Dark tech workspace with laptop showing security shield, smartphone, open PC case, hard drive, and repair tools on desk

    What to Do the Moment You Think You Have a Virus

    virus removal
    malware
    computer security
    cybersecurity
    computer repair
    safe mode
    Author: Digital Dawn, Tech Educator & Tutorial AuthorPublished: 7/2/2026Last Updated: 7/2/2026
    Reviewed by Andrew Harris, President

    Think your computer has a virus? Don't panic and don't click anything. The next few minutes matter more than you'd expect. This guide walks you through exactly what to do, in order, to stop the damage and get your machine safe again.

    TL;DR: Stop using the computer immediately, disconnect it from the internet, and do not click any pop-ups or warnings on screen. Then follow these steps in order to safely assess the situation, run a scan, and decide whether you need professional help.


    What You Need

    • A second device (phone, tablet, or another computer) to look things up safely
    • A USB drive with a trusted antivirus tool on it, OR internet access on a clean device to download one
    • About 30 to 60 minutes of uninterrupted time
    • Your Wi-Fi router nearby so you can unplug it quickly
    • Any external hard drives or USB drives that were plugged in when you noticed the problem

    Step 1: Stop. Do Not Click Anything.

    This is the most important step, and it is the one most people skip.

    When something looks wrong on your screen, the instinct is to interact with it. Close the pop-up. Click "Remove Virus Now." Call the number. Do none of those things.

    Many infections are designed to spread further or install more malware the moment you interact with the warning. Some fake alerts are the threat itself, not a sign of one.

    Sit on your hands for a moment. Take a breath. The computer can wait.


    Person recoiling from laptop displaying a red warning triangle alert icon in a dark server room environment.
    The first and most critical step: resist the urge to click anything on screen.

    Step 2: Unplug From the Network Immediately

    Disconnect from Wi-Fi or yank the ethernet cable. Do this now, before you do anything else on the machine.

    Why? Because many types of malware need an active internet connection to do their worst. Ransomware encrypts your files while syncing to a remote server. Spyware uploads your data in real time. Bots phone home for instructions.

    Cutting the connection does not fix the infection, but it can stop it from spreading to other devices on your home or office network, and it can interrupt whatever the malware was in the middle of doing.

    If you are on a business network, this step is even more urgent. A single infected machine can compromise shared drives, printers, and other computers within minutes. If your company has managed IT coverage, call your IT contact right now from your phone. If you are looking for that kind of protection going forward, managed IT services are worth a look.


    Step 3: Unplug Any External Drives or USB Devices

    If you had a USB drive, external hard drive, or memory card plugged in, remove it now.

    Some malware copies itself onto external drives the moment it detects them, then reinfects the computer every time that drive is reconnected. Pulling those devices out before you run a scan prevents that loop.

    Do not open the drive on another computer until you have confirmed the original machine is clean.


    Step 4: Note What You Saw

    Before memories get fuzzy, jot down a few quick notes on your phone.

    • What did the warning or pop-up say?
    • Was there a phone number, website address, or company name?
    • Did you download or open anything recently? A PDF, an email attachment, a browser extension?
    • Did you click anything in the alert before stopping yourself?

    This information helps tremendously if you end up working with a technician. It can also tell you whether what you saw was a real system alert or a browser-based scare tactic (which is far more common and far less dangerous).


    Step 5: Restart Into Safe Mode

    Safe Mode starts your computer with the bare minimum of software running. Most malware cannot run in Safe Mode because it depends on startup programs and background processes that Safe Mode skips.

    On Windows 10 or 11:

    1. Hold the Shift key and click Restart from the Start menu.
    2. Choose Troubleshoot, then Advanced Options, then Startup Settings.
    3. Click Restart, then press 4 or F4 to start in Safe Mode.

    On a Mac:

    1. Shut down the computer.
    2. Turn it back on and immediately hold the Shift key until you see the login screen.
    3. Log in. You will see "Safe Boot" in the corner of the screen.

    Once you are in Safe Mode, the computer is in a much safer state to work with.


    Worried your business is one click from a breach? Get a security review

    Step 6: Run a Trusted Malware Scanner

    Now is when you actually scan for the threat. Use one of these reputable tools:

    • Malwarebytes (free version works fine for a one-time scan): malwarebytes.com
    • Windows Defender (built into Windows 10 and 11, already on your machine)
    • Malwarebytes for Mac or the built-in XProtect on macOS

    If you need to download a scanner, do it on a clean device and transfer it via USB. Do not reconnect the infected computer to the internet just to download software.

    Run a full scan, not a quick scan. A full scan takes longer but checks every file on the drive. Let it finish completely before touching anything.

    If the scan finds something, do not immediately delete everything it flags without reading the results. Most tools will explain what was found and give you options. Quarantine first, delete after you have confirmed the threat is real.


    Step 7: Change Your Passwords From a Clean Device

    If the infection was real and active for any amount of time, assume your passwords may have been captured.

    Use your phone or another computer that was not connected to the same network during the infection. Change passwords for:

    • Email accounts
    • Banking and financial sites
    • Any account where you were recently logged in
    • Your Wi-Fi network password

    Enable two-factor authentication anywhere you can. This one step saves people from the downstream damage of an infection more than almost anything else.

    For business users, compromised credentials are one of the top entry points for bigger breaches. Business cybersecurity planning often starts with exactly this kind of credential hygiene.


    Step 8: Check Your Backups

    If you have a recent backup, this is good news. Even if the infection turns out to be severe, you have a clean restore point.

    If you do not have a backup, make a mental note to fix that once this is resolved. Backups are your real safety net, not antivirus software. If you want to understand your options, backups and disaster recovery covers the basics for both home and business users.

    Do not restore from a backup right now. Wait until the machine has been fully cleaned or wiped. Restoring onto an infected system can just re-expose your files.


    Step 9: Decide Whether to DIY or Get Help

    If the scan came back clean and the symptom was a browser pop-up, you are probably fine. Browser-based fake alerts are extremely common and do not actually infect your system. Closing the browser tab is usually enough.

    But if the scan found real malware, if your computer is still behaving strangely after cleaning, if files are missing or encrypted, or if you are not confident in what you are looking at, bring it in.

    A professional can check the entire system, not just the surface. They can also confirm that the infection is fully removed rather than just suppressed. Our computer repair team in West Palm Beach handles exactly this kind of situation, and remote support is available if you cannot make it in.


    Common Mistakes

    Clicking the pop-up to close it. Even the X button on a fake alert can trigger a download. Close the entire browser with Task Manager (Ctrl+Shift+Esc on Windows) or Force Quit on Mac.

    Running multiple antivirus tools at the same time. They fight each other and often miss more than a single well-chosen tool would catch.

    Reconnecting to the internet too soon. Wait until the scan is complete and threats are removed.

    Trusting a phone number in the alert. Legitimate security tools do not flash phone numbers at you. Any alert asking you to call someone is a scam. If you have already called one of those numbers, read how to handle tech support scams from the FTC.

    Assuming a Mac cannot get infected. Macs do get malware. It is less common, but it happens. Mac users should take the same steps. Mac repair is available if you need hands-on help.

    Skipping the password change step. Removing the malware does not undo anything it already sent. Change those passwords.


    Bottom Line

    The moment you suspect a virus, the right move is to slow down, not speed up. Disconnect from the network. Do not click the scary warning. Get into Safe Mode and run a clean scan.

    Most scary-looking alerts turn out to be browser tricks, not real infections. But the ones that are real can cause serious damage if you keep using the computer as normal.

    When in doubt, get a second opinion from someone who can actually look at the machine. That is what we are here for. You can book a repair or contact us anytime, or use remote support if you want help right now without leaving home.


    Worried your business is one click from a breach?

    Get a straight-talk security review from a local team that has cleaned up the aftermath more times than we'd like.

    Get a security review

    Frequently asked questions

    Should I turn off my computer the moment I suspect a virus?

    Disconnecting from the internet is the more important first step. Turning the computer off is not always the right move because some diagnostics require the machine to be running. However, if ransomware is actively encrypting files and you cannot disconnect from the network fast enough, powering off immediately can limit damage.

    Is a scary pop-up saying I have a virus always a real infection?

    No, and this is important. Most alarming pop-ups are browser-based scare tactics designed to get you to call a fake support number or download something. A real Windows or Mac security alert looks nothing like those flashy browser warnings. If closing the browser tab makes the warning disappear, that is a strong sign it was not a real system alert.

    Can I use Windows Defender to remove a virus, or do I need a paid tool?

    Windows Defender is a legitimate, capable scanner and it is already on your machine. For a one-time scan it works well, especially in Safe Mode. Running Malwarebytes alongside it as a second opinion is a reasonable extra step, and the free version of Malwarebytes is sufficient for this purpose.

    What if I already clicked the pop-up or called the phone number?

    Disconnect from the internet immediately and do not give anyone remote access to your computer if you have not already. If you provided payment information or gave someone remote access, contact your bank and change your passwords from a clean device right away. Then bring your computer in for a full inspection.

    How long does a full malware scan take?

    It depends on how many files are on the drive, but expect anywhere from 20 minutes to over an hour for a full scan. Do not interrupt it partway through. A scan that finishes completely is far more reliable than one you cut short because it felt like it was taking too long.

    Do Macs need antivirus software?

    Macs have solid built-in protection including XProtect and Gatekeeper, but they are not immune to malware. Adware and browser hijackers targeting Macs are increasingly common. Running a scan with Malwarebytes for Mac is a sensible step if you suspect something is wrong, and a professional can help if the problem persists.

    Frequently Asked Questions

    Should I turn off my computer the moment I suspect a virus?
    Disconnecting from the internet is the more important first step. Turning the computer off is not always the right move because some diagnostics require the machine to be running. However, if ransomware is actively encrypting files and you cannot disconnect from the network fast enough, powering off immediately can limit damage.
    Is a scary pop-up saying I have a virus always a real infection?
    No, and this is important. Most alarming pop-ups are browser-based scare tactics designed to get you to call a fake support number or download something. A real Windows or Mac security alert looks nothing like those flashy browser warnings. If closing the browser tab makes the warning disappear, that is a strong sign it was not a real system alert.
    Can I use Windows Defender to remove a virus, or do I need a paid tool?
    Windows Defender is a legitimate, capable scanner and it is already on your machine. For a one-time scan it works well, especially in Safe Mode. Running Malwarebytes alongside it as a second opinion is a reasonable extra step, and the free version of Malwarebytes is sufficient for this purpose.
    What if I already clicked the pop-up or called the phone number?
    Disconnect from the internet immediately and do not give anyone remote access to your computer if you have not already. If you provided payment information or gave someone remote access, contact your bank and change your passwords from a clean device right away. Then bring your computer in for a full inspection.
    How long does a full malware scan take?
    It depends on how many files are on the drive, but expect anywhere from 20 minutes to over an hour for a full scan. Do not interrupt it partway through. A scan that finishes completely is far more reliable than one you cut short because it felt like it was taking too long.
    Do Macs need antivirus software?
    Macs have solid built-in protection including XProtect and Gatekeeper, but they are not immune to malware. Adware and browser hijackers targeting Macs are increasingly common. Running a scan with Malwarebytes for Mac is a sensible step if you suspect something is wrong, and a professional can help if the problem persists.

    Share this article

    You May Also Like