How to Detect Viruses on a Windows PC with Malwarebytes
A step-by-step guide to installing Malwarebytes Free, running your first scan, and understanding exactly what the results mean.
10 min read · Beginner friendly
If your Windows PC is acting strangely — running slowly, showing pop-ups, redirecting your browser, or just feeling off — running a malware scan is the fastest way to find out what is going on. Windows Defender (the antivirus built into Windows) is a solid first line of defence, but it can miss certain types of threats like adware, browser hijackers, and potentially unwanted programs (PUPs).
Malwarebytes Free is the industry-standard second-opinion scanner. It is designed to find exactly the kinds of threats traditional antivirus tools tend to overlook, and it runs happily alongside Windows Defender without conflict. This guide walks you through installing it, running a scan, and — most importantly — understanding what the results actually mean.
Why Malwarebytes? It is free for personal use, trusted by millions, and specifically built to detect adware, spyware, browser hijackers, and PUPs that other scanners miss. The free version is on-demand only (no real-time protection), which is exactly what you want for a one-off scan.
Signs Your Windows PC Might Be Infected
Before you scan, it helps to know the symptoms. Any one of these on its own could be innocent — but combinations are a strong signal that something is wrong:
- Sudden slowness — your PC takes much longer to start up, open programs, or load websites
- Pop-ups and ads appearing on the desktop or inside browsers, even on sites that normally have no ads
- Browser changes you did not make — a new homepage, default search engine, or unfamiliar toolbar
- Redirects when you click links — you end up on a different site than expected
- Unknown programs in your Start menu, taskbar, or Settings > Apps list
- High disk, CPU, or network activity when you are not actively doing anything
- Antivirus or Windows Update is disabled and you cannot turn it back on
- Files or shortcuts you did not create appearing on your desktop
- Friends receiving messages from you that you never sent
Step 1: Download Malwarebytes from the Official Site
Always download Malwarebytes directly from the official website. Fake versions of popular security tools are a common malware delivery method, so the source matters as much as the software itself.
- Open your browser and go to malwarebytes.com/mwb-download
- Check the address bar — it should read
https://www.malwarebytes.comwith a padlock icon - Click Free Download (you do not need to enter an email or create an account)
- The installer file
MBSetup.exewill download to your Downloads folder
Avoid third-party download sites. Sites like Softonic, CNET, and FileHippo sometimes wrap installers with extra adware. Always go to malwarebytes.com directly — never click an ad or sponsored link, even if it looks official.
Step 2: Install Malwarebytes
- Open your Downloads folder and double-click
MBSetup.exe - If Windows shows a User Account Control prompt, click Yes to allow the installer to run
- When asked who you are installing it for, choose Personal computer (the Free version) — not Work computer
- Click Install and wait about 30–60 seconds for the files to copy
- When prompted to add the browser extension Browser Guard, you can choose either option — it is optional and can be added later
- Click Done. Malwarebytes will open automatically
- You will see an offer for the Premium 14-day trial. To stay on the free version, click Skip or Maybe later — when the trial ends it will simply revert to free
Free vs Premium: The Free version only scans on-demand (when you click Scan). Premium adds real-time protection and runs continuously. For a one-off check, Free is all you need. If you want always-on protection, Windows Defender already provides that — running Premium is only worthwhile if you want a second always-on layer.
Step 3: Update the Threat Database
A scanner is only as good as its database. New threats appear daily, so an out-of-date scanner can easily miss recent malware. Malwarebytes will usually update automatically when you open it, but it is worth checking before your first scan.
- In Malwarebytes, look at the dashboard for the line Real-Time Protection and the date next to Last update
- Click the gear icon (Settings) in the top right, then go to the General tab
- Scroll to Application updates and click Check for updates
- If updates are available, let them download and install before scanning
Step 4: Run Your First Scan
From the Malwarebytes dashboard, click the big blue Scan button. This runs the default Threat Scan, which is what you want — it checks the locations malware most commonly hides without taking hours.
What each scan type does
- Threat Scan (recommended) — Scans memory, startup items, the registry, and key system folders. Takes 5–15 minutes. This catches almost everything for the average user.
- Custom Scan — Lets you pick specific drives or folders. Useful if you suspect something is on an external drive or a particular folder.
- Hyper Scan (Premium only) — A faster, lighter version of Threat Scan.
While the scan runs you will see a counter for items checked and any threats detected so far. You can keep using your PC during the scan, although things may feel a little slower. Do not turn the PC off or close Malwarebytes mid-scan.
If the scan finds nothing but you are still suspicious, run a Custom Scan with Rootkits enabled (Settings > Security > Scan for rootkits). Rootkit scans take longer but catch threats that hide deeper in the system.
Step 5: Understanding the Scan Results
When the scan finishes, Malwarebytes shows one of two outcomes: a clean report, or a list of detections. Each detection has a name, a category, and a location. The category is the most important piece of information — it tells you how serious the find is and what it actually does.
✅ Result: "No threats found"
Great news — Malwarebytes did not detect anything. This is the most common outcome and means none of the items it checked match its known-bad database.
A clean scan does not mean 100% guaranteed clean. Brand-new malware can take days to be added to scanner databases. If your symptoms continue, run a second scan with Windows Defender (Windows Security > Virus & threat protection > Scan options > Microsoft Defender Offline scan) and consider a third opinion like ESET Online Scanner.
⚠️ Result: Threats detected — what each category means
Detections are grouped by category, and each category sits on a different point of the severity scale. Here is what to expect for the most common ones:
PUP.Optional (Potentially Unwanted Program)
Severity: Low to Medium. These are programs that are not strictly malicious but behave in ways most people would not consent to if they understood them — bundled toolbars, registry cleaners that exaggerate problems to push paid upgrades, system optimisers, or download managers that sneaked in alongside something else you installed.
PUPs are the single most common Malwarebytes detection. They are not dangerous in the same way a trojan is, but they slow your PC down, show extra ads, and can change browser settings. It is almost always safe to quarantine them.
PUM.Optional (Potentially Unwanted Modification)
Severity: Low to Medium. A change to a Windows setting or registry value that is suspicious but not necessarily malicious — for example a disabled Task Manager, a modified hosts file, or a tweaked proxy setting. Sometimes legitimate software (or you) made the change. Quarantining is generally safe, but if you recognise the change as something you set up deliberately you can ignore it.
Adware
Severity: Medium. Software that injects advertisements into your browser, the desktop, or other programs. Often comes with a browser hijacker that changes your homepage and default search engine. Quarantine immediately. After cleaning, reset your browser to default settings to remove any leftover hijacked configuration.
Spyware / Stalkerware
Severity: High. Programs designed to silently monitor your activity — keystrokes, screenshots, browsing history, webcam feeds. Quarantine immediately, then change your important passwords (email, banking, social media) from a different, known-clean device. If this is on a work machine, contact your IT team rather than removing it yourself.
Trojan / Backdoor
Severity: High. Disguises itself as legitimate software but opens a hidden "back door" so an attacker can control your PC, steal data, or install more malware. Quarantine, restart, run a second full scan, and assume any passwords typed on the PC since the suspected infection date should be changed from a clean device.
Ransom / Ransomware
Severity: Critical. Encrypts your files and demands payment to unlock them. If Malwarebytes catches it before files are encrypted, quarantine and you are likely fine. If your files are already encrypted (you see ransom notes or files renamed with strange extensions), disconnect from the internet immediately, do not pay, and seek professional help. Quarantining the malware will not decrypt your files.
Other categories you may see
- Worm (High) — self-replicating malware that spreads to other devices on your network. Quarantine immediately and scan other PCs on the same Wi-Fi.
- Virus / Malware.Generic (High) — classic malicious code, often attached to executables. Quarantine, then run a second scan.
- Exploit / Hijacker (High) — code that takes advantage of a software flaw, often delivered via a web browser. Quarantine and make sure Windows and your browser are fully up to date.
- RiskWare (Medium) — legitimate tools that can be misused (remote-access utilities like TeamViewer or AnyDesk). If you did not install it, quarantine it.
- Rootkit (Critical) — hides deep in the operating system. If detected, follow the deeper recovery steps below.
Step 6: Quarantine the Threats
After the scan, every detected item has a checkbox next to it. Leave them all ticked and click Quarantine. This moves the files into an encrypted, isolated folder where they cannot run — it does not permanently delete them, so if anything important was flagged by mistake you can restore it later.
Malwarebytes may ask you to restart your PC to finish removing items that were active in memory. Always say yes. After restarting, open Malwarebytes again and run one more Threat Scan — this confirms everything is gone and catches anything that was hidden behind what you just removed.
Getting more information about a specific detection. In the results screen, click the detection name to see Malwarebytes' description of what that threat does. You can also search the exact name on the Malwarebytes Threat Center or paste the file path into VirusTotal.com for a 70+ engine second opinion.
Step 7: After You Clean — What to Do Next
- Restart and re-scan to confirm the system is clean.
- Run Windows Defender as a second opinion: Windows Security > Virus & threat protection > Scan options > Microsoft Defender Offline scan. This reboots the PC and scans before Windows fully loads, catching anything hiding in active memory.
- Update everything — Windows Update, your browser, and any out-of-date software. Most malware enters through known vulnerabilities in unpatched software.
- Reset your browser if you saw adware or hijacker detections (Chrome: Settings > Reset settings; Edge: Settings > Reset settings).
- Change your passwords for important accounts (email, banking, social media) from a different, trusted device — especially if a trojan, spyware, or keylogger was detected.
- Enable two-factor authentication on those accounts if you haven't already.
Quick Reference
Running Malwarebytes once every couple of months — or any time your PC starts behaving oddly — is one of the simplest and highest-value habits you can build. It takes about ten minutes and catches the kinds of threats that slip past traditional antivirus.