Remove malware from your device

How to get rid of malware

• Disconnect the device from the internet

  Malware often requires an internet connection to steal your information, be controlled, and spread to other devices.

  Disconnecting the device from the internet ensures that you remove that connection.

  Turn off your modem/router to disable your entire network in your home or office or turn off the internet on the infected device only. 

• Backup your data

  It is always good practice to have a backup of essential data that you do not want to lose. Just make sure you only back up your important files, such as photos. It is recommended that you do not back up apps and programs, and be selective about backing up downloaded files which could have been a source of malware. There is a chance that if you back these up you will reinstall the malware.  

  We recommend you do not re-connect to the internet in order to create a cloud back-up. Instead, back-up using a clean USB stick or hard-drive.

  Find out from your device manufacturer, such as Apple, Samsung, Microsoft or Google, how to run a backup on your device.

  Back up your data and devices

• Remove the malware

  To remove the malware, you have two main options.

  Option 1: Factory reset the device

  While this is the most effective method to remove malware, it will permanently delete any data that you have not backed up in the previous step. Please ensure you backup any data you want to preserve.

  If you need assistance with resetting your device, we recommend that you contact a local IT professional.

  Once the device is reset carry onto step 04.

  Option 2: Use antivirus software to scan and remove the malware

  How to do this depends on your operating system.

  On Windows

  Windows Defender is the pre-installed antivirus software for Windows, and it is completely free. To run a scan:

  1. Perform any outstanding operating system and Windows Defender updates - If you are still running Windows 10, this will no longer get the latest security updates. You should update to Windows 11 or look to enrol to get the Windows 10 Extended Security Updates (ESU).  

     More information about enrolling in Windows 10 ESU can be found here:

     Windows 10 Consumer Extended Security Updates (ESU)(external link)

  2. Run Windows Defender in offline mode – go to Settings, Windows Security. Click on Virus & threat protection. Click on the blue link 'Scan Options' and choose ‘Microsoft Defender Antivirus (offline scan)’. Your device will reboot and perform the scan. Follow any prompts if required.  
  3. Check results – if malware is detected, Windows Defender may give you steps to resolve the malware, such as deleting the software.  
  4. Reboot your device – Once the scan is complete and any malware found has been removed, your device should reboot.

  For extra reassurance, consider using a second reputable antivirus/anti-malware product to scan your device to ensure the malware is removed. 

  Third-party antivirus software is also available for Windows, but you should be careful as some malware can be disguised as antivirus software.

  On mobile devices

  Mobile devices using Android or iOS generally do not come with antivirus software, instead they rely on security features to prevent malware installing.

  Keep your mobile phone secure

  You can take a few extra steps to determine if malware could be running on your mobile device:

  1. Check the list of installed apps for anything new or suspicious. 
  2. Review app permissions, and check for apps with unusual permissions (for example, a simple notetaking app gaining access to your contacts).
  3. Check battery consumption and internet usage of your apps and look for unusually high battery or internet usage.

  On Apple MacOS devices

  MacOS has built-in antivirus software which runs automatically to detect malware. 

  Ensure that automatic updates are enabled by going to System Preferences > Software Update and install any available updates. 

  Scanning will happen automatically—you can initiate a scan on start-up by just restarting your device. 

  Third-party antivirus software is available for MacOS, but you should be careful as some malware can be disguised as antivirus software. 

• After the device is cleaned

  After you are sure the device is free from malware, you can now perform the following actions:

  • Turn on your internet and reconnect the device.
  • Immediately update the device.
  • Depending on the type of malware, some are designed to harvest your credentials for later use by a malicious actor. Even if you are unsure of the type of malware the NCSC recommends reset all your account passwords.
  • The NCSC recommends securing keys accounts such as:
    • Bank or financial service accounts
    • Government service accounts (RealMe, myIR, MyMSD etc.)
    • Email (Gmail, Outlook etc.)
    • Social media (Facebook, Instagram, X, etc.)
  • Log out of all devices to ensure that if anyone has already signed into your account using stolen credentials, they will not be able to access the account post password reset. If you are unsure how to do this, please refer to the relevant service provider’s guidance. 
  • Examine account activity, especially for the above listed accounts to see if there have been any suspicious transactions, sign-ins, etc. If you notice anything out of the ordinary, reach out to the service provider and they will be able to assist you.

  Following these steps should help to remediate malware from a device in most cases. If you still believe your device is infected with malware, we recommend reaching out to an IT provider for further assistance.

  Creating good passwords

  Use 2FA to protect your accounts