Cybersecurity
I Think I Have a Virus: First Steps That Actually Help
A calm, step-by-step response plan for suspected malware infections on personal or business computers.
Isolate the device immediately
If malware is suspected, disconnect from Wi-Fi and unplug network cables first. Isolation reduces the chance of lateral spread or active data exfiltration.
Avoid logging into additional accounts or connecting external drives until the device is assessed.
Action checklist
- Disconnect internet and shared networks.
- Do not use personal banking or email accounts on the infected device.
- Pause file syncing tools until device is cleared.
Record symptoms before making major changes
Quick notes help support teams diagnose root cause and avoid repeating the same compromise path.
Document pop-ups, unusual processes, new extensions, and suspicious timestamps before cleanup begins.
Action checklist
- Capture screenshots of suspicious behavior.
- Note recent downloads, links clicked, or email attachments opened.
- Save key timestamps for investigation.
Run trusted scans and reset exposed credentials
Use reputable endpoint protection and on-demand malware scanners from known vendors. Avoid random cleanup tools from ads or pop-ups.
Assume passwords used on that device may be exposed and reset high-priority accounts from a separate trusted device.
Action checklist
- Run full antivirus and secondary malware scan.
- Reset email, banking, and admin credentials from clean device.
- Enable MFA on critical accounts.
Rebuild safely if trust is uncertain
If infection severity is unclear, a clean reinstall is often safer than partial cleanup. Reintroduce files carefully and verify backup hygiene.
After recovery, implement patching, least privilege, and phishing safeguards to reduce recurrence.
Action checklist
- Back up essential files after scan validation.
- Reinstall OS and applications from trusted sources if needed.
- Apply all updates and security hardening before normal use.