Malware on your device: how to detect and safely remove it
This guide provides a practical overview of how to detect and remove malware from various types of devices (Windows, Android, macOS, iOS). It takes into account the specifics of each platform and highlights common mistakes users make during malware removal. In addition to the step-by-step process, it also emphasizes preventive measures that can help avoid reinfection.
If you suspect your device has been infected with malware, we’ve prepared a step-by-step guide for each device type to help you remove it. However, if you’re unsure, we recommend leaving the task to professionals – a service center for personal devices or your IT administrator for work devices.
Warning! If you have identified malware on your device and it is a work device or used to access work-related data, you must report this to the Cyber Security Team at MU.
First aid for suspected infection
1. Run an antivirus scan: Use a trusted antivirus program (e.g., Windows Defender for Windows, ESET for Android, Apple’s built-in tools). Allow the software to automatically remove any detected threats and pay attention to warnings about suspicious behavior, which may indicate a remaining infection.
2. Prevent further spread: Do not enter passwords or log in to sensitive services (email, banking, university systems). Avoid connecting external drives or USB devices. If you have already logged in to important accounts, report it immediately to your IT administrator – passwords will need to be changed from a clean device.
3. Change your passwords: After cleaning your device, change passwords for all important accounts (email, banking, social media). Start with your password manager to ensure your stored credentials are still secure. Then, check for password breaches via Have I Been Pwned.
4. Back up your data: Scan your device with antivirus software before backing up. Only save clean files to an external storage device. Never restore data from backups unless you are certain they are malware-free.
Do you have a suspicious file on your device or in your inbox? → You can scan it using VirusTotal, a service that checks the file with dozens of antivirus tools. However, do not upload files containing personal or sensitive information – uploaded files may become accessible to unauthorized parties.
When removing malware on Windows, the built-in antivirus, Windows Defender, is typically used. If you install another antivirus program, Defender automatically disables itself to prevent conflicts. Installing more than one additional antivirus can cause these tools to interfere with each other, which may reduce the overall effectiveness of your protection.
-
Step 1: Disconnect the device from the internet
Immediately turn off Wi-Fi or unplug the ethernet cable. This prevents the malware from spreading or communicating with an attacker.
-
Step 2: Start the computer in Safe Mode
Ideally, follow an official guide for entering Safe Mode.
-
Step 3: Run an antivirus scan
Use a trusted antivirus program (e.g., Windows Defender) and perform a full or offline scan, which can detect threats hidden from regular scans. If malware is found, follow the removal instructions and note the malware name and detection time – this information may be useful for reporting the incident.
-
Step 4: Remove suspicious applications
Go to Settings (Win + I) → Apps → Apps & features. Review the list of installed apps and uninstall any unknown or suspicious programs by clicking Uninstall. If unsure whether an app is safe, search for it online.
-
Step 5: Clean web browsers
Open all your browsers and check installed extensions. Remove suspicious add-ons or toolbars. Reset your homepage and search engine. Clear browsing history, cache, and cookies.
-
Step 6: Update your system and applications
Check for Windows updates via: Settings → Update & Security → Windows Update. Also update all installed applications.
-
Step 7: Perform an additional scan
After cleaning, run another antivirus scan to verify that the system is clean. For extra assurance, use a one-time scanner (e.g., ESET Online Scanner).
-
If the malware persists…
Step 8: System restore (if necessary)
If the issue continues, restore Windows: Control Panel → System and Security → Recovery → Open System Restore. Choose a restore point from before the problem began.
-
Step 9: System reinstallation (last resort)
If you still can't remove the malware, perform a clean installation of Windows. Back up only files you’re sure are safe before reinstalling.
On mobile devices, it’s essential to have a reliable antivirus app installed to help detect and remove malware. We recommend using ESET Mobile Security.
-
Step 1: Disconnect the device from the internet
Immediately turn off Wi-Fi and mobile data. This prevents the malware from spreading or communicating with an attacker.
-
Step 2: Switch to Safe Mode
Hold the Power button until shutdown options appear. Then press and hold Power off or Restart until the Safe Mode prompt appears. Tap OK – the device will restart in Safe Mode, where all third-party apps are disabled.
-
Step 3: Uninstall suspicious apps
Go to Settings → Apps → App Manager. Review the list of installed apps and uninstall any suspicious or unknown ones. If the Uninstall button is inactive, go to Settings → Security → Device Administrators and deactivate the app first.
-
Step 4: Run an antivirus scan
Download a trusted antivirus app from Google Play (e.g., ESET). Run a full device scan. If malware is detected, follow the removal instructions.
-
Step 5: Clear app cache and data
Go to Settings → Apps → App Manager. Select the suspicious app and tap Storage → Clear Data and Clear Cache. This removes any potentially harmful content from the app.
-
Step 6: Run an additional scan with a one-time scanner
Perform a second scan and remove any detected threats.
-
Step 7: Clean web browsers
Open your browser (e.g., Chrome) → Settings → Privacy → Clear browsing data. Check Browsing history, Cookies, and Cached images and files, then tap Clear data. Check for and disable any suspicious extensions.
-
Step 8: Update your system and apps
Go to Settings → Software Update and check for system updates. Also update all installed apps via Google Play.
-
If the malware can’t be removed…
Step 9: Perform a factory reset (as a last resort)
If the malware persists, back up your important files. Go to Settings → System → Reset → Factory data reset. Confirm the reset and wait for the device to restart.
Unlike Windows, antivirus software is not commonly used on macOS due to the system’s stricter app control, limited system access, and smaller market share, which makes malware harder to spread. However, threats such as adware and spyware can still appear on Macs. We recommend using a specialized tool like CleanMyMac, which helps detect and remove malware.
-
Step 1: Disconnect the device from the internet
Turn off Wi-Fi or unplug the ethernet cable. This will stop the malware from communicating with the attacker.
-
Step 2: Run an antivirus scan
We recommend using CleanMyMac. Start a full system scan and remove any detected threats.
-
Step 3: Check running processes
Open Activity Monitor: Finder → Applications → Utilities → Activity Monitor. Look for suspicious processes and terminate them (use the [x] button).
-
Step 4: Uninstall suspicious applications
Go to Finder → Applications. Move any suspicious apps to the Trash and empty it. Also check the folders /Library/LaunchAgents and /Library/LaunchDaemons for files linked to the uninstalled apps.
-
Step 5: Reset browsers and remove extensions
Safari: Settings → Extensions → Uninstall suspicious extensions. Chrome: Settings → Extensions → Remove unknown add-ons. Firefox: Add-ons → Manage Extensions → Remove suspicious ones. Also check the homepage and default search engine settings.
-
Step 6: Remove malware from startup items
Go to Apple menu → System Settings → Users & Groups. Review Login Items and remove suspicious apps.
-
Step 7: Check and back up your data
Back up only clean data to an external drive. Run an antivirus scan before backing up.
-
What if removal fails?
Step 8: System recovery
If the issue persists, start in Recovery Mode (hold CMD + R during startup). Select Disk Utility → First Aid → Repair Disk. If necessary, perform a clean macOS installation.
-
Step 9: Create a new user profile and transfer data
Restore the system using Time Machine from a point before the infection. Update macOS to the latest version.
iOS is known for its high level of security, thanks to its closed ecosystem and strict control over apps available in the App Store. Apple reviews every app, which significantly reduces the risk of malware spreading. Most apps are also sandboxed – isolated from the system and other apps – further limiting potential threats. Limited installation options combined with Apple’s control mechanisms help keep the risk of infection relatively low for regular users – though not zero.
-
Step 1: Restart your device
Turn off your iPhone or iPad by holding the power button and sliding the “Power Off” slider. After a few seconds, turn the device back on. Restarting can temporarily stop processes linked to malware.
-
Step 2: Remove suspicious apps
Go to Settings → General → iPhone Storage. Review the list of apps and delete any you didn’t install or that seem suspicious. You can also press and hold the app icon on the home screen and select Remove App.
-
Step 3: Clear browser history and data
Safari: Settings → Safari → Clear History and Website Data. Chrome: Settings → Privacy → Clear Browsing Data. This step removes potentially harmful files stored during web browsing.
-
If removal fails...
Step 4: Perform a factory reset
If the issue persists, back up your data and reset the device: Settings → General → Reset → Erase All Content and Settings. This will wipe all data and install a fresh version of iOS.
-
Step 5: Restore from backup
After the reset, restore your device using the latest backup from iCloud or iTunes. Make sure the backup was created before the suspected infection.
Conclusion
Fighting malware can be challenging, but with a quick response and the right steps, damage can be minimized and device security restored. Prevention is key – regular updates, strong passwords, and caution when downloading files or clicking links are essential. If an infection occurs, always follow the recommended steps and don’t hesitate to seek help from IT professionals. With the right approach, you can significantly reduce the risk of infection and protect your data.