How to Remove Rogue Security Software from Windows

What Causes This?

Rogue security software usually gets installed through fake virus alerts, bundled installers, malicious ads, or scam websites that claim your PC is infected. These programs are designed to look like real antivirus tools, but their goal is to scare you into paying for a “full version” or installing more malware. In some cases, they also change browser settings, block legitimate security tools, or add startup entries so they relaunch every time Windows starts.

Common Symptoms

• Pop-ups claiming your PC has dozens or hundreds of infections
• A “security” app you don’t remember installing starts scanning automatically
• Constant warnings telling you to pay immediately to fix threats
• Browser redirects, fake support pages, or blocked access to real antivirus websites
• Slow performance, disabled Windows Security, or apps closing unexpectedly

How to Fix It Manually

1. Disconnect from the internet

   • Turn off Wi-Fi or unplug your Ethernet cable.
   • This can stop the rogue app from downloading more malware or showing more scam pages.

2. Boot into Safe Mode

   • Press Windows + I to open Settings.
   • Go to System > Recovery.
   • Under Advanced startup, click Restart now.
   • After restart, choose Troubleshoot > Advanced options > Startup Settings > Restart.
   • Press 4 for Safe Mode or 5 for Safe Mode with Networking if you need internet access for cleanup tools.

3. Stop the suspicious process

   • Open Task Manager with Ctrl + Shift + Esc.
   • Look for unknown apps using high CPU or memory, especially ones with names similar to antivirus products you did not install.
   • Right-click the suspicious process and choose End task.
   • If you are unsure, right-click it and choose Open file location. Files running from odd folders like AppData, Temp, or random-named directories are more suspicious.

4. Uninstall the rogue program

   • Press Windows + I, then go to Apps > Installed apps.
   • Sort by Install date and look for recently added security tools or unknown software.
   • Click the ... menu next to the app and choose Uninstall.
   • If it refuses to uninstall, note the app name and continue with the next steps.

5. Disable its startup entries

   • Open Task Manager and select the Startup apps tab.
   • Disable anything suspicious, especially fake security tools or unknown publishers.
   • You can also press Windows + R, type shell:startup, and remove any suspicious shortcuts from the Startup folder.

6. Run Windows Security and Microsoft Defender Offline

   • Press Windows + I and go to Privacy & security > Windows Security > Open Windows Security.
   • Click Virus & threat protection.
   • Run a Quick scan first.
   • Then click Scan options and choose Microsoft Defender Offline scan for a deeper check. Your PC will restart and scan before Windows fully loads.

7. Check your browser and reset if needed

   • Remove suspicious extensions in your browser’s extensions/add-ons page.
   • If redirects continue, reset the browser:
     • Edge: Settings > Reset settings > Restore settings to their default values
     • Chrome: Settings > Reset settings > Restore settings to their original defaults
   • Also check Settings > Apps > Default apps to make sure no fake browser or search tool was set as default.

8. Review payment and account security

   • If you entered credit card details or passwords into the rogue app, change those passwords immediately from a clean device.
   • Contact your bank if you paid for the fake software.
   • Watch for unauthorized charges or account logins.

Fix It Automatically with Kudu

If you do not want to hunt through startup items, installed apps, and suspicious processes manually, Kudu can help identify rogue security software and other unwanted programs quickly. It scans for suspicious apps, persistence entries, and system changes that often come with scareware, then helps remove them safely.

Download Kudu Free →