Remove malware from your device

How to get rid of malware

• Disconnect the device from the internet

  Malware often requires an internet connection to steal your information, be controlled, and spread to other devices.

  Disconnecting the device from the internet ensures that you remove that connection.

  Turn off your modem/router to disable your entire network in your home or office or turn off the internet on the infected device only. 

• Backup your data

  It is always good practice to have a backup of essential data that you do not want to lose. Just make sure you only back up your important files such as photos. It is recommended that you do not back up apps and programs. There is a chance that if you back these up you will reinstall the malware.  

  Find out from your device manufacturer, such as Apple, Samsung, Microsoft or Google, how to run a backup on your device.

  Back up your data and devices

• Remove the malware

  To remove the malware, you have two main options:  

  1. Factory reset the device.
  2. Scan the device and remove the malware using an antivirus software. 

  Option 1 – Factory reset the device

  While this is the most effective method to remove malware, it will permanently delete any data that you have not backed up in the previous step. Please ensure you backup any data you want to preserve.

  If you need assistance with resetting your device, we recommend that you contact a local IT professional.

  Once the device is reset carry onto step 04.

  Option 2 – Use antivirus software to scan and remove the malware  

  Preferably boot the device into safe mode. Safe mode is a method of starting your device that will make sure the only things running are absolutely required. As most malware starts in the background and isn’t always obvious, safe mode helps to ensure it is not running while you scan the device.

  If unsure, please see manufacturer's instructions on how to boot into safe mode.

  Using a reputable antivirus solution run a full scan over the device and remediate any alerts it detects. If nothing is detected, this does not necessarily mean the device is clean. If you believe your device is still infected, consult an IT professional, or reset the device as this may be the more comprehensive/cheaper option.

  Once the full scan is complete, boot the device normally and run a full scan again. If it shows that your device is clean, you can move to the next step.

  You could engage an IT provider should you require any support with the information provided above.

• After the device is cleaned

  After you are sure the device is free from malware, you can now perform the following actions:

  • Turn on your internet and reconnect the device.
  • Immediately update the device.
  • Depending on the type of malware, some are designed to harvest your credentials for later use by a malicious actor. Even if you are unsure of the type of malware the NCSC recommends reset all your account passwords.
  • The NCSC recommends securing keys accounts such as:
    • Bank or financial service accounts
    • Government service accounts (RealMe, myIR, MyMSD etc.)
    • Email (Gmail, Outlook etc.)
    • Social media (Facebook, Instagram, X, etc.)
  • Log out of all devices to ensure that if anyone has already signed into your account using stolen credentials, they will not be able to access the account post password reset. If you are unsure how to do this, please refer to the relevant service provider’s guidance. 
  • Examine account activity, especially for the above listed accounts to see if there have been any suspicious transactions, sign-ins, etc. If you notice anything out of the ordinary, reach out to the service provider and they will be able to assist you.

  Following these steps should help to remediate malware from a device in most cases. If you still believe your device is infected with malware, we recommend reaching out to an IT provider for further assistance.

  Creating good passwords

  Use 2FA to protect your accounts