How to Get Rid of a Virus on Mac or PC

Malware comes in many flavors—viruses, adware, spyware, ransomware—and yes, it targets both Windows and macOS. If the computer is acting weird (pop-ups, slow performance, sketchy browser redirects), this guide explains how to get rid of a virus on Mac or PC safely and thoroughly, without making things worse.

Virus vs. Malware: What You’re Really Fighting

• “Virus” is a subset of malware. Most modern infections are adware, trojans, spyware, miners, or ransomware.
• The removal steps below cover all common types.

Pro tip: Avoid random “PC cleaners” advertised via pop-ups. Many are rogueware pretending to help.

Signs Your Mac or PC Might Be Infected

If any of these sound familiar, it’s time to act:

• Surprise pop-ups or fake “virus found!” alerts
• Browser homepage/search changed, constant redirects
• Fans blasting, high CPU, battery drain, overheating
• Unknown apps or extensions you didn’t install
• Security settings disabled, firewall turned off
• Files renamed/encrypted or a ransom note appears
• Internet usage spikes or data cap blown
• Antivirus alerts that keep coming back

Quick Symptom Guide

Do These Safety Steps First (Before Any Deep Cleaning)

1) Disconnect from the internet

• Turn off Wi‑Fi and unplug Ethernet.
• This stops data exfiltration and blocks malware from calling home.

2) Back up important files

• Copy documents, photos, and work files to an external drive or trusted cloud.
• Avoid backing up suspicious folders or unknown executables.

3) Don’t interact with suspicious prompts

• Don’t click “clean now” or “update plugin” in random pop-ups.
• Close the browser/app via Task Manager (Windows) or Force Quit (macOS) if needed.

4) Note symptoms and error messages

• Take photos of ransom notes or odd alerts.
• These details help with identification and recovery later.

5) Prep for Safe Mode

• You’ll use Safe Mode to stop malware from auto-loading.

  

Windows (10/11): Step-by-Step Removal

Step 1: Boot into Safe Mode with Networking

• Settings → System → Recovery → Advanced startup → Restart now
• Troubleshoot → Advanced options → Startup Settings → Restart → press 5 or F5 for “Safe Mode with Networking”
  Why this helps: Many threats don’t load in Safe Mode, making removal easier.

Step 2: Uninstall Suspicious Programs

• Control Panel → Programs and Features
• Sort by Install Date; remove shady toolbars, “free optimizers,” or unknown recent apps.
  If uninstall fails, move on—your scans will catch remnants.

Step 3: Disable Problem Startup Items

• Right-click taskbar → Task Manager → Startup tab
• Disable unknown/high-impact entries (you can re-enable later if needed).

Step 4: Run Built-in Windows Security

• Settings → Privacy & Security → Windows Security → Virus & threat protection
• Run a Quick Scan first, then a Full Scan.
• If the threat persists: choose Windows Defender Offline Scan (reboots to scan outside Windows).

Step 5: Use a Second-Opinion Scanner

• Run a reputable on-demand scanner for a fresh view.
• Quarantine everything it flags. Reboot and rescan until clean.

Step 6: Clean the Browsers

• Chrome/Edge/Firefox: remove unknown extensions; reset settings to default; change homepage and search back to normal; clear cache/cookies.
• Check shortcut properties (Windows) for weird URLs appended to the target line.

Step 7: Check Network and Hosts Settings

• Internet Options → Connections → LAN settings → ensure Proxy is off (unless you intentionally use one).
• Reset the hosts file to default if it was modified.

macOS (Ventura/Sonoma and newer): Step-by-Step Removal

Step 1: Start in Safe Mode

• Apple Silicon: Shut down → hold power until Options → select startup disk → continue in Safe Mode.
• Intel: Restart and hold Shift until login screen, then log in.
  Why this helps: Limits login items, launch agents, and kexts that malware uses to persist.

Step 2: Remove Suspicious Apps

• Finder → Applications: drag unknown apps to Trash and Empty Trash.
• Look for recently-installed items that match when symptoms started.

Step 3: Stop Malicious Processes

• Applications → Utilities → Activity Monitor
• Sort by CPU; quit suspicious processes (strange names, persistent respawns).

Step 4: Remove Login Items and Launch Agents

• System Settings → General → Login Items: remove unknown entries.
• Check these folders for suspicious .plist files:
  • ~/Library/LaunchAgents
  • /Library/LaunchAgents
  • /Library/LaunchDaemons
• Move suspicious items to Trash (note names for reference), then reboot.

Step 5: Clean Your Browsers (Safari, Chrome, Firefox)

• Safari: Settings → Extensions → remove unknown add-ons; Settings → General → set Homepage and Search; Clear History and Website Data.
• Chrome: Menu → Settings → Reset settings; Extensions → remove suspicious items; Privacy and Security → Clear browsing data.
• Firefox: Menu → Add-ons and themes → remove unknown extensions; Help → More troubleshooting information → Refresh Firefox if needed.

Step 6: Run a Reputable Mac Malware Scanner

• Use a trusted, well-reviewed on-demand scanner compatible with your macOS version.
• Quarantine or remove detections. Reboot, then run a second scan to confirm.

Step 7: Reset Network and Remove Rogue Profiles

• System Settings → Network → check for unwanted Proxies or odd DNS servers.
• System Settings → Privacy & Security → Profiles: remove unknown configuration profiles (often used by adware to hijack settings).

Step 8: Update macOS and Apps

• System Settings → General → Software Update (install all critical updates).
• Update browsers and common targets (PDF readers, runtimes) to close security holes.

Step 9: Restore From Time Machine (If Needed)

• If issues persist or files are damaged, consider restoring from a known-clean backup made before the infection.

Special Cases You Should Know

Ransomware (Windows/macOS)

• Disconnect from the internet immediately and isolate the device from other computers.
• Do not pay the ransom; payment doesn’t guarantee decryption.
• Check if a public decryptor exists for your ransomware strain.
• Restore from clean backups. If this is a work machine or sensitive data is involved, consider professional incident response and notify authorities as required.

Browser Hijackers & Adware

• Remove all unfamiliar extensions across every browser.
• Reset each browser profile to default.
• On Windows, check scheduled tasks (Task Scheduler) and shortcut targets for appended URLs.
• On macOS, recheck LaunchAgents/Daemons after a reboot to ensure nothing respawns.
• If multiple devices on the same network show redirects, log into your router and remove rogue DNS entries; update router firmware and change the admin password.

Aftercare: Make Sure the System Is Truly Clean

Use this checklist to confirm everything’s back to normal:

1) Run Two Scans (Different Vendors)

• Update both tools and scan again. Both should report clean results.

2) Watch Performance for 24 Hours

• CPU/fans should be normal. No random pop-ups, no auto-launching apps.

3) Check Security Status

• Windows: Windows Security shows green; Firewall is on.
• macOS: Gatekeeper and firewall are enabled; XProtect is current (via OS updates).

4) Browser Sanity Check

• Homepages and default search engines stick after reboot.
• No surprise extensions reappear.

5) Network Sanity Check

• No suspicious proxies or DNS overrides.
• Internet speed and behavior feel normal.

Quick Tools & Locations Reference

Advanced Repair, System Integrity, and Recovery (Windows/macOS)

If malware messed with core system files or settings, these deeper repairs help stabilize and harden the machine.

Windows: Repair Corrupted System Files

• System File Checker (SFC):
  Open Command Prompt as Administrator, run:
  sfc /scannow
  Reboot after completion.
• DISM Health Restore (if SFC can’t fix everything):
  DISM /Online /Cleanup-Image /RestoreHealth
  Run SFC again afterward to confirm repairs.
• Rebuild Network Stack:
  netsh int ip reset
  netsh winsock reset
  Reboot and test.

macOS: Deep Cleanup and Rebuild

• Reset NVRAM/PRAM (Intel Macs):
  Shut down → power on and hold Option+Command+P+R ~20s.
• Reinstall macOS Over the Top (non-destructive):
  Boot to Recovery (Apple Silicon: hold power to Options; Intel: Command+R).
  Choose “Reinstall macOS” to replace system files while keeping data.
• Recreate a Clean User Profile:
  Create a new standard user and test. If issues vanish, migrate documents (avoid moving LaunchAgents/Login Items from the old account).

Smart Prevention: Stop Malware Before It Starts

A few habits go a long way:

• Keep OS and apps updated automatically.
• Use built-in protections (Windows Security, macOS Gatekeeper/XProtect) plus a reputable on-demand scanner monthly.
• Only download software from official stores or the vendor’s site.
• Be skeptical of email attachments and macro-enabled documents.
• Avoid pirated software and “cracks.”
• Use unique passwords with a password manager; enable 2FA on important accounts.
• Back up using the 3-2-1 rule: 3 copies, 2 different media, 1 offsite/offline.
• Don’t run daily work on an administrator account; use a standard account.
• Consider DNS filtering for families/small offices to block known malicious domains.

Risky Behavior vs Safer Alternative

Printable Quick-Response Checklist

1) Disconnect internet (Wi‑Fi off, unplug Ethernet)
2) Back up critical files to external drive
3) Boot into Safe Mode (Windows/macOS)
4) Uninstall suspicious apps and disable startup items
5) Run built-in antivirus (Full Scan), then a second‑opinion scanner
6) Reset browsers (remove unknown extensions; fix homepage/search)
7) Check proxies/DNS/hosts (Windows) or Profiles/Network (macOS)
8) Update OS and apps; reboot
9) Verify clean with two scans from different vendors
10) Monitor 24 hours for reappearance of symptoms

Print and keep it handy—future you will be grateful.

FAQs

• Do Macs get viruses?
  Yes. Less common than Windows historically, but macOS is targeted by adware, trojans, and credential stealers.
• Is free antivirus enough?
  Built-in protections are strong on both platforms. Combine them with good habits and periodic second-opinion scans.
• Can I remove malware without paying?
  Often yes. Paid tools can add convenience and support.
• What if my files are encrypted?
  Use backups or reputable decryptors for your ransomware variant. Avoid paying unless advised by professionals as a last resort.
• How do I know it’s gone?
  Two clean scans, normal performance for 24 hours, and no reappearing settings or extensions are good signs.

Conclusion

Getting rid of a virus on a Mac or PC isn’t about a single magic button—it’s a sequence:

• Isolate, back up, and enter Safe Mode.
• Remove suspicious apps, disable startups, and scan twice.
• Reset browsers and network settings.
• Repair system files if needed and update everything.
• Harden security so it doesn’t happen again.

Follow this playbook calmly from top to bottom. Most infections can be removed without paying for extra software or wiping the whole machine. If things still feel off, bring in a pro, protect your accounts, and rely on clean backups.