A web browser does not care if the file it is viewing is on your computer or is hosted on a

Security Windows More...Less

These are some of the most common ways that your devices can get infected with malware.

Malware authors often try to trick you into downloading malicious files. This can be an email with a file attached that tells you it is a receipt for a delivery, a tax refund, or an invoice for a ticket. It might say you have to open the attachment to get the items delivered to you, or to get money.

If you do open the attachment, you'll end up installing malware on your PC.

Sometimes a malicious email will be easy to spot—it could have bad spelling and grammar, or come from an email address you've never seen before. However, these emails can also look like they come from a legitimate business or someone you know. Some malware can hack email accounts and use them to send malicious spam to any contacts they find.

To reduce the chances of your device being infected:

If you aren't sure who sent you the email—or something doesn't look quite right—don't open it.
Never click an unexpected link in an email. If it appears to come from an organization you trust or do business with, and you think it might be legitimate, open your web browser and go to the organization's web site from your own saved favorite or from an internet search.
Don't open an attachment to an email that you weren't expecting, even if it appears to come from somebody you trust.

To learn more, see Protect yourself from phishing.

Microsoft OneDrive has built-in protection against Ransomware attacks. To learn more, see Ransomware detection and recovering your files.

Microsoft Office includes a powerful scripting language that allows developers to create advanced tools to help you be more productive. Unfortunately, criminals can also use that scripting language to create malicious scripts that install malware or do other bad things.

If you open an Office file and see a notice like this:

do NOT enable that content unless you're certain you know exactly what it does, even if the file appears to come from somebody you trust.

Warning: A popular trick by criminals is to tell you that you're about to be charged for a service you never signed up for. When you contact them to protest they tell you that to cancel the service you just need to download an Excel file they provide and fill in some details. If you download and open the file Excel will show the warning you see above. If you select Enable Content the malicious macro will run and infect your system.

No legitimate company will ever make you open an Office file just to cancel a service. If one asks you to, just hang up on them. It's a scam and there is no service you need to cancel.

To learn more about controlling how macros run on your device see Enable or disable macros in Office files.

Many worms spread by infecting removable drives such as USB flash drives or external hard drives. The malware can be automatically installed when you connect the infected drive to your PC.

There are a couple of things you can do to avoid this type of infection:

First and foremost, be very wary of any USB device that you don't own. If you find a USB device that was apparently lost or discarded, be reluctant to plug it into a computer with data you care about. Sometimes attackers will deliberately leave infected USB devices laying around in popular areas in hopes that somebody will find them and plug them into their computer.

Tip: This is called a "USB drop attack".

If you don't plug it in, you can't get infected. If you find a USB drive just laying around, apparently lost, see if there is a nearby receptionist, or lost-and-found, that you can turn it in to.

Second, if you do plug an unknown removable device into your computer be sure to run a security scan of it immediately.

Some malware can be installed at the same time as other programs that you download. This includes software from third-party websites or files shared through peer-to-peer networks.

Some programs will also install other software that Microsoft detects as potentially unwanted software. This can include toolbars or programs that show you extra ads as you browse the web. Usually you can opt out and not install this extra software by clearing a check box during the installation. Windows Security can help to protect you from potentially unwanted applications. To learn more, see Protect your PC from potentially unwanted applications.

Programs used to generate software keys (keygens) often install malware at the same time. Microsoft security software finds malware on more than half of PCs with keygens installed.

You can avoid installing malware or potentially unwanted software this way by:

Always downloading software from the official vendor's website.
Making sure you read exactly what you are installing—don't just click OK.

Malware can use known software vulnerabilities to infect your PC. A vulnerability is like a hole in your software that can give malware access to your PC.

When you go to a website, it can try to use vulnerabilities in your web browser to infect your PC with malware. The website might be malicious or it could be a legitimate website that has been compromised or hacked.

This is why it's extremely important to keep all your software, and especially your web browser, up to date and remove software you don't use. That includes unused browser extensions.

You can reduce your chances of getting malware in this way by using a modern browser, like Microsoft Edge, and keeping it updated.

Tip: Don't want to update your browser because you have too many tabs open? All modern browsers will reopen your tabs after an update process.

Some types of malware can download other threats to your PC. Once these threats are installed on your PC they will continue to download more threats.

The best protection from malware and potentially unwanted software is an up-to-date, real-time security product, such as Microsoft Defender Antivirus.

Windows 7 Enterprise Windows 7 Home Basic Windows 7 Home Premium Windows 7 Professional Windows 7 Starter Windows 7 Ultimate More...Less

Malware is a term that is used for malicious software that is designed to do damage or unwanted actions to a computer system. Examples of malware include the following:

Viruses
Worms
Trojan horses
Spyware
Rogue security software

A computer virus is a small software program that spreads from one computer to another and interferes with computer operation. A computer virus might corrupt or delete data on a computer, use an email program to spread the virus to other computers, or even delete everything on the hard disk.

Computer viruses are frequently spread by attachments in email messages or by instant messaging messages. Therefore, you must never open an email attachment unless you know who sent the message or you are expecting the email attachment. Viruses can be disguised as attachments of funny images, greeting cards, or audio and video files. Computer viruses also spread through downloads on the Internet. They can be hidden in pirated software or in other files or programs that you might download.

A worm is computer code that spreads without user interaction. Most worms begin as email attachments that infect a computer when they're opened. The worm scans the infected computer for files, such as address books or temporary webpages, that contain email addresses. The worm uses the addresses to send infected email messages, and frequently mimics (or spoofs) the "From" addresses in later email messages so that those infected messages seem to be from someone you know. Worms then spread automatically through email messages, networks, or operating system vulnerabilities, frequently overwhelming those systems before the cause is known. Worms aren't always destructive to computers, but they usually cause computer and network performance and stability problems.

A trojan horse is a malicious software program that hides inside other programs. It enters a computer hidden inside a legitimate program, such as a screen saver. Then it puts code into the operating system that enables a hacker to access the infected computer. Trojan horses do not usually spread by themselves. They are spread by viruses, worms, or downloaded software.

Spyware can install on your computer without your knowledge. These programs can change your computer’s configuration or collect advertising data and personal information. Spyware can track Internet search habits and can also redirect your web browser to a different website than you intend to go to.

A rogue security software program tries to make you think that your computer is infected by a virus and usually prompts you to download or buy a product that removes the virus. The names of these products frequently contain words like Antivirus, Shield, Security, Protection, or Fixer. This makes them sound legitimate. They frequently run right after you download them, or the next time that your computer starts. Rogue security software can prevent applications, such as Internet Explorer, from opening. Rogue security software might also display legitimate and important Windows files as infections. Typical error messages or pop-up messages might contain the following phrases:

Warning! Your computer is infected!

This computer is infected by spyware and adware.

Note If you receive a message in a popup dialog box that resembles this warning, press ALT + F4 on your keyboard to close the dialog box. Do not click anything inside the dialog box. If a warning, such as the one here, keeps appearing when you try to close the dialog box, it’s a good indication that the message is malicious.

Are you sure you want to navigate from this page? Your computer is infected! They can cause data lost and file corruption and need to be treated as soon as possible. Press CANCEL to prevent it. Return to System Security and download it to secure your PC.

Press OK to Continue or Cancel to stay on the current page.

If you see this kind of message, then don't download or buy the software.

For more information see Protect yourself from tech support scams.

Removing a computer virus or spyware can be difficult without the help of malicious software removal tools. Some computer viruses and other unwanted software reinstall themselves after the viruses and spyware are detected and removed. Fortunately, by updating the computer and by using malicious software removal tools, you can help permanently remove unwanted software.

For more information about how to remove a computer virus and spyware, see the following article in the Microsoft Knowledge Base: 2671662 - Microsoft resources and guidance for removal of malware and viruses

Note A computer virus may prevent you from accessing the Microsoft Update website to install the latest updates. We recommend that you set the Automatic Updates service to run automatically so that a computer is not missing any important updates.

For more information, see Windows Update: FAQ

Click Start, and then type Windows Update in the search box.
In the results area, click Windows Update.
Click Check for Updates.
Follow the instructions to download and install the latest Windows Updates.

Microsoft offers a free online tool that scans and helps remove potential threats from your computer. To perform the scan, go to the Microsoft Safety Scanner website.

For more information about the Microsoft Malicious Software Removal Tool, see the following article in the Microsoft Knowledge Base:

890830 - Remove specific prevalent malware with Windows Malicious Software Removal Tool

If the rogue security software can’t be detected or removed by using Microsoft Safety Scanner or the Windows Malicious Software Removal Tool, try the following steps:

Note the name of the rogue security software. For this example, we'll call it XP Security Agent 2010.
Restart your computer.
When you see the computer's manufacturer's logo, repeatedly press the F8 key.
When you are prompted, use the arrow keys to highlight Safe Mode with Networking, and then press Enter.
Click the Start button and check whether the rogue security software appears on the Start menu. If it's not listed there, click All Programs and scroll to find the rogue security software's name.
Right-click the name of the rogue security software program, and then click Properties.
Click the Shortcut tab.
In the Properties dialog box, check the path of the rogue security software program that is listed in Target. For example, C:\Program Files\XP Security Agent 2010.
Note The folder name frequently is a random number.
Click Open File Location.
In the Program Files window, click Program Files in the address bar.
Scroll until you find the rogue security software program folder. For example, XP Security Agent 2010.
Right-click the folder, and then click Delete.
Restart your computer.
Go to the Microsoft Safety Scanner website.
Click the Download Now button, and then click Run.
Follow the instructions to scan your computer and help remove the rogue security software.

If you suspect that your computer is infected with rogue security software that was not detected by using Microsoft security solutions, you can submit samples by using the Microsoft Malware Protection Center submission form.

Microsoft Defender Offline is an anti-malware tool that helps remove difficult to eliminate viruses that start before Windows starts. Starting with Windows 10, Microsoft Defender Offline is built-in. To use it follow the steps in this article: Help protect my PC with Microsoft Defender Offline.

On an uninfected computer, go to Help protect my PC with Microsoft Defender Offline.
Click Download the 32 bit version or Download the 64 bit version, depending on which operating system that you are running. If you're unsure of which operating system that you are running, see Is my PC running the 32-bit or 64-bit version of Windows.
When you are prompted, click Save As, and then save the file to a DVD, CD, or USB flash drive.
On the infected computer, insert the DVD, CD, or USB flash drive, and then restart the computer.
When you are prompted, press a key to select an option to use to start your computer, such as F12, F5, or F8, depending on the kind of computer that you are using.
Use the arrow key to scroll to the drive where you installed Microsoft Defender Offline file. Microsoft Defender Offline starts and immediately scans for malware.

There are actions that you can take to help protect your computer against malware.

Confirm that the Windows firewall is turned on. See Turn Microsoft Defender Firewall on or off for instructions on how to do that on modern versions of Windows.

Click the Start button, and then click Control Panel.
In the Search box, type firewall, and then click Windows Firewall.
In the left pane, click Turn Windows Firewall on or off (you may be prompted to enter your administrator password).
Under each network location, click Turn on Windows Firewall, and then click OK.

For more information about how to set Automatic Updates in Windows, see Windows Update: FAQ

Here are some tips that can help protect you from downloading software that you don't want:

Only download programs from sites that you trust. If you're not sure whether to trust a program that you want to download, enter the name of the program into your favorite search engine to see whether anyone else has reported that it contains spyware.
Read all security warnings, license agreements, and privacy statements that are associated with any software that you download.
Never click "Agree" or "OK" to close a window that you suspect might be spyware. Instead, click the red "x" in the corner of the window or press Alt + F4 on your keyboard to close a window.
Be wary of popular "free" music and movie file-sharing programs, and make sure that you understand all the software packaged with those programs.
Use a standard user account instead of an administrator account. An administrator account can access anything on the system, and any malware run with an administrator account can use the administrator permissions to potentially infect or damage any files on the system.

For more information about how to protect a computer against viruses, see Protect my PC from viruses.

For United States:

Want to chat with a live person? Our Answer Tech trained professionals are ready to help:

Answer Desk

Security information and training

Microsoft Security Help and Learning

Security solutions for IT Professionals:

Microsoft Security and Response Center

Support by country:

International Support

For locations outside North America:

For computer virus and security-related support for locations outside North America, go to the Microsoft Support website.