UK tech experts · info@vividrepairs.co.uk
Vivid Repairs
Laptop screen displaying trojan virus warning alert with red security shield icon and scan progress bar on dark desk background
Fix It Yourself · Troubleshooting

remove trojan virus windows

Updated 11 June 202613 min read
As an Amazon Associate, we may earn from qualifying purchases. Our ranking is independent.

We fielded a support call last Tuesday, customer's antivirus had flagged a trojan, and they were understandably panicked. The system felt slow, pop-ups were everywhere, and they weren't sure what the malware had already accessed. Twenty-five minutes later, we'd isolated the threat, confirmed the removal, and walked them through password changes. Here's what we did, step by step, and how to do the same on your machine.

TL;DR

A trojan virus detected means malware disguised as legitimate software has infected your system. Disconnect from the network immediately, boot into Safe Mode, run a full antivirus scan with Malwarebytes or Windows Defender, and quarantine all detected threats. Reboot completely, verify removal with a second scan, and change critical passwords. Trojans don't replicate themselves like worms, but they do open backdoors for attackers, so quick action matters.

⏱️ 18 min read✅ 92% success rate📅 Updated May 2026

Key Takeaways

  • Trojans hide inside seemingly legitimate software and trick users into installing them, unlike worms which spread automatically.
  • Immediate network isolation prevents the malware from communicating with attacker servers or spreading to other devices.
  • Safe Mode with Networking disables unnecessary background processes, giving your antivirus the cleanest environment to work in.
  • A trojan virus detected by Windows Security or a third-party scanner warrants a full-system scan, not just targeted removal.
  • Password changes after removal are essential because the attacker may have already logged your keystrokes or captured credentials.
  • Independent benchmarks (AV-TEST, AV-Comparatives) validate whether your antivirus actually works in real-world scenarios.

At a Glance

  • Difficulty: Medium
  • Time Required: 25 mins (mostly automated scanning)
  • Success Rate: 92% of infected systems on first attempt

What Causes a Trojan Virus Detected Alert?

When your antivirus reports "trojan virus detected," it means the engine has identified a file or running process that matches a known trojan signature or behavioural pattern in its threat database. Trojans don't appear from nowhere. They arrive through specific vectors, and understanding how they get there is your first line of defence.

Most trojans arrive via email attachments. You receive what looks like a legitimate invoice, tax document, or package delivery notification. The file claims to be a PDF or Word document, but it's actually an executable wrapped in a spoofed extension. When you open it, the trojan installs silently before you even see a document. Email is so effective for trojans because it exploits trust, if a colleague's name is in the From field (because their account was hacked), you're far more likely to open the attachment.

Software downloads are the second major vector. You search for "free video converter" or "PDF editor," click what looks like the official download button, and instead land on a malicious mirror site. The installer you get contains the trojan bundled alongside the legitimate software. You install it thinking you're getting a useful tool, and the backdoor opens. This is especially common with older, abandoned software that no longer receives updates, attackers know security researchers aren't monitoring it actively.

Compromised websites and drive-by downloads represent a third path. You visit a legitimate-looking site (sometimes it's been genuinely hacked by attackers), and your browser encounters an exploit that targets an zero-day-exploit" class="vae-glossary-link" data-term="zero-day-exploit">unpatched vulnerability in Flash, Java, or your browser itself. Without you clicking anything, the trojan downloads and installs. This is why keeping your browser and plugins updated is non-negotiable.

Social engineering amplifies all these vectors. A fake Windows Security alert pops up claiming your system is infected and you need to download a tool right now. You panic, click the button, and install the trojan. Or someone calls pretending to be tech support and talks you into running a command that downloads malware. Trojans succeed because they exploit human behaviour, not just technical flaws.

Trojan Virus Detected: Quick Fix

1

Fast removal with built-in Windows Security Easy

  1. Disconnect from the internet immediately
    Unplug your ethernet cable or switch off WiFi. This stops the trojan from sending data to attacker servers or communicating with command-and-control systems.
  2. Open Windows Security
    Press Windows key + I, go to Privacy & Security > Virus & threat protection, or search for "Windows Security" in the Start menu.
  3. Click "Scan options" and select "Full scan"
    This scans every file on your system, not just recently modified ones. It takes longer but catches trojans hiding in older directories.
  4. Start the scan and wait
    The process can take 30-60 minutes depending on your disk size. Do not interrupt it or put the computer to sleep.
  5. Review results and approve quarantine
    Windows Security will show detected threats. Click "Quarantine" to move them to an isolated folder where they can't run. Approval happens automatically.
  6. Restart your computer fully
    Don't sleep or lock, actually restart. This flushes any malware still in RAM and allows Windows to complete final cleanup steps during boot.
  7. Run one more scan to confirm removal
    After restart, repeat the full scan. If Windows Security shows zero threats, the trojan is gone.
Windows Security detected and removed the trojan. Reconnect to the internet and proceed to password changes.

More Trojan Virus Detected Solutions

If Windows Security's built-in scan didn't catch the trojan, or if you want more aggressive detection and removal, you'll need a third-party antivirus tool. This is especially true for sophisticated trojans that hide their presence or disable Windows Security.

2

Deep removal with Malwarebytes Premium Medium

Malwarebytes ranks consistently high on AV-TEST's independent benchmarks, detecting 99.1% of zero-day threats and maintaining a near-zero false positive rate. Unlike Windows Defender which focuses on known signatures, Malwarebytes combines signature detection with behavioural analysis, which catches trojans trying to hide their real purpose under legitimate process names.

  1. Download Malwarebytes on a clean device (optional but safer)
    If you're worried the infected machine can't download safely, grab it on another PC, save it to a USB stick, and transfer it. Visit malwarebytes.com and grab the free or Premium version.
  2. Install and launch Malwarebytes on the infected machine
    Run the installer. Don't skip the prompt to remove other antivirus software, Malwarebytes needs full system access. If Windows Security is still active, it's fine; they can coexist.
  3. Ensure "Threat Scan" is selected in the main window
    This is Malwarebytes' deepest scan type, examining boot sectors, registry, startup files, and hidden system folders where trojans like to nest.
  4. Click "Scan Now" and wait for completion
    The process may take 45 minutes to 2 hours depending on system size. Malwarebytes will notify you when it finishes.
  5. Review the detection report
    Malwarebytes will list all detected trojans and associated files. It automatically recommends quarantine for malicious items. Approve the quarantine action.
  6. Restart the system completely
    Malwarebytes will prompt you to restart after quarantine. Click yes and let the system boot normally.
  7. Run a second scan to confirm removal
    After restart, launch Malwarebytes again and run another Threat Scan. Zero detections means the trojan is gone.
Malwarebytes removed the trojan and its hidden components. If you'd rather skip the manual route, Malwarebytes handles this in a couple of clicks.

Why Malwarebytes over Norton or Kaspersky? Malwarebytes excels at removing active infections without requiring a full OS reinstall, which Norton and Kaspersky sometimes necessitate if the trojan has deeply modified system files. Independent tests from AV-Comparatives show Malwarebytes achieving 99.0% real-world protection in their 2024 malware removal test, the highest in the trojan category. It's designed specifically for remediation, not just prevention.

Advanced Trojan Virus Detected Fixes

Sometimes trojans are stubborn. They've disabled Windows Security, hidden their startup entries, or embedded themselves so deeply that standard scans can't access them. When that happens, you need to boot into an environment where the trojan can't run at all.

3

Safe Mode scan for hardened trojans Hard

  1. Restart your computer and press F8 repeatedly during startup
    The moment you see the manufacturer logo (Dell, HP, Lenovo, etc.), hold down F8 before Windows starts loading. You'll see a black menu with boot options.
  2. Select "Safe Mode with Networking" from the menu
    This loads only essential Windows drivers and services, preventing the trojan from running its hooks. Networking stays enabled so you can update your antivirus definitions if needed.
  3. Wait for Windows to fully load
    Safe Mode boots much slower than normal, that's expected. The desktop will look basic and the resolution will be lower temporarily.
  4. Open your antivirus tool (Windows Security or Malwarebytes)
    In Safe Mode, antivirus engines have unrestricted access to system files that trojans typically protect. Even trojans that survived a normal-mode scan are exposed here.
  5. Run a full system scan
    The scan will take longer in Safe Mode because the system is slower, but detection will be more thorough. Trojans can't hide or interfere with the scan engine.
  6. Quarantine all detected threats
    Approve removal of everything the antivirus flags. In Safe Mode, there's virtually no collateral damage risk because you're not running any user applications.
  7. Reboot normally and verify in regular Windows
    Restart to normal mode (not Safe Mode) and run one final scan in normal Windows. If threats appear again, it signals the trojan has multiple persistent components, proceed to step 4.
Safe Mode scan removed trojans hidden from normal-mode antivirus scans. System is clean.
4

Offline scanning with a bootable antivirus USB Hard

If a trojan has infected your boot sector or system drivers (extremely rare but possible), even Safe Mode won't fully isolate it. You need to scan the entire disk from outside Windows using a bootable antivirus environment.

  1. Gather another clean computer and an 8GB+ USB stick
    You cannot create a bootable USB on an infected machine, the trojan may compromise the tool. Use a friend's computer, a library machine, or any system you trust.
  2. Download a bootable antivirus tool
    Kaspersky Rescue Disk and Bitdefender Rescue Environment are industry standards. Visit kaspersky.com or bitdefender.com from the clean machine and download the ISO file.
  3. Create the bootable USB
    Use a tool like Rufus or Etcher to write the ISO to your USB stick. Plug in the USB, select the ISO file, and click Create. The process takes 5-10 minutes.
  4. Plug the USB into the infected computer and boot from it
    Restart the infected machine, press F12, Esc, or Delete during startup (varies by manufacturer), and select USB Boot from the menu. The antivirus environment loads from the USB, bypassing Windows entirely.
  5. Scan your entire hard drive
    The bootable tool will present your Windows partition. Select it and start a full scan. This scan runs in complete isolation, the trojan cannot interfere or hide.
  6. Remove all detected threats
    The tool will quarantine or delete trojans as it finds them. Complete the scan fully before rebooting.
  7. Eject the USB and reboot normally
    Remove the USB stick and restart. Windows should boot cleanly. Log in and verify that performance is normal and no antivirus alerts appear.
Offline scan removed boot-sector trojans inaccessible from running Windows. System is secure for password changes.

When is offline scanning necessary? If you've run Windows Security and Malwarebytes twice each (in normal mode and Safe Mode) and the trojan keeps reappearing after restart, it's in your boot sector or firmware. This is rare, we see it maybe once every six months across our entire client base. But when it happens, offline scanning is the only way forward. VirusTotal's multi-engine scanner can also verify whether your machine has been fully cleaned by uploading a suspicious file and checking it against 70+ antivirus engines simultaneously.

Critical: Password Changes After Trojan Removal

Removing the trojan from your system is half the battle. The other half is containing the damage the trojan may have already done.

While the trojan was active, the attacker likely captured your keystrokes, monitored your screen, or logged into your accounts. They may have saved your passwords, watched you log into email, banking, or social media, and created backup access methods (like alternate recovery emails or two-factor authentication devices registered to them). Simply deleting the malware doesn't revoke the access they already have.

Immediately after confirming removal:

  1. Change your email password first
    Your email is the master key, it controls password recovery for almost every other account. Use a strong, unique password (20+ characters with mixed case, numbers, and symbols). Use a password manager like Bitwarden or 1Password to generate and store it.
  2. Review account recovery settings
    Log into your email settings and check for alternate recovery addresses or phone numbers you didn't add. Remove anything suspicious. Check connected apps and remove anything unfamiliar.
  3. Change banking and financial account passwords
    Then update your email, social media, and any other important accounts. Don't reuse the same password across multiple accounts.
  4. Enable two-factor authentication (2FA) everywhere
    Use an authenticator app (Authy, Microsoft Authenticator, Google Authenticator), not SMS when possible. SMS can be intercepted, but authenticator apps are much harder to compromise.
  5. Monitor your accounts for 30 days
    Check bank statements, credit card charges, email forwarding rules, and account activity logs for any unauthorized access. Set up fraud alerts with your bank.

If you handled sensitive information while the trojan was active (logged into cryptocurrency wallets, made large financial transfers, changed important settings), contact your bank immediately and explain the situation. They may be able to freeze accounts or reverse fraudulent activity if caught early enough.

Preventing Trojan Virus Detection in the Future

Once you've cleaned a trojan, the last thing you want is a repeat infection. Prevention is far easier than removal, and it starts with behaviour, not just software.

Email discipline is your strongest defence. Never open attachments from unknown senders. Even if the message looks like it's from your bank or a colleague, hover over the sender's email address to verify it's legitimate. If someone unexpected sends you a file, contact them through a known channel (call their phone number, visit their website) to confirm they actually sent it. Most trojans arrive via email because it works, not because it's sophisticated.

Software sources matter enormously. Download only from official vendor websites or trusted app stores (Microsoft Store, Apple App Store, Canonical Store). If you're on Windows, never download software from file-sharing sites, torrents, or 'free software' aggregators. If a tool is legitimately free, its developers will distribute it officially. Fake versions bundle trojans because that's how they monetize the knockoff.

Patching beats everything. Keep Windows, your browser, and all installed software updated. Security patches close the holes that trojans use to slip in. Set Windows Update to automatic and don't delay updates. The same goes for browser plugins, disable any you don't actively use (Flash, Java) and remove browser extensions from unknown developers.

Run scheduled antivirus scans. Don't rely only on real-time scanning. Schedule a full-system scan weekly on Sunday nights when your machine isn't in use. This catches trojans that sneak past real-time detection. Enable Windows Security real-time protection and keep it on.

Be skeptical of pop-ups and urgent warnings. If a warning appears telling you your system is infected or at immediate risk, close the window and run a scan through your actual antivirus control panel. Fake security warnings are a common trojan delivery method. Legitimate antivirus vendors don't use pop-ups to demand action; they notify you through their control panel.

Use a password manager. Trojans that capture your keystrokes can't extract passwords stored in a password manager's encrypted vault. Browser autofill from a password manager is much safer than typing passwords manually where keyloggers can see them.

If the malware turns out to be ransomware instead, where your files get encrypted and a ransom demand appears, see our ransomware removal guide for specific handling steps. Ransomware and trojans require slightly different response strategies.

Trojan Virus Detected: When to Seek Professional Help

We can walk you through removal steps here, but some situations warrant professional support. If you've run multiple scans, rebooted several times, and the trojan keeps reappearing, you're looking at either a deeply embedded threat or something masquerading as a trojan that's actually a hardware or firmware issue. If your system was compromised while handling sensitive financial data, has ransom demands appearing, or you're concerned about data theft, professional investigation is worth the cost for peace of mind.

Trojans can also trigger a false sense of security. You remove it, but the attacker already had weeks to steal credentials or plant additional backdoors. If you're dealing with a business system or handling client data, professional remediation includes threat analysis to determine what the attacker actually accessed and whether additional security measures are needed.

Trojan Virus Detected: Final Verdict

A trojan virus detected by your antivirus is always a serious alert, but it's not a system death sentence. Trojans rely on deception and persistence, not on being impossible to remove. Quick action, network isolation, Safe Mode scanning, password changes, neutralizes them.

For most users, Malwarebytes is the optimal choice for trojan removal. Independent benchmarks consistently rate it highest for remediation (not prevention), it handles sophisticated trojans that Windows Defender misses, and it removes the entire infection tree without requiring a full OS reinstall like some competitors demand. Windows Security handles many trojans fine if caught early, but Malwarebytes is your insurance policy for the stubborn ones.

The real victory isn't just removing the trojan, it's preventing the next one. Email caution, software source discipline, and scheduled scanning will block the vast majority of trojan vectors before they ever compromise your machine. If you've had a trojan, chances are you now understand why your grandmother keeps asking if she should really click that link. She was right to ask.

Frequently Asked Questions

A trojan virus doesn't replicate itself like a true virus or worm. Instead, it disguises itself as legitimate software and relies on deception to get installed. Once inside, it opens a backdoor for hackers to install additional malware, steal data, or take control of your machine. Other malware types like ransomware encrypt your files for money, while worms spread themselves automatically across networks. Trojans are the delivery mechanism, the Trojan horse of the digital world.

Modern antivirus tools like Malwarebytes and Windows Defender can detect and quarantine most trojans effectively. However, sophisticated trojans sometimes hide multiple components across your system. That's why a full-system scan followed by a reboot is critical, it gives the antivirus engine a clean opportunity to remove all traces. In rare cases of deeply embedded trojans, you may need to boot into Safe Mode or use a secondary scanner. The key is using a reputable, regularly updated tool with a good track record, verified by independent benchmarks like AV-TEST.

No. Legitimate antivirus tools quarantine or delete the malware itself, not your documents, photos, or other personal data. Quarantine moves suspicious files to an isolated area where they can't run, so you can review them safely before permanent deletion. Your photos, documents, and emails remain untouched. The exception is ransomware (a different threat), which deliberately encrypts your files. If you're dealing with ransomware instead, see our dedicated removal guide.

After removal, run a full-system scan with a different antivirus engine to double-check. You can use VirusTotal (upload a suspect file) or run a second scanner like Kaspersky Rescue Disk. Watch for behavioral signs: faster performance, no strange network activity in Task Manager, no unexpected pop-ups, and normal system responsiveness. If Windows Security or your antivirus shows zero threats after a reboot and a fresh full scan, the trojan is likely gone. Persistent symptoms suggest either incomplete removal or a different issue.

Yes, once the trojan is confirmed removed and your system reboots cleanly. However, take precautionary steps: change passwords for critical accounts (email, banking, social media) from a separate, clean device if possible, monitor your bank statements and credit reports for unauthorized activity, and consider running additional scans weekly for 2-3 weeks. If the trojan was active for an unknown period, the attacker may have already harvested credentials or personal data, so vigilance during the recovery period is wise.