Windows Trojan Removal Guide: How to Find, Remove, and Fully Clean a Trojan Infection

If your Windows PC suddenly feels “possessed” by strange behavior, random pop-ups, unknown programs, missing files, browser redirects, or security warnings that won’t go away, you may be dealing with a trojan. Unlike simple adware, trojans are designed to hide, persist, and open the door for other threats, including password stealers, ransomware, spyware, and remote access tools.

The most dangerous part is that a trojan rarely announces itself. Many infections look like normal system glitches at first, until your accounts start getting suspicious login alerts, your antivirus is disabled, or your device begins running background processes you can’t explain. If you suspect a trojan, the goal is not only to “remove a file”, it’s to remove persistence, clean system changes, and confirm nothing is left behind.

This guide walks you through a safe, thorough trojan removal process for Windows 10 and Windows 11. It is written to be practical, step-by-step, and focused on high success rates, even when the malware tries to come back after reboot.

What Is a Trojan, Exactly?

A trojan (short for “Trojan horse”) is malware that pretends to be something harmless, then runs hidden actions in the background once it’s installed. Trojans often arrive disguised as cracked software, fake updates, keygens, email attachments, “invoices”, game mods, or even legitimate-looking installers.

Many trojans are not a single threat, but a delivery system. Once they execute, they may download additional payloads such as:

• Info-stealers that grab saved passwords, browser cookies, crypto wallets, and autofill data
• Remote access trojans (RATs) that allow attackers to control your PC
• Banking trojans that modify browsers and intercept logins
• Spyware that monitors activity, screenshots, clipboard, and keystrokes
• Ransomware that encrypts files after reconnaissance

Common Signs of a Trojan Infection

No single symptom guarantees a trojan, but these patterns are strong red flags:

• Windows Defender is disabled or won’t turn back on
• New “security” programs you did not install appear
• High CPU, GPU, disk, or network usage when you’re doing nothing
• Random command windows flash briefly
• Browser redirects, homepage changes, or constant pop-ups
• Unknown startup apps, scheduled tasks, or services
• Account alerts for logins you don’t recognize
• Files missing, corrupted, or newly encrypted extensions

Before You Remove the Trojan: Do This First

1. Disconnect from the internet if you suspect an active infection (pull the cable or disable Wi-Fi). This can stop data theft and prevent more payloads from downloading.
2. Do not log into sensitive accounts (banking, email, password manager) from the infected PC until cleanup is complete.
3. Back up critical personal files to an external drive if possible. Do not back up programs or unknown executables.
4. If you suspect password theft, plan to change passwords from a clean device after removal.

Removal Instructions for trojans on Windows

• STEP 1: Uninstall malicious programs from Windows
• STEP 2: Reset browsers back to default settings
• STEP 3: Use Rkill to terminate suspicious programs
• STEP 4: Use Malwarebytes to remove Trojans and unwanted programs
• STEP 5: Use HitmanPro to remove rootkits and other malware
• STEP 6: Use AdwCleaner to remove malicious browser policies and adware
• STEP 7: Perform a final check with ESET Online Scanner

STEP 1: Uninstall malicious programs from Windows

First, we’ll manually check your computer for unknown or malicious programs. Adware and browser hijackers often have a working uninstall entry — removing them this way takes care of the easy part before we run the scanners.

With the malicious programs removed, you’re ready for the next step in this guide.

STEP 2: Reset browsers back to default settings

In this step, we will remove spam notifications,  malicious extensions, and change to default any settings that might have been changed by malware.
Please note that this method will remove all extensions, toolbars, and other customizations but will leave your bookmarks and favorites intact. For each browser that you have installed on your computer, please click on the browsers tab below and follow the displayed steps to reset that browser.

STEP 3: Use Rkill to terminate suspicious programs

Next, we’ll download and run Rkill to stop any suspicious processes running in the background. This prevents the malware from interfering with the removal tools in the following steps.

RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes so that your normal security software can then run and clean your computer of infections. When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies that stop us from using certain tools.

1. Download Rkill.

   You can download RKill to your computer from the below link. When at the download page, click on the Download Now button labeled iExplore.exe. We are downloading a renamed version of Rkill (iExplore.exe) because some malware will not allow processes to run unless they have a certain filename.

   

   RKILL DOWNLOAD LINK
   (The above link will open a new page from where you can download Rkill)

2. Run RKill.

   After downloading, double-click the iExplore.exe icon to kill malicious processes. In most cases, downloaded files are saved to the Downloads folder.
   The program may take some time to search for and end various malware programs.

   

   When it is finished, the black window will close automatically and a log file will open. Do not restart your computer. Proceed to the next step in this guide.

STEP 4: Use Malwarebytes to remove Trojans and unwanted programs

Now we’ll install Malwarebytes and run a full scan to detect and remove infections, adware, and potentially unwanted programs from your computer.

Malwarebytes is one of the most popular and trusted anti-malware tools for Windows — and it’s completely free for removing infections. It catches threats that many antivirus programs miss, including adware, browser hijackers, and trojans. Follow the steps below to scan and clean your PC in just a few minutes.

1. Download Malwarebytes

   Click the button below to download the latest version of Malwarebytes for Windows from the official source. The free version is all you need — it will scan your computer and remove adware, browser hijackers, and other malicious software at no cost.

   

   DOWNLOAD MALWAREBYTES FOR WINDOWS (FREE)
   
   (The link opens in a new page where your download will start)

2. Install Malwarebytes

   When the download finishes, open your Downloads folder and double-click the MBSetup file. If Windows shows a User Account Control pop-up, click “Yes” to allow the installation.

   

3. Follow the On-Screen Prompts to Install Malwarebytes

   The setup wizard will walk you through a few quick screens:

   • Choose where you’re installing the program — “Personal Computer” or “Work Computer” — then click Next.

     

   • Malwarebytes will now install on your device. This usually takes under a minute.

     

   • When installation is complete, the “Welcome to Malwarebytes” screen will open automatically.

     

   • On the final screen, click Open Malwarebytes to launch the program.

     

4. Enable “Scan for Rootkits”

   Before scanning, turn on rootkit detection so Malwarebytes can find even the most hidden threats. Click the Settings gear icon on the left side of the screen.

   

   In the settings menu, find “Scan for rootkits” and click the toggle so it turns blue.

   

   Done? Click “Dashboard” in the left pane to return to the main screen.

5. Start the Scan

   Click the blue Scan button. Malwarebytes will automatically update its virus database and start checking your computer for malware.

   

6. Wait for the Scan to Finish

   The scan checks your entire system for browser hijackers and other malicious programs, so it can take several minutes. Feel free to do something else — just check back occasionally to see the progress.

   

7. Quarantine the Detected Threats

   When the scan is done, you’ll see a list of everything Malwarebytes found — malware, adware, and potentially unwanted programs. Click the “Quarantine” button to remove all of them at once.

   

   Malwarebytes will now remove the malicious files and registry entries and move them safely into quarantine.

   

8. Restart Your Computer

   Some threats can only be fully removed after a reboot. If Malwarebytes asks you to restart, click Yes. Once you’re logged back in, your PC is clean and you can continue with the next steps in this guide.

   

STEP 5: Use HitmanPro to remove rootkits and other malware

Next, we’ll run a second-opinion scan with HitmanPro to catch Trojans, rootkits, and other malicious programs that may have survived the previous step.

HitmanPro is a second-opinion scanner — it’s designed to catch what your main antivirus might have missed. Instead of relying on a single detection engine, it checks the behavior of files in the locations where malware usually hides. Anything suspicious gets sent to the cloud, where it’s analyzed by two of the best antivirus engines available: Bitdefender and Kaspersky.

Good news: scanning is completely free, with no limits. You only need a license when it’s time to remove what was found — and even then, you can activate a free one-time 30-day trial to clean your PC at no cost. (A full license is $24.95 per year for 1 PC.)

1. Download HitmanPro

   Click the button below to download HitmanPro. Remember — the scan is free, so you have nothing to lose by checking your PC.

   DOWNLOAD HITMANPRO (FREE SCAN)
   (The link opens in a new page where your download will start)

2. Install HitmanPro

   When the download finishes, open your Downloads folder and double-click the file: “hitmanpro.exe” on 32-bit Windows, or “hitmanpro_x64.exe” on 64-bit Windows.

   

   If a User Account Control pop-up asks whether HitmanPro can make changes to your device, click “Yes” to continue.

   

3. Follow the On-Screen Prompts

   On the HitmanPro start screen, click “Next” to begin the system scan. No lengthy setup required — it goes straight to work.

   

   

4. Wait for the Scan to Finish

   HitmanPro will now check your computer for malicious programs. This usually takes just a few minutes thanks to its cloud-based scanning.
   

5. Review the Results and Click “Next”

   When the scan is done, HitmanPro will show you everything it found. Click “Next” to remove the detected threats.

   

6. Click “Activate Free License”

   To remove the malicious files, click the “Activate free license” button. This starts your free 30-day trial — no payment details needed — and unlocks the full cleanup.
   

   When the removal is complete, HitmanPro will show a summary of everything it cleaned. Click Next, then click Reboot if prompted. If there’s no reboot prompt, just click Close — your PC is clean.

STEP 6: Use AdwCleaner to remove malicious browser policies and adware

We’ll now use AdwCleaner to remove malicious browser policies and unwanted browser extensions — the leftovers that keep hijacking your browser settings even after the malware itself is gone.

AdwCleaner is a free on-demand scanner that specializes in adware, browser hijackers, and unwanted toolbars — the exact threats that mainstream antivirus programs often miss. It also includes tools that repair the damage malware leaves behind, like hijacked browser settings and malicious policies. It’s a quick scan that’s well worth running.

1. Download AdwCleaner

   Click the button below to download AdwCleaner — it’s free, portable, and requires no installation.

   

   DOWNLOAD ADWCLEANER (FREE)
   (The link opens in a new page where your download will start)

2. Run AdwCleaner

   Open your Downloads folder and double-click the file named “adwcleaner_x.x.x.exe“. There’s no installation — the program starts right away.
   

   If Windows asks whether you want to allow AdwCleaner to run, click “Yes“. When the license agreement appears, click I agree to continue.

   

3. Enable “Reset Chrome policies”

   This setting removes malicious browser policies — a trick malware uses to lock your browser settings so you can’t change them back. Click “Settings” on the left side of the window, then turn on “Reset Chrome policies“.

   

4. Start the Scan

   Click “Dashboard” on the left side of the window, then click the “Scan” button.

   

5. Wait for the Scan to Finish

   AdwCleaner will now check your computer for adware and other malware. This usually takes only a few minutes — it’s one of the fastest scanners around.

   

6. Quarantine the Detected Threats

   When the scan finishes, AdwCleaner will list everything it found. Click the “Quarantine” button to remove all the malicious items at once.

   

7. Click “Continue” to Finish the Cleanup

   Save any open work first — AdwCleaner needs to close your open programs before it can clean. When you’re ready, click the “Continue” button.
   

   AdwCleaner will now delete all detected malware from your computer. If it asks you to restart your PC, allow it — your computer will be clean when you log back in.

STEP 7: Perform a final check with ESET Online Scanner

Finally, we’ll run ESET Online Scanner as a last sweep to confirm nothing was missed. If this scan comes back clean, your computer is malware-free.

ESET Online Scanner is a free second-opinion scanner that performs a deep, full-system check for viruses, trojans, rootkits, and other malware. We use it as the final step because it’s thorough — if anything slipped past the previous scans, ESET will find it. A clean result here means your computer is malware-free.

1. Download ESET Online Scanner

   Click the button below to download ESET Online Scanner.

   

   DOWNLOAD ESET ONLINE SCANNER (FREE)
   (The link opens in a new page where your download will start)

2. Run the Installer

   When the download finishes, open your Downloads folder and double-click “esetonlinescanner.exe“.
   

3. Install ESET Online Scanner

   On the start screen, select your language from the drop-down menu and click Get started.

   

   On the Terms of use screen, click Accept.
   

   Choose your preferences for the Customer Experience Improvement Program and the Detection feedback system (either choice is fine), then click Continue.
   

4. Start a Full Scan

   Click Full Scan — this checks your entire computer, not just the common hiding spots.

   

   Select Enable for Detection of Potentially Unwanted Applications — this lets ESET catch adware and bundled junk programs, not just viruses. Then click Start scan.

   

5. Wait for the Scan to Finish

   ESET will now check every file on your computer. Because it’s a full scan, this can take a while — often an hour or more, depending on how much data you have. Leave it running in the background and check on it from time to time.

   

6. Review the Results

   When the scan completes, the Found and resolved detections screen appears. Any threats found were automatically cleaned and quarantined — there’s nothing extra you need to do. Click View detailed results if you want to see exactly what was removed.
   

   If ESET found nothing — congratulations, your computer has passed the final check and is malware-free.

After Removal: Critical Safety Steps

Even after the trojan is removed, your risk doesn’t automatically drop to zero. Many trojans steal credentials first, then quietly wait. These steps reduce the chance of account takeover and reinfection.

1) Change passwords from a clean device

Use a different device you trust (or a freshly reset phone) to change passwords for your email, banking, social media, and any accounts that matter. Start with your email account, because it’s often the reset gateway for everything else.

2) Enable multi-factor authentication (MFA)

Turn on MFA where possible, especially for email, Microsoft accounts, Google accounts, and financial services. App-based authenticators are safer than SMS when available.

3) Review account sessions and sign out of unknown devices

Many services let you see where you are signed in. If you see locations or devices you don’t recognize, sign out everywhere and re-login only on devices you trust.

4) Check your browser for stolen sessions

Info-stealers often target browser cookies and saved sessions. After cleanup, sign out of important sites and sign back in. Consider clearing cookies and site data for sensitive services.

5) Update Windows and all major apps

Run Windows Update and update browsers, Java, Adobe products, and any common runtimes. Patch levels matter because trojans frequently exploit old software.

When a Full Windows Reset Is the Safer Choice

Most trojans can be removed, but a reset can be the safer option in certain situations. Consider backing up personal files and reinstalling Windows if:

• Windows security tools are permanently disabled or corrupted
• New admin accounts appear that you didn’t create
• You keep getting reinfected after multiple cleanups
• You suspect a remote access trojan (RAT) with persistence
• Financial accounts were accessed from the infected device

FAQ: Trojan Removal on Windows

What’s the difference between a trojan and a virus?

A trojan disguises itself as legitimate software to trick you into running it. A traditional virus is typically self-replicating by infecting files. In real-world infections today, trojans are far more common and often deliver other malware.

Can Windows Defender remove trojans?

Sometimes, yes. However, many modern trojans attempt to disable security tools or add exclusions. If Defender is blocked or the infection returns, you may need additional scanners and deeper cleanup steps.

If my passwords were saved in my browser, are they stolen?

They can be. Info-stealers commonly target saved passwords, cookies, and autofill. If you suspect a trojan, assume credentials may be compromised and change them from a clean device after removal.

Do I need to reinstall Windows to remove a trojan?

Not always. Many trojans can be removed with a thorough cleanup. However, if you suspect a remote access trojan, repeated reinfections, or system security corruption, reinstalling can be the safer path.

How do trojans usually get onto a Windows PC?

Common routes include cracked software, fake updates, pirated games, email attachments, malicious ads, trojanized installers, and drive-by downloads from sketchy sites.

How can I prevent trojans in the future?

• Avoid cracks, keygens, and “free” versions of paid software
• Download software only from official sites
• Keep Windows and browsers updated
• Use reputable real-time protection and do not disable it
• Be cautious with email attachments and unexpected invoices