Blog

Signs Your Computer Has a Virus — And How to Tell the Difference

Some signs point to real malware. Others are just a slow PC or an aggressive antivirus upsell. Here's how to tell what's actually wrong — and what to do about it.

Published June 27, 2026
#malware #virus #security-basics #windows #how-to
Share:
✨ Ask AI: ChatGPT Claude Perplexity

Quick Answer

What are the signs your computer has a virus?

Real warning signs include browser redirects you didn't authorize, new toolbars or extensions you didn't install, unexplained outbound network activity in Task Manager, files disappearing or renaming themselves, and antivirus from a source you don't recognize. Slow performance alone usually isn't malware — it's more often a software update, browser tabs, or a full hard drive.

Last reviewed: June 27, 2026

I’ve cleaned malware off WordPress sites enough times that I stopped being surprised by what infected sites look like. The most disorienting thing is how normal they can appear. Traffic behaving strangely. Weird links appearing in the source code. Redirects that only happen to certain visitors. Nothing visually broken.

Endpoint infections — malware on a Windows PC rather than a server — work similarly. The signs are often subtle, and many of the obvious “warning signs” you’ll read about are actually just slow hardware or an antivirus trying to upsell you.

This is how to tell the difference.

Signs that actually indicate infection

These are behavioral changes that don’t happen by accident.

Browser redirects you didn’t do. Your homepage changed to something you didn’t set. Searches route through an unfamiliar engine. Typing a URL takes you somewhere else first. This is almost always a browser hijacker — malware that modifies browser settings to route your traffic through ad networks or phishing pages.

Extensions or toolbars you didn’t install. Open your browser’s extension list. If you see something unfamiliar that you didn’t add, that’s a problem. Browser hijackers often arrive bundled with software installers — a checkbox you missed during installation added something you didn’t want.

Unexplained outbound network traffic. Open Task Manager (Ctrl+Shift+Esc), go to the Performance tab, and click “Open Resource Monitor.” Under Network, look for processes sending data that shouldn’t be. A browser sends data. A media player shouldn’t be connecting to external servers. If an unknown process is consistently sending outbound traffic, that’s worth investigating.

Files disappeared, got renamed, or became inaccessible. If documents you saved are gone or encrypted, ransomware is the most likely explanation. Ransomware typically renames files with unfamiliar extensions and leaves a ransom note. This is the most destructive type of infection and the reason offline backups matter.

Your antivirus software won’t open or update. Some malware specifically targets antivirus software to disable it. If your security tools suddenly stop running or update processes fail repeatedly, that’s more suspicious than a slow PC.

New admin accounts appeared. This one is easy to miss. Check Settings > Accounts > Other users. If there’s an account you didn’t create, something created it for a reason.

Signs that are probably not malware

These are common explanations that get blamed on viruses but usually aren’t.

Computer is slow. This is the most over-attributed symptom. Windows Update, search indexing, browser tabs with heavy JavaScript, startup programs, a full hard drive, fragmented storage, or just aging hardware all cause slowdowns. Open Task Manager and look at what’s using CPU and memory before assuming infection. A cryptocurrency miner would show up as a process using high CPU constantly — that’s different from general slowness.

Popup windows. There are two types. Real antivirus notifications come from software running in your system tray — they appear as Windows notifications in the corner of the screen or inside the security app itself. Browser popups claiming your computer is infected, especially ones with phone numbers or countdown timers, are scareware. They’re designed to look alarming enough that you click or call. Don’t.

A security warning you haven’t seen before. Windows SmartScreen, Microsoft Edge warnings, and Windows Defender notifications can look alarming when you first encounter them. A SmartScreen warning about an unfamiliar download doesn’t mean you’re infected — it means you downloaded something Windows hasn’t verified yet.

High CPU during certain tasks. Video calls, browser-based apps, and games legitimately use a lot of CPU. If high usage happens only when you’re doing something demanding, that’s normal behavior, not malware.

The fake virus popup problem

This deserves its own section because it’s become the most common security issue people encounter.

The setup is always similar: you’re browsing, a popup appears claiming your computer is infected. It often looks like a Windows notification or uses the logo of a real antivirus brand. It tells you to call a number immediately.

Never call that number. Real antivirus software does not put phone numbers in browser popups. Real Windows errors don’t appear in the browser — they appear in the Windows interface itself.

What these popups actually are: malvertising (malicious ads on legitimate sites) or websites designed to generate false alerts. The goal is to get you to call a fake “support” number where someone will request remote access to your computer and potentially install actual malware while pretending to remove a virus that was never there.

How to close them safely: don’t click anywhere inside the popup, including the X button, which may trigger a download. Use your browser’s window controls at the top of the screen, or press Ctrl+W to close the tab. If you can’t close it, press Ctrl+Shift+Esc to open Task Manager and end your browser process.

What to actually do if you suspect infection

Step 1: Don’t panic. Most infections are not catastrophic. Ransomware is the exception.

Step 2: Close anything suspicious without clicking inside it. Use Task Manager if needed.

Step 3: Run a full scan with your installed antivirus. Not a quick scan — a full one. This takes longer but checks more.

Step 4: Run Malwarebytes Free as a second opinion. It catches adware and potentially unwanted programs that traditional antivirus sometimes misses. Install from malwarebytes.com only — not from a search ad.

Step 5: If both scans are clean but symptoms persist, check your browser extensions, your startup programs (Task Manager > Startup tab), and your installed apps list for anything unfamiliar. Remove what you don’t recognize.

Step 6: If you found and removed something, change your passwords for important accounts — email, banking, anything you access through that machine. Assume the infection may have had access to what you typed.

What you don’t need to do: reformat and reinstall Windows for every infection. That’s a last resort for severe cases, not a routine response to adware.

A note on infection sources

Most people who get infected aren’t doing anything dramatic. Common sources: pirated software and games, unofficial download sites that bundle extras into installers, clicking links in email that looked plausible, browser extensions from outside the official extension stores, and occasionally malvertising on legitimate sites.

The pattern I’ve seen repeatedly on client sites and in community discussions: people are surprised how ordinary the vector was. Not a sophisticated attack. A checkbox they missed. A link they didn’t look at closely. A free download from a site they’d used before.

That’s worth knowing, not to create anxiety, but because it points at where actual prevention lives: habits, not just software.

GuardPick is not an antivirus testing lab. We evaluate software based on product information, pricing, trial availability, refund policies, feature fit, third-party lab references (AV-TEST, AV-Comparatives), and hands-on usage where possible.

Frequently Asked Questions

Can a computer have a virus if antivirus says it's clean?
Yes. Antivirus can miss new or obfuscated threats, especially fileless malware that runs in memory without writing files to disk. If your antivirus shows clean but symptoms persist, scan with a second tool like Malwarebytes or ESET Online Scanner, which is free. Running both increases detection coverage.
Is slow computer always a sign of virus?
Rarely. Slow performance usually comes from background Windows updates, a full or fragmented hard drive, too many startup programs, aging hardware, or browser tabs eating RAM. Run Task Manager (Ctrl+Shift+Esc) to see what's actually using your CPU and RAM. Malware rarely tops the list unless it's a cryptocurrency miner.
What should I do if I think my computer has a virus?
Don't panic, and don't call any phone number shown in a popup. Close suspicious popups using Task Manager if needed. Run a full scan with your installed antivirus, then a second scan with Malwarebytes Free. If you're unsure what you're looking at, disconnect from the internet until you've scanned.
Are antivirus warning popups always real?
No. Fake virus alerts — called scareware — are designed to look like legitimate warnings. Real antivirus notifications come from the app running in your system tray, not from a browser popup. If a popup claims your PC is infected and tells you to call a number, that's a scam. Close the browser, not the popup button.
Can I remove a virus myself or do I need professional help?
Most common infections — adware, browser hijackers, PUPs — can be removed with Malwarebytes Free or your installed antivirus. Severe ransomware or rootkits are harder and may require professional help or a clean reinstall. If your antivirus won't run, can't update, or your system is severely compromised, professional help is worth considering.
Share:
✨ Ask AI: ChatGPT Claude Perplexity
Steven Doan

Written by

Steven Doan

Web developer. Managed 20+ WordPress sites, dealt with malware firsthand, ran self-managed VPS servers. I review security software the way a developer would — not a lab tester.

Follow me:

Stay in the loop

New security software reviews, deals, and honest takes. No spam.

UI only — backend coming soon.

Related Posts

Do I Still Need Antivirus in 2026?

Short answer: it depends on who you are. Windows Defender has become genuinely good. But whether that's enough for you specifically depends on your habits, your hardware, and what you have to lose.

Is Windows Defender Enough in 2026? The Honest Answer

Windows Defender has gone from a punchline to a legitimate antivirus. But 'enough' is doing a lot of work in that question. Here's the nuanced answer most sites won't give you.

📦 This is a live demo project

Built step by step in the series Learn Astro from Scratch — read the full guide on doancongtuan.com.

View Source → Read the Series →