only):

  1. Select the Tools icon.
  2. Click Internet options.
  3. In the General tab, find the “Search” section and click Settings.
  4. Verify your default homepage.

Chrome (for Windows and Mac):

  1. In the top right corner of your Chrome browser, click More → Settings.
  2. Select the dropdown menu in the “Search engine” section.
  3. Verify your default homepage.

Safari (for Mac only):

  1. In the top left corner of your screen, select Safari → Preferences → General.
  2. Next to “New windows open with” and “New tabs open with,” select Homepage.
  3. Next to “Homepage,” you will verify your default homepage.

Step 7: Clear your cache

After you’ve verified your homepage setting, you should clear your browser’s cache. This is a temporary storage location on your computer where data is saved so your browser doesn’t need to download it each time. Follow these steps below to learn how to clear your cache for Chrome, Safari, and Internet Explorer.

Chrome (for Windows and Mac):

History → Clear Browsing Data → Time Range → All Time → Clear Data.

Safari (for Mac only):

Select Safari → Preferences → Privacy → Manage Website Data → Remove All.

Internet Explorer (for Windows only):

Select Tools → Safety → Delete browsing history.

What if malware removal is unsuccessful?

Sometimes the only way to be sure your computer is free of malware is to entirely reinstall the operating system and your applications or programs from scratch. Before wiping your hard drive, backup all your files to an external drive and consult Apple support or Microsoft support before beginning the process. Learn how to erase your startup disk prior to reinstalling MacOS in the steps below:

To reinstall MacOS

Restart the Mac and hold down Command-R after the startup chime sounds → Select Disk Utility → Erase.

To reinstall Windows

Follow the factory restore options. Windows gives you the option to keep your files or remove everything.

Select the Start button → Settings → Update & Security → Recovery → Reset this PC → Get started → Remove everything

How to help protect your devices from malware

Malware or viruses get on your computer in a handful of ways, so it’s important for computer owners to develop good online habits to avoid an infection. Use our best practices below to help protect your computer:

  • Avoid suspicious emails, links, and websites. Sometimes malware or viruses are disguised as an image file, word processing document, or PDF that you open. Additionally, if you find a strange new file on your desktop, do not open it.
  • Clear your downloads and empty your trash often. If you’ve deleted downloads or moved suspicious files to the trash, empty the trash immediately after.
  • Create strong passwords. Once you’re sure the computer virus infection has been cleaned up, change all your passwords, using unique combinations of letters, numbers, and symbols. Don’t use words found in the dictionary since they can be cracked via a dictionary attack. To keep your passwords secure, consider using a free password manager.

Malware is a dangerous threat to computer owners and their data. New types of malware are being discovered frequently, and its profitable nature makes it especially attractive to cybercriminals around the globe. It’s important to exercise good online habits and understand the signs of a malware infection.

If you suspect your computer is infected, act as soon as possible to prevent the spread of malware and protect your personal information. Learn more about how Norton Security helps protect your devices by providing protection against existing and emerging malware, ransomware, and viruses.


Symantec Corporation, the world’s leading cyber security company, allows organizations, governments, and people to secure their most important data wherever it lives. More than 50 million people and families rely on Symantec’s Norton and LifeLock comprehensive digital safety platform to help protect their personal information, devices, home networks, and identities.

© 2018 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, the Checkmark Logo, Norton, Norton by Symantec, LifeLock, and the Lockman Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Google Chrome is a trademark of Google, Inc. Mac, iPhone and iPad are trademarks of Apple Inc. Microsoft and the Windows logo are trademarks of Microsoft Corporation in the United States and/or other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.

`