How to Remove a Virus From Your Computer — 2026 Step-by-Step Guide

You’ve got pop-ups, a browser that’s been hijacked, or your antivirus is screaming about something it says it can’t clean. You want to know how to remove a computer virus without making things worse. Here’s the 2026 playbook we use in our own shop when customers come in asking the same question — written plainly, without the “download our tool” trap that most virus-removal articles turn into. Local virus removal in Oceanside, Encinitas, and Carlsbad when you get stuck.

First: are you actually infected?

Not every weird thing your computer does is a virus. Before you spend an afternoon “cleaning” a system that’s fine, check whether the symptoms actually match an infection.

Real infection symptoms

• New pop-ups that appear even when no browser is open.
• Browser homepage or search engine changed without your permission.
• New browser extensions, toolbars, or apps installed that you didn’t add.
• Constant redirects when you click search results.
• Antivirus or Windows Defender has been disabled and won’t turn back on.
• New scheduled tasks, services, or startup entries you didn’t create.
• Fans running hard when the PC is idle (often a cryptominer).
• Files renamed with strange extensions like .encrypted, .locky, .crypt — this is ransomware, stop immediately and see the ransomware section below.

Usually not a virus

• A computer that’s been slow for months — usually storage, RAM, dust, or just age. See our how to fix a slow PC guide.
• A single crash or blue screen — often a driver or update.
• “Your computer has a virus — call Microsoft!” pop-ups that appear only in the browser — those are tech-support scams, not infections (more on these below).
• Antivirus finding tracking cookies. Cookies aren’t malware.

Step 0 — If it’s ransomware, stop now

If any files have been renamed, are asking for payment, or there’s a README.txt / HOW_TO_DECRYPT note on your desktop:

1. Do not pay. Payment rates are low and funds the next attack on someone else.
2. Disconnect from the network immediately — unplug Ethernet, turn off Wi-Fi. This limits spread to other computers on your network and to cloud backups.
3. Power the machine off if the encryption is still running.
4. Call a pro. Some ransomware families have free decryptors; most don’t. Either way, everything else below will make things worse.

See our data recovery service — we triage ransomware cases regularly and handle the cleanup + recovery workflow together.

Step 1 — Disconnect and assess (safe for every scenario)

For non-ransomware infections:

1. Disconnect from the internet. Unplug Ethernet or turn off Wi-Fi. This stops the malware from pulling in more payloads and from uploading anything.
2. Don’t log in to anything. No banking, no email password changes from this machine yet. Use your phone if you need to.
3. Note what you’re seeing — screenshots on your phone of any pop-ups, file names, error messages. These help identify the exact family.

Step 2 — Remove the obvious stuff

Most 2026 infections rely on browser extensions and installed programs, not the old-school .exe in a system folder. Start there.

Clean up browser extensions

• Chrome / Edge: three-dot menu → Extensions → Manage Extensions. Remove anything you don’t recognize or didn’t deliberately install.
• Firefox: menu → Add-ons and themes → Extensions. Same treatment.
• Safari: Safari → Settings → Extensions.

If removing an extension prompts for admin password or refuses to uninstall, that’s a flag — it’s been installed by a policy or by malware, and you need tools from Step 3.

Uninstall suspicious programs (Windows)

Settings → Apps → Installed apps. Sort by install date. Anything you don’t recognize installed in the window where problems started is suspect. Common garbage names: “PC Accelerate”, “Driver Updater”, “System Optimizer”, “Search Manager”, “Shopping Helper”.

On Mac: Applications folder. Same test — sort by date added.

Reset the browser homepage + search engine

• Chrome / Edge: Settings → On startup, Search engine, and Homepage.
• Firefox: Settings → Home and Search.
• Safari: Settings → General → Homepage and Search.

Step 3 — Run proper scanners, in the right order

The 2026 reality is that no single scanner catches everything. Use multiple tools, and run them in safe mode if you can.

Reboot into safe mode (recommended)

• Windows 11/10: Settings → System → Recovery → Advanced startup → Restart now. Then Troubleshoot → Advanced options → Startup Settings → Restart → press 4 (or 5 for Safe Mode with Networking).
• Mac (Apple Silicon): Shut down, then hold the power button until you see startup options, select your disk, hold Shift, click “Continue in Safe Mode”.
• Mac (Intel): Restart holding Shift.

Safe mode loads only the minimum drivers — most infections can’t launch there.

Run these, in order

1. Windows Defender Offline Scan (Windows) — Settings → Privacy & security → Windows Security → Virus & threat protection → Scan options → Microsoft Defender Antivirus (offline scan). This reboots and scans outside Windows, catching many rootkits.
2. Malwarebytes Free — best second opinion for adware, PUPs, browser hijackers. Install, update, full scan, quarantine everything it flags.
3. AdwCleaner (by Malwarebytes) — specialized for toolbars, browser extensions, and “cleaner” software that Defender ignores.
4. Kaspersky Virus Removal Tool or ESET Online Scanner — third-party second opinion. Run one, not both.

On Mac, the options are thinner but real: Malwarebytes for Mac (Free) is the standard cleanup tool for adware and browser hijackers, which are the main Mac threats in 2026.

After each tool, reboot and rescan. If a scan comes back clean twice in a row, you’re probably in good shape.

Step 4 — Clean up what the scanners leave behind

Scanners remove files and registry entries but often don’t fix:

• Your DNS settings — check Settings → Network & internet → Advanced network settings → Hardware and connection properties for anything odd. Reset to automatic if in doubt.
• Your hosts file — Windows: C:\Windows\System32\drivers\etc\hosts. Should be mostly comments. Mac: /etc/hosts.
• Your proxy settings — Windows: Settings → Network & internet → Proxy, should be off unless you deliberately set one.
• Your browser policies — Chrome type chrome://policy in the URL bar. Should be empty for home users. If it’s full of entries, malware set those.

Finally:

• Change every password you used from the infected machine, starting with email and banking. Do it from a clean device — your phone is fine.
• Turn on two-factor authentication everywhere that supports it.

Step 5 — When to stop and call a pro

Bring it in if any of these are true:

• Ransomware. Full stop. See Step 0.
• Antivirus keeps finding the same threat after every reboot. That’s a rootkit or persistence mechanism the tools can’t remove.
• The PC won’t let you into safe mode or a scan won’t complete.
• Passwords or banking were used on the infected machine and you want a clean baseline before trusting it again.
• A family member followed a fake “Microsoft support” call and gave someone remote access. Those aren’t just infections — they’re often full account and identity compromises.
• You run a business on this computer. The math is simple: a day of your billable time is worth more than a professional cleanup.

Our virus removal service uses multiple offline scanners against the drive outside of Windows, plus manual registry and file-system cleanup. If the machine is a total loss, we tell you up front — we don’t sell cleanup work on a system that should be reinstalled.

A word on “tech support” scam pop-ups

In 2026, the number-one “virus” we see at the shop is not actually a virus. It’s a pop-up or a browser full-screen that says “YOUR COMPUTER IS INFECTED — CALL MICROSOFT AT 1-800-XXX-XXXX” with a fake Microsoft logo and a blaring alarm sound.

• This is a scam, not malware. Microsoft will never call you.
• Closing the browser usually makes it go away. If full-screen: Alt+F4, or Ctrl+Shift+Esc → End the browser task.
• If you called the number and they got onto your computer — treat it as a real breach. Change passwords from a different device, disconnect the machine, and bring it in.

The quick version

• Pop-ups / hijacked browser? Extensions first, then Malwarebytes + AdwCleaner in safe mode.
• Ransomware? Disconnect, power off, call a pro.
• “Call Microsoft” full-screen? Close the browser — it’s a scam, not a virus.
• Anything persistent after two clean reboots? You’ve earned a pro.

If any of that got you stuck — or you’d rather someone else handle it correctly the first time — bring the PC or laptop to our Oceanside, Encinitas, or Carlsbad shop. Free pre-check, honest answer, and we’ll only do the work if it’s actually needed.

• Virus removal service
• Related posts: How to Fix a Slow PC, Startup Repair Couldn’t Repair Your PC, Repair Any Computer: DIY vs Call a Pro
• Get an instant quote or contact us