close
close

Association-anemone

Bite-sized brilliance in every update

9 Steps to Take if You Accidentally Download Malware on Windows
asane

9 Steps to Take if You Accidentally Download Malware on Windows

Accidentally downloading malware can be a frightening experience, but what’s even more alarming is allowing it to remain on your computer, causing damage over time. Therefore, as soon as you suspect or discover that your system may be infected, immediately follow these steps to secure your data.

Disconnect from the Internet immediately

A person using a laptop with the Wi-Fi icon and a symbol representing the lack of a secure connection.A person using a laptop with the Wi-Fi icon and a symbol representing the lack of a secure connection.

The first and most important step you should take when you suspect that malware has infiltrated your system is to disconnect your device from the Internet. This prevents malware from further spreading, communicating with remote servers, stealing personal data, or allowing threat actors to spy on you.

So, if your computer warns you of a potential infection, immediately disconnect from the Internet. If you’re using Ethernet, disconnect the cable, or if you’re connecting via Wi-Fi, click the Wi-Fi icon in the lower right corner to disconnect. Stay offline until you properly assess and remove the malware.

Boot into safe mode

After disconnecting your device from the Internet, the next step is to start your Windows PC in Safe Mode. Safe Mode runs your system with minimal resources and only the necessary drivers. This prevents the spread of malware and reduces the chance that the infection will interfere with antivirus scans or any remedial actions, making it easier to remove the malware.

to boot into safe modego to Settings > System > Recovery and click “Restart now” under Advanced startup. After the system restarts, navigate to Troubleshoot > Advanced Options > Startup Settings > Restart. Once the computer restarts, press “4” or “5” to select Safe Mode with Networking or Safe Mode.

In Windows 11 safe mode, you will see "Safe mode" written in the corners of the desktop.In Windows 11 safe mode, you will see "Safe mode" written in the corners of the desktop.

In Windows 11 Safe Mode, you will see “Safe Mode” written in the corners of your desktop.

Run a malware scan and remove infections

Once you’ve booted your system into Safe Mode, it’s time to remove the malware. First, run a full system scan with Windows Defender to see if any threats are quarantined or deleted. Then run a second scan with a third-party antivirus such as Malwarebytes to check all files, programs and processes for signs of malware.

Together, these scans will detect and remove any malicious files or software. Make sure your antivirus tool is up to date, as outdated versions may not catch newer threats.

Check for unusual installed programs

While malware scans can remove infections, some advanced malware can disguise itself as legitimate software running in the background. To ensure that nothing harmful is left behind, you should manually check your system for suspicious or unauthorized programs that may have been installed without your knowledge.

This step will help prevent any hidden malware from being relaunched. To do this, open the Settings app and go to Apps > Installed apps. Carefully review the list for any unknown programs. If you notice anything suspicious that appeared after your computer was infected, click three vertical dots and click “Uninstall” to remove the app immediately.

Uninstall an app in the Windows Settings app.Uninstall an app in the Windows Settings app.

Uninstall an app in the Windows Settings app.

Keep an eye on Task Manager for unusual resource usage

Some malware, such as cryptojackers, are designed to hijack your computer’s processing power to mine cryptocurrencies or run other resource-intensive operations. These programs run quietly in the background, consuming CPU, memory, or disk resources, which can slow down your system. You can use Activity Manager to identify any suspicious activity.

To do this, right-click on the taskbar and select “Task Manager”. Navigate to the “Processes” tab and sort processes by CPU, RAM, or disk usage. If you notice any processes using unusually large resources, right-click on them and choose “Open File Location”. You can delete the source file from there to stop the resource drain.

Service host process consuming large disk resources in Task Manager.Service host process consuming large disk resources in Task Manager.

Service host process consuming large disk resources in Task Manager.

Some Windows processes have unusual names and use large resources. Before deleting files, research the process online to make sure you’re not removing a critical system file.

Inspect the startup applications

Malware can hide in startup programslaunching automatically whenever you turn on your computer. Examining these startup apps helps identify any malicious software running without your knowledge. Once you’ve verified that a process is malicious by researching it online, you can disable it with confidence.

To do this, right-click the Start button and select Task Manager. On the Startup tab, find any unknown or suspicious apps, right-click them, and select Disable to prevent them from starting. You can also right-click and select “Open File Location” to check the source file of the process.

Disable starting a program by clicking the Disable starting a program by clicking the

Disable starting a program by clicking the “Disable” button in the Task Manager.

Check Task Scheduler

Malware can be programmed to schedule tasks that run automatically. These tasks continue to run even after the original infection has been removed from the device. Therefore, you should examine the Task Scheduler to identify any malicious activities that may still be running in the background.

To do this, press Windows+R, type taskschd.mscand press Enter. Review the list of active tasks in the Task Scheduler Library and explore individual folders to find tasks set to initiate suspicious actions. Delete the ones you don’t recognize. Right-click the task and select Delete. You can check which scripts are associated with each task in the Actions tab.

Deleting a task from Task Scheduler on Windows.Deleting a task from Task Scheduler on Windows.

Deleting a task from Task Scheduler on Windows.

Make sure you are not being monitored

Cybercriminals can also use malware to spy on victims. This type of malware can track your keystrokes, steal personal information, monitor your activities, or even record you through your webcam, which can lead to blackmail. Therefore, you need to verify that no threat actor has established a remote connection to your computer and is monitoring you.

To check this, get a list of active connections: open Command Prompt as administrator and enter netstat -year. Next, review all current network connections and look for any suspicious IP addresses. You can then verify that those connections belong to legitimate companies whose services you use, and disconnect any that look suspicious.

The process IDs associated with a particular port. The process IDs associated with a particular port.

The process IDs associated with a particular port.

Check your browser for signs of infection

The Internet is the main source of malware infections and we mainly access it through a web browser. Therefore, you need to make sure that malware hasn’t hijacked your browser to monitor your online activity, inject ads, or redirect searches. To check this, look for signs that your browser has been compromised.

Check for unknown or suspicious extensions and remove them immediately. Change the default search engine to prevent redirection to malicious sites. Malware can store harmful cookies or cache data to track your activity, so clear cookies and cache. If you encounter unusual pop-up ads while browsing, delete the browser app and reinstall it.


Here’s what I do whenever I suspect I’ve been tricked into downloading an email attachment, a deceptive file, or clicking a malicious link on an infected website. While these steps stop the infection from spreading, continue to monitor your computer for a few days. If you notice anything unusual, run additional scans, perform a system restoreor factory reset the operating system.