![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(115.19999999999999, 21%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
Microsoft Security | Microsoft Defender | Other
Additional Microsoft Defender tools and services that provide security across various platforms and environments
Because the PowerShell command may have installed information-stealing malware that current scans did not detect, treat the device as potentially compromised and follow a layered cleanup and recovery approach.
- Run stronger Microsoft malware scans
- First run the built-in Malicious Software Removal Tool:
- Press Windows key + R.
- Type
%windir%\system32\mrt.exeand select OK. - Approve the UAC prompt.
- Choose a Full scan and let it complete, removing anything it finds.
- Then run a Microsoft Defender Offline scan to catch hidden or persistent components:
- Select Start > Settings > Update & Security > Windows Security > Virus & threat protection.
- Under Current threats, select Scan options.
- Select Windows Defender Offline scan and then Scan now.
- The PC will restart and scan outside of Windows.
If malware keeps coming back or was only partially removed, repeat the offline scan until it reports clean.
- Make sure Defender is fully updated and using cloud protection
Before and after scanning, ensure Microsoft Defender Antivirus is up to date and using cloud-based protection so it can detect newer threats:
- Go to Start > Settings > Update & Security > Windows Security > Virus & threat protection.
- Under Virus & threat protection settings, select Manage settings.
- Confirm Cloud-delivered protection and Automatic sample submission are On.
- Under Virus & threat protection updates, select Check for updates, then under Threat definitions, select Check for updates.
If suspicious files are still not detected, submit them to Microsoft for analysis using the file submission portal referenced in the context.
- Assume possible data theft and protect accounts
Because information-stealing malware may have run, assume credentials and sensitive data could be exposed:
- From a separate, known-clean device, change passwords for:
- Microsoft account
- Email accounts
- Banking, shopping, and other critical services
- Enable multi-factor authentication (MFA) wherever possible.
- Monitor financial accounts and important services for unusual activity.
- If system behavior remains unstable, consider reset/reinstall
If after cleaning the system still shows signs of compromise or instability (unusual slowness, crashes, blocked security tools, browser redirections), malware may have made deeper or irreversible changes.
In that case, use Windows recovery options:
- Back up important files to an external location (preferably backups from before the infection, such as OneDrive versions).
- Use Reset this PC / recovery options for Windows 10 or 11 to reinstall Windows. Prefer a reset that reinstalls Windows while keeping personal files, or a full reinstall if needed.
- After reinstalling, immediately apply all Windows Updates and install current security software before restoring additional files.
- Prevent future infections
- Use a modern browser such as Microsoft Edge with Microsoft Defender SmartScreen enabled to block malicious or compromised websites.
- Be cautious of any site that asks to run commands (especially via Windows+R or PowerShell) or to install “security” tools or browser updates via pop-ups.
- Avoid sites that provide illegal downloads or pirated content, which are common malware sources.
If at any point malware cannot be removed or the system remains suspicious, treat a full reset/reinstall as the safest option.
References: