What to Do if You Are Infected With Malware

Quick Answer

If your PC, phone or tablet is infected with malware—malicious software that can compromise personal information and computer files—these steps can help with recovery:

  1. Get offline
  2. Run anti-malware software
  3. Back up critical files
  4. Reinstall system software
  5. Consider a data recovery service
A computer screen with a malware email pop-up. The computer screen is on a desk next to a lamp, and the room is dimly lit.

Malware is a hazard of digital life. This insidious software is designed to prey on personal computers, smartphones and tablets, and infection can result in your personal information being compromised. These tips can help you recover from an attack or, better yet, prevent contact with malware from occurring in the first place.

What Is Malware?

Malware, or malicious software, is a term for programs created to infiltrate computers, handheld devices, servers and networks. The term "malware" encompasses a variety of malicious software types, including viruses, Trojan horses, ransomware and spyware.

Criminals use these nasty programs to destroy data, steal personal information and hold data hostage in a bid to extort money. At best, infection causes your device to perform poorly; at worst, it renders it useless.

A malware attack typically begins when pernicious code copies itself onto your device. It can do so in a variety of ways, including masquerading as a legitimate file you download, piggybacking on a legit download, or transferring from an infected web server, USB drive or other storage device.

Malware, by design, is difficult to remove from your device, but with the right tools and some persistence it's possible to purge the pernicious code.

How Do You Get Rid of Malware?

1. Get Offline

If you've been infected, disconnecting from the internet can stop malware from transmitting your personal information and prevent the use of your device to infect others (including your contacts). The key is being quick about noticing you're infected, however.

2. Run Anti-Malware Software

Use a commercial anti-malware or antivirus software to periodically scan your device and detect and remove any infectious code. Make sure you're using the most up-to-date version of the software so you're better protected from current threats.

If its scan detects an infection, follow the anti-malware program's prompts to remove the offending code. Some malware can block anti-malware software, but you may be able to bypass this by creating a "rescue disk" as described in the anti-malware software instructions. An added perk of anti-malware programs is the live protection that can intercept malware and even block websites it suspects are compromised.

3. Back Up Critical Files

Once the anti-malware software has done its work, assuming you still have control of the device, copy important files to a clean storage device. The goal is to preserve important documents, photos and other files in case there's residual infection the anti-malware program couldn't eliminate. If you have a backup process in place and your files have recently been copied, this may not be necessary.

4. Reinstall Operating System

If you've completed the preceding steps and your device is working fine, you're probably in the clear. However, if the infection prevented you from performing a system scan or backup, or if the device is sluggish, erratic or continues to display pop-ups or other messages, your next recourse may be a full system replacement.

If you have been backing your device up regularly, you (or your hired tech expert) should be able to use your backup tool's restore function to recover most if not all your files. If you have no recent backups, however, a system reinstall will likely mean the loss of files created since your last backup (or all personal files, if you've never backed them up). If that's unacceptable, consider consulting a data recovery service before reinstalling your system software.

5. Consider Data Recovery

A data recovery company can rescue files from physically damaged devices—hard drives broken in falls, laptops submerged underwater—as well as those infected by malware. Their services are not inexpensive: Most provide price quotes only on a case-by-case basis, with a final fee contingent on the nature of the device and the extent of their success at retrieving data (an acknowledgment that it's not always possible to rescue all files). Depending on your point of view and budget, data recovery services might seem prohibitively expensive, or it might be a bargain for the recovery of something otherwise irreplaceable.

How to Avoid Malware

Here are some tips on avoiding malware infection, and for minimizing the damage if you do suffer an attack.

  1. Use anti-malware software. While an anti-malware program can help after an infection, installing one on your device before an attack can prevent infection altogether. Keep the program updated so it can address the latest known threats, and use it to scan any USB drives, SD cards or other storage you connect to your device.
  2. Keep your system software up to date. If possible, set your device to update automatically when new system software is available. This ensures your device has the latest security updates to help you avoid infection.
  3. Change passwords regularly. If malware steals passwords or other sensitive information, regularly changing your account passwords can render the stolen information less damaging. It's also important to use different passwords for every account you have. An automated password manager, which generates and stores highly secure passwords, can be a big help in this effort.
  4. Back up your files regularly. This can't prevent malware infection per se, but it can help prevent the worst consequences of an attack. If you're worried about remembering to do this regularly, a program that continuously copies files to a cloud account might be a good option for you.
  5. Think before you click. One of the most common malware infection paths is via web links in emails, text messages and bogus websites. Like phishing scams and other fraud schemes, these are often calculated to induce panic or excitement, with the goal of making you click before you think. This applies to messages from unfamiliar sources, and perhaps even more so to those that seem to come from trustworthy ones, such as the IRS, Social Security administration or another authority.

The Bottom Line

Malware is an ugly hazard of the digital world. As with more traditional afflictions, it's easier to prevent than to cure. Recovery isn't always easy, but you can eventually move past it. If you're concerned that a malware attack has exposed your personal information, consider using identity theft protection from Experian to help contain the damage.