Accidentally downloading malware can be a frightening experience, but what’s even more alarming is letting it stay on your computer, causing damage over time. Therefore, as soon as you suspect or discover that your system may be infected, immediately follow these steps to secure your data.

Disconnect from the Internet immediately

The first and most crucial step to take when you suspect that malware has infiltrated your system is to disconnect your device from the Internet. This prevents malware from spreading further, communicating with remote servers, stealing personal data, or allowing bad actors to spy on you.

So, if your computer warns you of a potential infection, cut off the Internet connection immediately. If you are using Ethernet, unplug the cable or, if connected via Wi-Fi, click the Wi-Fi icon in the lower right corner to disconnect. Stay offline until you have properly assessed and removed the malware.

Boot into Safe Mode

After disconnecting your device from the Internet, the next step is to boot your Windows PC into Safe Mode. Safe mode runs your system with minimal resources and only the necessary drivers. This prevents the malware from spreading and reduces the risk that the infection will interfere with antivirus scans or any corrective actions, making it easier to remove the malware.

HAS boot into safe modeGo to Settings > System > Recovery, then click “Restart now” under Advanced startup. After your system restarts, go to Troubleshoot > Advanced Options > Startup Settings > Restart. Once your PC restarts, press “4” or “5” to select Safe Mode with Networking or Safe Mode.

Run a malware scan and remove infections

Once you have booted your system into safe mode, it is time to remove the malware. First of all, run a full system scan with Windows Defender to see if any threats are quarantined or removed. Then perform a second scan with a third-party antivirus like Malwarebytes to check all files, programs and processes for signs of malware.

Together, these scans will detect and remove any malicious files or software. Make sure your antivirus tool is up to date, as outdated versions may not detect newer threats.

Check for unusual installed programs

Although malware scans can remove infections, some advanced malware can disguise itself as legitimate software running in the background. To ensure that nothing dangerous is left behind, you should manually check your system for suspicious or unauthorized programs that might have been installed without your knowledge.

This step will help prevent any hidden malware from relaunching. To do this, open the Settings app and go to Apps > Installed apps. Examine the list carefully for any unknown programs. If you spot anything suspicious that appeared after your PC was infected, click on three vertical dots and click “Uninstall” to delete the app immediately.

Keep an eye on Task Manager for unusual resource usage

Some malware, like cryptojackers, is designed to hijack your computer’s processing power to mine cryptocurrencies or perform other resource-intensive operations. These programs run silently in the background, consuming CPU, memory, or disk resources, which can slow down your system. You can use Task Manager to identify any suspicious activity.

To do this, right-click on the taskbar and select “Task Manager”. Go to the “Processes” tab and sort processes by CPU, RAM, or disk usage. If you notice any processes using unusually high resources, right-click on them and choose “Open file location.” You can delete the source file from there to stop resource leaking.

Some Windows processes have unusual names and use high resources. Before deleting files, research the process online to ensure you are not deleting a critical system file.

Inspect startup applications

Malware can hide in startup programslaunching automatically every time you start your computer. Examining these startup applications helps identify any malware running without your knowledge. Once you have verified that a process is malicious by searching for it online, you can disable it with confidence.

To do this, right-click the Start button and select Task Manager. In the Startup tab, look for unknown or suspicious applications, right-click them and select Disable to prevent them from starting. You can also right-click and select “Open File Location” to check the source file of the process.

Check Task Scheduler

Malware can be programmed to schedule tasks that run automatically. These tasks continue to work even after the original infection is removed from your device. This is why you should check Task Scheduler to identify malicious tasks that might still be running in the background.

To do this, press Windows+R, type taskschd.mscand press Enter. Review the list of active tasks in the Task Scheduler library and explore individual folders to find tasks set to initiate suspicious actions. Delete any you don’t recognize. Right-click the task and select Delete. You can check which scripts are associated with each task in the Actions tab.

Make sure you’re not being watched

Cybercriminals can also use malware to spy on their victims. This type of malware can track your keystrokes, steal personal information, monitor your activities, or even record you via your webcam, potentially leading to blackmail. Therefore, you should verify that no malicious actor has established a remote connection to your computer and is monitoring you.

To check this, get a list of active connections: open Command Prompt as administrator and enter netstat -a. Next, review all current network connections and check for any suspicious IP addresses. You can then check if these connections belong to legitimate companies whose services you use and disconnect any that seem suspicious.

Check your browser for signs of infection

Internet is the main source of malware infections and we mainly access it through web browser. So you need to make sure that malware hasn’t hijacked your browser to monitor your online activity, inject ads, or redirect your searches. To check this, look for signs that your browser has been compromised.

Check for unknown or suspicious extensions and remove them immediately. Change your default search engine to prevent redirection to malicious sites. Malware can store harmful cookies or cache data to track your activity. clear your cookies and cache. If you encounter unusual pop-up ads while browsing, remove the browser app and reinstall it.

Here’s what I do whenever I suspect I’ve been tricked into downloading a deceptive email attachment, file, or clicking a malicious link on an infected website. While these steps stop the infection from spreading, continue to monitor your computer for a few days. If you notice anything unusual, perform additional testing, perform a system restoreOr reset your operating system to factory settings.