How to Remove a Virus or Malware from Windows 11

The Problem

Browser homepages changed themselves, ransom notes appeared, or Task Manager shows a weird process eating CPU you never installed. Most infections on Windows 11 are adware and browser hijackers—not Hollywood ransomware—but they still need a methodical cleanup, not ten random downloaders from page-one ads.

Defender icon grayed out or won't turn on? Fix that first—Windows Defender not working—or malware may be blocking scans.

Symptoms

• New toolbars, extensions, or search engines you did not install.
• Pop-ups on the desktop even when the browser is closed.
• Antivirus disabled, updates failing, or Security settings locked.
• Sudden 100% disk or RAM usage from an unknown process.

The Fix: Step-by-Step

Step 1: Disconnect and Back Up What Matters

1. Unplug Ethernet or disconnect Wi-Fi if you suspect password stealers or ransomware—stops exfiltration while you work.
2. Copy irreplaceable photos and documents to a USB drive before heavy cleaning (not after—you might quarantine something you need). See back up with File History for a proper routine later.

Step 2: Run Microsoft Defender Offline Scan

1. Settings → Privacy & security → Windows Security → Virus & threat protection.
2. Scan options → Microsoft Defender Antivirus (offline scan) → Scan now.
3. The PC reboots and scans before Windows fully loads—this catches rootkits that hide during normal boot.

Step 3: Full Scan and Remove Quarantined Items

1. Back in Virus & threat protection → Quick scan → then Scan options → Full scan.
2. Protection history → remove or quarantine everything flagged. Restart when prompted.

Step 4: Boot Into Safe Mode for Stubborn Malware

1. Settings → System → Recovery → Advanced startup → Restart now.
2. Troubleshoot → Advanced options → Startup Settings → Restart → press 4 for Safe Mode.
3. Run another full scan. Fewer apps load, so malware services often fail to start.

Step 5: Clean Browsers and Startup

1. Remove suspicious extensions in Chrome/Edge/Firefox (Extensions → trash unknown entries).
2. Reset the browser: Edge → Settings → Reset settings → restore defaults (bookmarks can stay if you pick the right option).
3. Ctrl + Shift + Esc → Startup apps → disable entries with no publisher or random names. Details: disable startup programs.

Step 6: Uninstall Junk You Did Not Install

Settings → Apps → Installed apps → sort by Install date → uninstall recent unknown programs ("PC Optimizer," "Driver Updater," etc.).

Step 7: Check Persistence (Advanced)

1. Win + R → msconfig → Services → check Hide all Microsoft services → disable suspicious non-Microsoft services temporarily → reboot and retest.
2. Task Scheduler (taskschd.msc) → Task Scheduler Library → delete tasks pointing to %Temp% or random folders.

What Not to Do

• Do not install "free antivirus" from banner ads—many are malware themselves.
• Do not pay ransom without talking to IT or law enforcement; payment does not guarantee decryption.

After Cleanup

• Run a deeper system check with Windows Troubleshooter to catch broken services, bad drivers, and registry leftovers malware leaves behind.
• Change passwords from a clean device (email, banking) if you had a keylogger suspicion.
• Turn on BitLocker on laptops if the edition supports it.
• If the PC still acts infected after offline scan + Safe Mode, reinstall Windows or wipe before selling on a spare drive is sometimes faster than chasing every registry key.