How to remove malware from your PC or Mac
Written by a NortonLifeLock employee
Malware — short for malicious software — refers to various types of programs written with the purpose of gaining access to a computer for malicious intent, and often without the user’s knowledge. Traditionally, the goal of malware has been to generate revenue, either by stealing your personal information for resale on the dark web, or by encrypting data and demanding ransom payment in order for a victim to regain access to their files. Malware can infect computers and devices in several ways.
Norton technology blocked 142 million threats a day.
Norton™ 360 brings real-time protection for your PCs, Macs, smartphones or tablets against ransomware, viruses, spyware, malware and other online threats.
Try Norton 360. Post, bank and shop from your device. We’ll keep it secure.
Malware comes in a variety of forms, such as viruses, spyware, adware, ransomware, and Trojans. And, contrary to the popular belief that Macs are safer than PCs, both platforms can be vulnerable to malware.
Cybercriminals can use malware to steal personally identifiable information (PII), which can include Social Security numbers, debit and credit card numbers, banking account passwords, and more.
Stolen personal information could make you vulnerable to identity theft. That’s one big reason you should know the signs of malware and understand the process for malware removal.
One indication of malware is when your computer starts to act oddly. Here are some common signs to look for in a potentially infected computer: slow performance, multiple pop-up windows, an unfamiliar browser toolbar, and ads with inappropriate images or that are difficult to close.
How your devices can get infected with malware
There are a number of ways that your device can be infected with malware, but many times it comes from a malicious website, or a site that attempts to install malware onto your device. Malicious websites work in a couple of ways. They often require some action on your part by asking you to install software that your computer appears to need, or by asking for permission to install one program, but installing a different one.
However, in the case of a drive-by download, the website will attempt to install software on your computer without asking for permission first. Drive-by downloads can be installed when you look at an email, browse a website, or click on a pop-up window with text designed to mislead you, such as a false error message.
If you think your computer has been infected, use this step-by-step guide to learn how to remove malware from Mac and PC computers.
Step 1: Disconnect from the internet
Disconnecting from the internet will prevent any more of your data from being sent to a malware server or the malware from spreading further. It’s important to stay offline as much as possible if you suspect that your computer has been infected. If you need to download a removal tool, disconnect after the download is complete and don’t connect again until you are sure that the malware has been removed.
Step 2: Enter safe mode
Safe mode, often referred to as safe boot, is a way to start your computer so that it performs checks and allows only the minimum required software and programs to load. If malware is set to load automatically, this will prevent the malware from doing so, making it easier to remove.
1. Start (or restart) your Mac, then immediately press and hold the Shift key. The Apple logo will appear on your display.
2. Release the Shift key when you see the login window (if you are asked to log in twice, learn more about what to do here).
1. Restart your PC.
2. When you see the sign-in screen, hold down the Shift key and select Power → Restart.
3. After your PC restarts, to the “Choose an option” screen, select: Troubleshoot → Advanced Options → Startup Settings.
4. On the next window, click the Restart button and wait for the next screen to appear.
5. A menu will appear with numbered startup options. Select number 4 or F4 to start your PC in Safe Mode. (safe mode).
Step 3: Avoid logging into accounts during malware removal
Be careful to not expose passwords though a copy-paste function or by clicking a show password box if you suspect your computer has been infected. Keylogger viruses are a common component of malware, which run invisibly and are designed to capture your keystrokes. To avoid sharing your personally identifiable information, refrain from logging into sensitive accounts while your device is infected.
Step 4: Check your activity monitor
If you know that you’ve installed a suspicious update or application, it’s important to close the application if it’s running. You can do so by using your activity monitor. This shows the processes that are running on your computer, so you can manage them and see how they affect your computer’s activity and performance.
Malware can take up resources on your computer, so check the CPU tab to see which applications are working the hardest. If you are able to find the suspicious application, you can close out of it through your activity monitor and then delete the application from the Finder menu (Mac) or uninstall it from your System Settings (Windows).
In Finder select → Applications → Utilities → Activity Monitor → Select Application → Quit
Settings → Administrative Tools → Resource Monitor → End task → Right Click → End Process
Step 5: Run a malware scanner
Fortunately, malware scanners can remove most standard infections. It’s important to keep in mind that if you already have an antivirus program active on your computer, you should use a different scanner for this malware check since your current antivirus software may not detect the malware initially. If you believe your computer is infected, we recommend downloading an on-demand scanner from a reliable source, such as the Norton Security Scan, and then installing security software which provides protection against existing and emerging malware, including ransomware and viruses, such as Norton Security software.
Step 6: Fix your web browser
It’s common for malware to modify your web browser’s homepage to reinfect your Mac or PC. Check your homepage and connection settings using the steps below for common browsers. Note that you will need to connect your computer to the internet to complete the following steps.
Internet Explorer (for Windows only):
- Select the Tools icon.
- Click Internet options.
- In the General tab, find the “Search” section and click Settings.
- Verify your default homepage.
Chrome (for Windows and Mac):
- In the top right corner of your Chrome browser, click More → Settings.
- Select the dropdown menu in the “Search engine” section.
- Verify your default homepage.
Safari (for Mac only):
- In the top left corner of your screen, select Safari → Preferences → General.
- Next to “New windows open with” and “New tabs open with,” select Homepage.
- Next to “Homepage,” you will verify your default homepage.
Step 7: Clear your cache
After you’ve verified your homepage setting, you should clear your browser’s cache. This is a temporary storage location on your computer where data is saved so your browser doesn’t need to download it each time. Follow these steps below to learn how to clear your cache for Chrome, Safari, and Internet Explorer.
Chrome (for Windows and Mac):
History → Clear Browsing Data → Time Range → All Time → Clear Data.
Safari (for Mac only):
Select Safari → Preferences → Privacy → Manage Website Data → Remove All.
Internet Explorer (for Windows only):
Select Tools → Safety → Delete browsing history.
What if malware removal is unsuccessful?
Sometimes the only way to be sure your computer is free of malware is to entirely reinstall the operating system and your applications or programs from scratch. Before wiping your hard drive, backup all your files to an external drive and consult Apple support or Microsoft support before beginning the process. Learn how to erase your startup disk prior to reinstalling MacOS in the steps below:
To reinstall MacOS
Restart the Mac and hold down Command-R after the startup chime sounds → Select Disk Utility → Erase.
To reinstall Windows
Follow the factory restore options. Windows gives you the option to keep your files or remove everything.
Select the Start button → Settings → Update & Security → Recovery → Reset this PC → Get started → Remove everything
How to help protect your devices from malware
Malware or viruses get on your computer in a handful of ways, so it’s important for computer owners to develop good online habits to avoid an infection. Use our best practices below to help protect your computer:
- Avoid suspicious emails, links, and websites. Sometimes malware or viruses are disguised as an image file, word processing document, or PDF that you open. Additionally, if you find a strange new file on your desktop, do not open it.
- Clear your downloads and empty your trash often. If you’ve deleted downloads or moved suspicious files to the trash, empty the trash immediately after.
- Create strong passwords. Once you’re sure the computer virus infection has been cleaned up, change all your passwords, using unique combinations of letters, numbers, and symbols. Don’t use words found in the dictionary since they can be cracked via a dictionary attack. To keep your passwords secure, consider using a free password manager.
Malware is a dangerous threat to computer owners and their data. New types of malware are being discovered frequently, and its profitable nature makes it especially attractive to cybercriminals around the globe. It’s important to exercise good online habits and understand the signs of a malware infection.
If you suspect your computer is infected, act as soon as possible to prevent the spread of malware and protect your personal information. Learn more about how Norton Security helps protect your devices by providing protection against existing and emerging malware, ransomware, and viruses.
Cyber threats have evolved, and so have we.
Norton 360™ with LifeLock™, all-in-one, comprehensive protection against viruses, malware, identity theft, online tracking and much, much more.
Try Norton 360 with Lifelock.
Editorial note: Our articles provide educational information for you. Norton LifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses.
Copyright © 2020 NortonLifeLock Inc. All rights reserved. NortonLifeLock, the NortonLifeLock Logo, the Checkmark Logo, Norton, LifeLock, and the LockMan Logo are trademarks or registered trademarks of NortonLifeLock Inc. or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc. Alexa and all related logos are trademarks of Amazon.com, Inc. or its affiliates. Microsoft and the Window logo are trademarks of Microsoft Corporation in the U.S. and other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.
No one can prevent all identity theft or cybercrime. Not all products, services and features are available on all devices or operating systems. System requirement information on norton.com.
*Important Subscription, Pricing and Offer Details:
- The price quoted today may include an introductory offer. After that, your membership will automatically renew and be billed at the applicable monthly or annual renewal price found here.
- You can cancel your subscription at my.norton.com or by contacting Member Services & Support. For more details, please visit the Refund Policy.
- Your subscription may include product, service and /or protection updates and features may be added, modified or removed subject to the acceptance of the Customer Agreement.
The number of supported devices allowed under your plan are primarily for personal or household use only. Not for commercial use. If you have issues adding a device, please contact Member Services & Support.
§ Dark Web Monitoring in Norton 360 plans defaults to monitor your email address only. Please login to the portal to review if you can add additional information for monitoring purposes.