Some threats can be harder to remove than others. You may see messages from your antivirus or antimalware software popping-up all the time, warning you of an infection by the same threat. You try to remove it, but it just keeps coming back.
This can happen for a number of reasons. Most often it is because one piece of the malware doesn’t get removed from your computer during cleaning. That piece then tries to re-install its other components. It’s possible that the piece that isn’t being cleaned is unknown to us – meaning that we don’t detect it yet – or it might be using tricks to hide itself from our scanner.
A special case of re-infection: Exploits
Exploits are threats that try to exploit vulnerabilities in common software. If your security software is warning you about an exploit that isn’t being cleaned, it may be because you are using vulnerable software. You can read more about exploits on our exploit help page.
What you need to do
There are four steps you can take that may fix a malware reinfection:
Update definitions and run a full scan
The first thing you should do is update your antivirus definitions. You can get the latest definitions from the definitions update page.
Then run a full scan.
Use the Microsoft Safety Scanner
If you can’t connect to the Internet, or there is a problem updating your definitions, we recommend you:
Go to another computer that isn't infected
Download the Microsoft Safety Scanner onto a USB flash drive
Run the Microsoft Safety Scanner from the USB flash drive on the infected computer
Search the MMPC encyclopedia
Most of the time Microsoft security software will remove any malware that it detects. Sometimes you may need to take some extra steps to completely recover your computer or avoid getting reinfected.
You can find this extra information by searching our encyclopedia.
To find the relevant encyclopedia entry you can click on the Get more information about this item online link that pops up in your Microsoft security software when the malware is detected.
You can also visit the encyclopedia and search with the name of the malware that is being detected.
Use Windows Defender Offline
If you’ve tried the Microsoft Safety Scanner and uninstalling then reinstalling your antimalware software and you’re still having an issue, we recommend you download and run Windows Defender Offline.
Windows Defender Offline is a standalone tool with the latest antimalware updates from Microsoft.
It’s not a replacement for a full antivirus or antimalware solution that provides ongoing protection. It’s meant to be used when you can’t start or scan your computer because infected malware infection is stopping your antimalware software from working.
Before you begin you'll need:
A computer that is not infected and is connected to the Internet. You will use this computer to download a copy of Windows Defender Offline
A blank CD, DVD or USB flash drive - use this to run the tool on your infected computer
Follow these steps to use Windows Defender Offline:
Use an uninfected computer to download a copy of the tool from here: Windows Defender Offline
Make sure you download the right version for your infected computer. For example, your desktop computer has been infected with malware. It is running a 64-bit version of Windows. Your friend's laptop, however, is not infected, and so you use that to download Windows Defender Offline. Your friend's laptop is running a 32-bit version of Windows, so when you download the tool, you choose the 64-bit version, because that is the version that matches your computer.
Install the tool on a blank CD, DVD, or USB flash drive
Insert the CD, DVD, or USB flash drive into your infected computer and run the tool
Let the tool clean your computer and remove any infections it finds
After running the tool, make sure your antimalware software is up-to-date. You can update Microsoft security software by downloading the latest definitions.
For detailed instructions on using Windows Defender Offline, see the Microsoft Security Blog post Microsoft's Free Security Tools - Windows Defender Offline.
Restore your computer from backup
If you are still getting alerts about malware infection after following the steps above, you may need to restore your computer from backup. Once you restore your systems you should reinstall your security software.
To restore your computer from backup:
Restore or reinstall Windows
Perform a clean install of your operating system. Back up any files and settings you want to keep so that you can restore them later. You'll need to reinstall your programs, so make sure you have the installation discs, product keys, or setup files.
These articles have more information:
Reinstall your security software
If you’re running Windows 8, your PC comes with Windows Defender built in. Windows Defender helps guard your PC against viruses, spyware, and other malicious software in real time.Install security software, such as Microsoft Security Essentials, that provides a complete, real-time antivirus solution. Keep your antivirus up to date by making sure you have the latest definitions.
If you’re running Windows 7 or Windows Vista, install security software such as Microsoft Security Essentials or other security software that provides a complete, real-time antimalware solution
Keep your antimalware software up-to-date by making sure you have the latest definitions.