How do I know if my Windows PC has a virus?

Common signs include sudden slowness, unexpected pop-ups, programs opening on their own, browser redirects, antivirus being disabled, or unusual network activity. Run a full scan with Windows Defender or Malwarebytes to confirm.

Can Windows Defender remove all viruses?

Windows Defender handles most common threats well, but for stubborn or advanced malware, running a second scan with Malwarebytes Free in addition to Defender gives much better coverage.

Should I reinstall Windows after a virus infection?

Only if the infection is severe and persists after thorough removal attempts. Most infections can be fully removed with proper scanning tools. If your system behaves strangely even after cleaning, a fresh install may be the safest option.

How do I remove a virus in Safe Mode?

Restart Windows, press F8 or hold Shift while clicking Restart, choose Safe Mode with Networking, then run your antivirus scanner from there. Safe Mode prevents many malware types from loading, making them easier to remove.

How to Remove a Virus from Windows

How to tell if your PC has a virus, and what to do

If your computer has suddenly become slow, is showing pop-ups, redirecting your browser, or behaving in ways it never used to, there is a fair chance it has picked up a virus or other malware. The good news is that a great many infections can be cleaned up at home with the built-in tools and a careful, methodical approach. This guide walks through removing malware safely, in an order designed to catch the common infections first and avoid making things worse.

A quick word on safety before you start: if this is a work computer, or if you are seeing a ransom demand or your files have been encrypted, stop here and get professional help, because the wrong move can cause permanent data loss. For the everyday slowdowns, pop-ups and browser hijacks that most people deal with, the steps below are the right place to begin.

Signs your computer may be infected

Malware does not always announce itself, but these are the common warning signs:

Sudden slowness. The machine became sluggish quickly rather than gradually over years.
Pop-ups and ads. Adverts appearing on the desktop or inside programs where they never used to.
Browser changes. Your homepage or search engine changed on its own, or pages redirect somewhere unexpected.
Unknown programs. Software you do not remember installing, or new browser extensions you did not add.
High activity when idle. The fan running hard or the disk constantly busy when you are not doing anything.
Security tools disabled. Your antivirus or Windows Security has been switched off and will not turn back on, which is a strong sign of infection.

If any of these sound familiar, work through the steps below in order.

Disconnect from the internet

Start here, because many types of malware stay in contact with a remote server to receive instructions, spread, or send out your data. Cutting the connection limits the damage while you clean up.

Unplug the network cable, or switch off WiFi from the taskbar
Avoid logging into banking or important accounts until the machine is clean
If you need to download a removal tool, do it on another device and copy it across on a USB drive

Run a full antivirus scan

If you already have antivirus software installed, this is your first real line of attack. A full scan checks the entire system rather than just the most common locations, so it catches things a quick scan misses.

Open your antivirus program
Run a Full scan, not a quick scan, and be prepared for it to take a while
Follow the prompts to quarantine or remove anything it finds
If you do not have antivirus software, move on to the built-in Windows scan in the next step

Run a full Windows Security scan

Windows has solid built-in protection that catches many common infections, and it is worth running even if you have other antivirus software, as a second opinion. Its offline scan is particularly useful for stubborn malware.

Go to Settings → Update & Security → Windows Security
Click Virus & threat protection, then Scan options
Select Full scan and click Scan now
For tougher infections, also run Microsoft Defender Antivirus (offline scan), which restarts the PC and scans before Windows fully loads

Review your installed programs

Some malware installs itself as an ordinary program, so a look through the installed list can reveal it. The important rule here is caution: only remove something if you are certain of what it is.

Press Windows + R, type appwiz.cpl and press Enter
Sort the list by installation date to spot anything added around the time the trouble started
If you find something unfamiliar and are completely sure it is not needed, uninstall it
If you are not sure, leave it, because removing the wrong program can cause other problems

Check what runs at startup

Malware very often sets itself to launch every time the computer starts, so that it survives a reboot. Disabling unfamiliar startup entries helps stop it taking hold again.

Open Task Manager (Ctrl + Shift + Esc) and click the Startup tab
Look for anything you do not recognise or did not deliberately install
Right-click and Disable suspicious entries (this does not delete them, so you can re-enable if needed)

Clean up your browser

A large share of infections arrive through the browser and hide as extensions, which is what causes the redirects, pop-ups and changed search engines people notice first. Clearing these out is often what finally stops the visible symptoms.

Open your browser (Chrome, Edge or Firefox) and go to Extensions or Add-ons
Remove anything you do not recognise or did not install yourself
Check your homepage and default search engine in settings and reset them if they were changed

Reset the browser if symptoms remain

If the browser is still showing pop-ups or misbehaving after removing extensions, a full reset clears out the deeper changes that malware can leave behind.

Go to your browser's Settings
Find Reset settings or Restore settings to their original defaults
Confirm the reset, keeping in mind it will clear your extensions and some preferences

Change your important passwords

Once the machine is clean and back online, this is an important final step that is easy to forget. If malware was present, it may have captured passwords you typed, so changing them closes that door.

From a device you trust, change the passwords for your email, banking and other important accounts
Start with your email, since it is usually the key to resetting everything else
Turn on two-factor authentication where it is offered, for an extra layer of protection

When to stop and get help

Some situations are beyond a safe do-it-yourself clean-up, and pushing on regardless can do real harm. If your files have been encrypted and you are facing a ransom demand, if the infection keeps returning after every removal attempt, or if security tools simply will not run or stay on, the malware is dug in deeper than these steps can reach. The same applies to a work computer, where there may be sensitive data and a wider network at risk. In these cases the safest move is to disconnect the machine and have it cleaned properly, because repeated attempts can leave remnants behind, miss the real source, or cost you data. If you are in Johannesburg or Gauteng and want it sorted without that risk, you are welcome to reach out.

If you are still seeing pop-ups, slow performance or unusual behaviour after these checks, the infection likely has not been fully removed, and further attempts can sometimes leave remnants behind or make things worse. If you are in Johannesburg or Gauteng and want it cleaned properly without risking your data, feel free to reach out.

Get It Sorted →