How to Remove a Virus from Your Computer for Free [2026]

Q: Can Windows Defender remove all viruses?

Windows Defender (Microsoft Defender Antivirus) is excellent at catching mainstream threats and scores in the top tier of independent lab tests (AV-Test, AV-Comparatives). However, no single tool catches everything. For a thorough cleanup, use Windows Defender for the initial scan, then Malwarebytes Free for a second-opinion scan, and AdwCleaner for adware and browser hijackers. Running all three tools covers the vast majority of threats without spending a cent.

Q: Is Malwarebytes actually free?

Malwarebytes offers a genuinely free version (malwarebytes.com/free) that includes on-demand scanning and removal. The free version does not include real-time protection — it only scans when you manually start a scan. For virus removal purposes this is perfectly adequate. Malwarebytes Premium ($44.99/year) adds real-time protection, ransomware blocking, and browser protection, but for a one-time cleanup the free version is all you need.

Q: What is the safest way to remove ransomware?

If your files are encrypted by ransomware: 1) Disconnect from the internet immediately to prevent spread. 2) Do NOT pay the ransom — there is no guarantee you'll get your files back. 3) Identify the ransomware variant using ID Ransomware (id-ransomware.malwarehunterteam.com) by uploading the ransom note. 4) Check nomoreransom.org for a free decryption tool — many ransomware families have been cracked. 5) If no decryptor exists, restore from backup if you have one. 6) Boot from a bootable antivirus USB (Kaspersky Rescue Disk or Bitdefender Rescue Environment) to clean the system. Professional help is strongly recommended for ransomware.

Q: How do I know if my computer has a virus?

Common signs of virus infection: unexpected pop-up ads even when no browser is open; browser homepage or search engine changed without your permission; computer running unusually slow for no apparent reason; antivirus software disabled or won't open; unfamiliar programs appearing in the taskbar or installed programs list; files encrypted with an unknown extension and a ransom note; unusual network activity (high upload usage when you're not doing anything); CPU or RAM usage consistently high in Task Manager even when no apps are running.

Q: Will removing a virus delete my files?

Antivirus tools remove the malware files themselves — they do not delete your personal documents, photos, or other data. However, some aggressive malware embeds itself so deeply in system files that complete removal requires reinstalling Windows, which can affect installed programs (though your personal files in Documents, Desktop, etc. are usually preserved with the 'Keep my files' option). Ransomware is the exception — it encrypts your files and removing the ransomware software does not automatically decrypt them. Always maintain backups.

Your computer is crawling, pop-up ads are appearing out of nowhere, or your browser is redirecting to sites you never asked for. These are classic virus and malware symptoms — and the good news is that in the majority of cases, you can remove them completely using free tools that are available right now.

This guide walks you through the complete virus removal process: identifying the infection, scanning in Safe Mode (where most malware can't defend itself), using Windows Defender and Malwarebytes together, removing browser hijackers, and dealing with the most dangerous type of malware — ransomware. Follow these steps in order for the most effective results.

If you suspect ransomware: disconnect from the internet NOW

If your files have unfamiliar extensions and there's a note demanding payment, disconnect your computer from WiFi or unplug the network cable immediately. This prevents the ransomware from spreading to other devices on your network and stops it from contacting its command server. Then follow the ransomware section below.

How to Tell If Your Computer Has a Virus

Not all slowness is caused by malware — but if you notice several of these symptoms together, an infection is likely:

Pop-up ads appearing even when no browser window is open
Browser homepage changed to something you didn't set (e.g., "Search Baron," "Yahoo Search" replacing Google)
New toolbars or extensions you never installed appearing in your browser
Antivirus software disabled or throwing errors — some malware specifically targets security software
Computer much slower than usual with Task Manager showing high CPU or RAM usage by unfamiliar processes
Files with unfamiliar extensions (.locked, .encrypted, .zepto) and a ransom note file
Unexpected outbound network traffic — high upload usage when you're not doing anything
Friends reporting spam emails from your address — your email may be compromised

The Free Tools You'll Use

Tool	Purpose	Download
Windows Defender	Primary antivirus — built into Windows	Already installed
Malwarebytes Free	Second-opinion scanner, catches what Defender misses	malwarebytes.com/free
AdwCleaner	Adware and browser hijacker removal	malwarebytes.com/adwcleaner
Rkill	Terminates malware processes before scanning	bleepingcomputer.com/download/rkill

Step-by-Step: Complete Virus Removal Process

Back Up Your Important Files First

Before doing anything else, copy your important files (Documents, Desktop, Photos, Downloads) to an external drive or USB stick. If the malware removal process requires reinstalling Windows, or if the infection has already started damaging files, you want your data protected. Connect an external drive, copy your files manually, then disconnect the drive before proceeding — this prevents any malware from spreading to the backup drive.

Disconnect from the Internet

Disable your WiFi connection or unplug the Ethernet cable. Many malware types phone home to a command server to receive instructions, download additional payloads, or exfiltrate your data. Working offline prevents this. You'll reconnect when it's time to download the scanning tools (do it quickly, then disconnect again) or after the system is clean.

Boot into Safe Mode with Networking

Safe Mode loads Windows with only essential system drivers — most malware does not run in Safe Mode, making it much easier to detect and remove. Hold Shift and click Restart from the Start menu. Go to Troubleshoot > Advanced options > Startup Settings > Restart. Press F5 for Safe Mode with Networking. You'll notice the screen resolution is lower and the desktop looks different — this is normal. All your files are still there.

Run Rkill to Stop Malware Processes

Some malware actively blocks antivirus scans by immediately terminating any scanner that starts. Rkill kills known malicious processes so your scanner can operate freely. In Safe Mode, reconnect to the internet briefly, download Rkill from bleepingcomputer.com, then disconnect again. Run Rkill — it will open a black command window and show a list of processes it terminated. When it closes, do not restart — immediately proceed to the next step before those processes restart.

Run a Full Windows Defender Scan

Open Windows Security: Start > Settings > Privacy & Security > Windows Security > Virus & threat protection. Click Scan options, select Full scan, and click Scan now. A full scan checks every file on your system. This takes 30-90 minutes. Do not interrupt it. When complete, review detected threats and click Remove all. Also run the Microsoft Defender Offline Scan option — this reboots into a pre-OS environment that can catch rootkits that hide from normal scans.

Run Malwarebytes Free for a Second Opinion

Download Malwarebytes Free from malwarebytes.com/free. Install it in Safe Mode and run a Threat Scan. Malwarebytes specializes in catching malware that traditional antivirus products sometimes miss — particularly PUPs (potentially unwanted programs), adware, and newer ransomware variants. When the scan completes, click Quarantine to remove all detected items. Restart when prompted. The 14-day trial of Premium will activate automatically — you don't need to buy anything. After the trial expires it reverts to the free on-demand scanner.

Run AdwCleaner for Adware and Browser Hijackers

Download AdwCleaner from malwarebytes.com/adwcleaner (it's free and made by Malwarebytes). This tool specializes in removing adware, browser toolbars, hijacked browser settings, and potentially unwanted programs — types of threats that are technically not viruses but cause the most visible symptoms (pop-ups, changed homepage, search redirects). Click Scan Now, review the results, and click Quarantine. Restart when prompted. This tool cleans browser extensions, startup entries, services, and scheduled tasks that adware uses to reinstall itself.

Reset Your Browsers

Even after malware removal, browsers can retain hijacked settings. In Chrome: go to Settings > Reset and clean up > Restore settings to their original defaults. In Firefox: Help > More Troubleshooting Information > Refresh Firefox. In Edge: Settings > Reset settings > Restore settings to their default values. Also manually check Extensions (in each browser's settings) and remove anything you don't recognize. Check the default search engine and homepage settings to ensure they're set correctly.

Check Startup Programs and Scheduled Tasks

Press Ctrl + Shift + Esc to open Task Manager. Go to the Startup tab. Disable any entry you don't recognize (right-click > Disable). Next, open Task Scheduler: press Win + R, type taskschd.msc. Look in the Task Scheduler Library for tasks with unfamiliar names, especially those set to run every few minutes. Right-click suspicious tasks and delete them. Malware commonly creates scheduled tasks to reinstall itself after being removed.

Change All Passwords from a Clean Device

If your computer had malware — especially a keylogger or remote access trojan — your passwords may be compromised. From a different, clean device (another computer, your phone), change the passwords for: your email account, banking and financial services, social media (Facebook, Instagram), cloud storage (Google, iCloud, OneDrive), and any site where you entered a password recently. Enable two-factor authentication (2FA) on all important accounts. Do not change passwords from the infected computer until you're certain the malware is fully removed.

Specific Malware Types and How to Handle Them

Browser Hijackers (Changed Homepage / Search Engine)

If your browser keeps redirecting to Yahoo, Bing, or a fake search engine you didn't choose, and resetting the browser didn't help, the hijacker may have a helper application installed. Check Control Panel > Programs > Uninstall a program. Sort by install date. Remove anything installed around the time the problem started — look for names like "Search Baron," "SearchMine," "Chromium" (fake browser), or anything with "Helper," "Optimizer," or "Booster" in the name. AdwCleaner (Step 7) handles most of these automatically.

Ransomware

Ransomware encrypts your files and demands payment (usually in Bitcoin) for the decryption key. Do not pay — there's no guarantee of recovery, and payment funds criminal organizations. Instead:

Disconnect from the internet and all network drives immediately
Go to ID Ransomware (id-ransomware.malwarehunterteam.com) from another device and upload the ransom note — it identifies the variant
Check No More Ransom (nomoreransom.org) for a free decryption tool for your specific ransomware variant
If no decryptor exists, restore files from backup if available
Use a bootable rescue disk (Kaspersky Rescue Disk or Bitdefender Rescue Environment) to clean the system

Rootkits

Rootkits are the most sophisticated malware — they hide inside the operating system itself, sometimes in the boot record. Standard antivirus often can't detect them while Windows is running. The most effective removal method is the Windows Defender Offline Scan (step 5) which runs before Windows loads. For persistent rootkits, the most reliable solution is a full Windows reinstall after backing up data.

Warning: fake "antivirus" pop-ups

If a window pops up saying "Your computer is infected — call this number" or "Windows Security Alert — remove viruses immediately," this is a scam. Do not call the number and do not click anything in the window. Press Alt + F4 to close it, or right-click the browser in the taskbar and select "Close window." Legitimate antivirus software never asks you to call a phone number.

When to Call a Professional

Some infections are beyond safe self-removal:

Files are encrypted by ransomware and you have no backup — data recovery may be possible in some cases
The malware keeps reinstalling after removal — indicates a deeply embedded rootkit or a hidden reinstaller
Windows won't boot even in Safe Mode
You suspect financial data or passwords were stolen — a professional can assess what was accessed
You're a business — a malware infection may require incident response, log analysis, and regulatory notification

Virus Won't Go Away?

IT Cares removes malware, ransomware, rootkits, and spyware remotely and on-site in Montreal. We guarantee complete removal or you don't pay.

Get Virus Removal Help (581) 398-1270

How to Prevent Future Infections

Keep Windows and all software updated — 80% of malware exploits known vulnerabilities that patches already fix
Use a password manager and unique passwords for every site — prevents credential stuffing attacks
Enable two-factor authentication on email, banking, and social media
Never open email attachments from unknown senders, even if they look like invoices or shipping notifications
Only download software from official sources — avoid torrent sites and third-party download portals
Back up regularly using the 3-2-1 rule: 3 copies, 2 different media types, 1 offsite (cloud)
Windows Defender is sufficient for most users — you do not need to pay for antivirus if you practice safe browsing habits

Frequently Asked Questions

Can Windows Defender remove all viruses?

Windows Defender is excellent for mainstream threats and ranks in the top tier of independent lab tests. For a thorough cleanup, pair it with Malwarebytes Free and AdwCleaner — all three together cover the vast majority of threats without spending anything.

Is Malwarebytes actually free?

Yes. Malwarebytes Free includes on-demand scanning and removal at no cost. The free version doesn't include real-time protection but is perfectly adequate for manual virus removal.

What is the safest way to remove ransomware?

Disconnect from the internet immediately, identify the ransomware at ID Ransomware, check No More Ransom for a free decryptor, and restore from backup if available. Do not pay the ransom — it doesn't guarantee file recovery.

How do I know if my computer has a virus?

Common signs: pop-up ads when no browser is open, changed browser homepage, antivirus disabled, unusual slowness, high CPU in Task Manager from unknown processes, files with strange extensions.

Will removing a virus delete my files?

Antivirus tools only remove malware files — not your personal documents or photos. The exception is ransomware, which encrypts your files separately from the malware itself. Always back up before attempting removal.

Comments (3)

George H., Toronto

April 13, 2026

Steps 4 through 7 completely cleaned my laptop. I had adware that kept reinstalling itself after every removal attempt. Rkill + Malwarebytes + AdwCleaner in Safe Mode finally got it. The key was running them all in the right order. This guide is the most practical I've found.

Nathalie P., Montreal

My computer got ransomware and I was about to pay. Found the No More Ransom website through this article and there was a free decryptor for my exact variant (STOP/DJVU). Got all my files back without paying anything. Please tell people about this resource — I had no idea it existed.

Brian L., Edmonton

April 12, 2026

The warning about fake antivirus pop-ups saved my mother-in-law from a tech support scam. She called me right away because she had read this article and recognized the fake alert. IT Cares, your content is genuinely helping people — thank you.