Some threats can be harder to remove than others. You may see messages from your antivirus or antimalware software popping-up all the time, warning you of an infection by the same threat. You try to remove it, but it just keeps coming back.
This can happen for a number of reasons. Most often it is because one piece of the malware doesn’t get removed from your PC during cleaning. That piece then tries to re-install its other components. It’s possible that the piece that isn’t being cleaned is unknown to us – meaning that we don’t detect it yet – or it might be using tricks to hide itself from our scanner.
A special case of re-infection: Exploits
Exploits are threats that try to exploit vulnerabilities in common software. If your security software is warning you about an exploit that isn’t being cleaned, it may be because you are using vulnerable software. You can read more on our exploit help page.
What you need to do
There are four steps you can take that may fix a malware reinfection:
Update your security software and run a full scan
The first thing you should do is update your antivirus definitions. You can get the latest definitions from the definitions update page.
Then run a full scan.
Use the Microsoft Safety Scanner
If you can’t connect to the Internet, or there is a problem updating your definitions, we recommend you:
Go to another PC that isn't infected
Download the Microsoft Safety Scanner onto a USB flash drive
Run the Microsoft Safety Scanner from the USB flash drive on the infected PC
Search the MMPC encyclopedia
Most of the time Microsoft security software will remove any malware that it detects. Sometimes you may need to take some extra steps to completely recover your PC or avoid getting reinfected.
You can find this extra information by searching our encyclopedia.
To find the relevant encyclopedia entry you can click on the Get more information about this item online link that pops up in your Microsoft security software when the malware is detected.
You can also visit the encyclopedia and search with the name of the malware that is being detected.
Use Windows Defender Offline
If you’ve tried the Microsoft Safety Scanner and uninstalling then reinstalling your antimalware software and you’re still having an issue, we recommend you download and run Windows Defender Offline.
Windows Defender Offline is a standalone tool with the latest antimalware updates from Microsoft.
It’s not a replacement for a full antivirus or antimalware solution that provides ongoing protection. It’s meant to be used when you can’t start or scan your computer because infected malware infection is stopping your antimalware software from working.
Before you begin you'll need:
A PC that is not infected and is connected to the Internet. You will use this PC to download a copy of Windows Defender Offline
A blank CD, DVD or USB flash drive - use this to run the tool on your infected PC
Follow these steps to use Windows Defender Offline:
Use an uninfected PC to download a copy of the tool from here: Windows Defender Offline
Make sure you download the right version for your infected PC. For example, your desktop PChas been infected with malware. It is running a 64-bit version of Windows. Your friend's laptop, however, is not infected, and so you use that to download Windows Defender Offline. Your friend's laptop is running a 32-bit version of Windows, so when you download the tool, you choose the 64-bit version, because that is the version that matches your PC.
Install the tool on a blank CD, DVD, or USB flash drive
Insert the CD, DVD, or USB flash drive into your infected PC and run the tool
Let the tool clean your PC and remove any infections it finds
After running the tool, make sure your antimalware software is up-to-date. You can update Microsoft security software by downloading the latest definitions.
For detailed instructions on using Windows Defender Offline, see the Microsoft Security Blog post Microsoft's Free Security Tools - Windows Defender Offline.
Restore your PC from backup
If you are still getting alerts about malware infection after following the steps above, you may need to restore your PC from backup. Once you restore your systems you should reinstall your security software.
To restore your PC from backup:
Restore or reinstall Windows
Perform a clean install of your operating system. Back up any files and settings you want to keep so that you can restore them later. You'll need to reinstall your programs, so make sure you have the installation discs, product keys, or setup files.
These articles have more information:
Reinstall your security software
If you’re running Windows 8, your PC comes with Windows Defender built in. Windows Defender helps guard your PC against viruses, spyware, and other malicious software in real time.
If you’re running Windows 7 or Windows Vista, install security software such as Microsoft Security Essentials or other security software that provides a complete, real-time antimalware solution
Keep your antimalware software up-to-date by making sure you have the latest definitions.