Repairing Windows after a serious infection: A complete guide

If your PC has suffered an infection of malware or a serious virus, acting methodically makes the difference between recovering the system or losing time and data. In this guide, you'll find a clear and comprehensive procedure for diagnosing, cleaning, and repairing Windows, as well as restoring damaged components and preventing future infections.

The content combines manufacturer practices, Windows-specific utilities, and techniques tested in real-world scenarios (including advanced data recovery and rescue options). Throughout the article, you'll see when a scan is sufficient, when it's a good idea to repair system files, and when a clean reinstall is the quickest and most guaranteed solution.

Before you begin: Scope of support and recommended strategy

The most conservative position in professional environments is that, in the event of a significant infection, a clean reinstallation of Windows resolves the problem 100% of the time. It's the fastest way to restore stability and reduce uncertainty if you suspect rootkits, deep-dive, or severe damage.

If you have advanced support (e.g., ProSupport), the protocol is to verify the infection, leave the computer usable, and decide between cleaning or reinstallation depending on the extent of the compromise. This approach allows you to run scanners, evaluate their status, and choose the best outcome in each case.

Important: Testing and using third-party tools carries risks and may result in data loss if precautions are not taken. Make a backup before intervening, and run utilities with administrator privileges only when necessary.

Malware vs. Viruses and Warning Signs

Malware is the umbrella term for a wide variety of threats: ransomware, scareware, adware with redirects, spyware, and more. Some simulate system failures to get you to pay to “fix” them, others hijack your browser or exfiltrate information.

A virus is a type of malware that replicates and attaches itself to services or applications; it often travels in "packets" alongside Trojans, worms, or kernel-level rootkits. This makes detection and removal difficult and can render security tools useless.

There are elements that appear to be infected but aren't (tracking cookies, BHOs, search hooks); without an associated malicious executable or driver, they don't confirm compromise. Still, their presence may be a sign that you should investigate.

Typical indicators of a serious infection include browser redirects, crashes of .exe or .msi files, disappearance of the antivirus icon, pop-ups, and changes to the desktop. You may also see empty menus, strange icons, or drives that appear to be “empty.”

Confirm infection and restore minimum usability

Check if you've seen any unusual pop-ups, browser hijacking, or suspicious messages from your system tray or desktop. These types of signals help prioritize actions and choose the right tools.

If Windows or the Internet are not working normally, boot into Safe Mode with network functions (preferably via LAN). In this environment, only essential services are loaded and many malware programs fail to start.

Use Process Explorer and Autoruns (Sysinternals) with administrator privileges to detect strange processes and persistent startup entries. Most infections reveal themselves in these utilities if you run them elevated.

If the tools don't open because the .exe association is blocked, rename the installer to .com and try again. If that doesn't work, try using Safe Mode. This trick usually gets around basic shell crashes.

Sometimes a kernel-mode driver hides antivirus software or blocks its execution; in the Device administrator Turn on “Show hidden devices” to locate and disable suspicious plugins. Caution is required to avoid touching legitimate drivers.

Scanners and types of protection: when and how to use them

If your resident antivirus didn't detect the threat entering, don't rely on it to find it now: add an on-demand scanner from a different vendor. Engine diversity increases detection rate.

• There are two complementary approaches: real-time (resident) protection and on-demand (manual) scanners for spot checks. Maintain a single real-time engine to avoid conflicts, and several on-demand ones as a second opinion.
• Recommended sequence: first an on-demand scan, then a full scan with your updated resident antivirus. This combination improves coverage without duplicating functions in memory.

General Containment and Cleanup Guide

Disconnect your device from the Internet and pause its use until you are ready to remove the malware. Minimizing communications reduces exfiltration and connection retries by the attacker.

Boot into Safe Mode (with networking if you need to download utilities), where only basic services load and malicious payloads are less likely to boot. If your PC is running noticeably faster, it could indicate excessive autostarts or the presence of malware.

Exfoliate your skin Temporary files with Disk Cleanup or from Internet Options to speed up scans and remove downloads residual malicious. Reducing the analysis surface speeds up the process.

Remove the infection with Malwarebytes (and alternatives)

Malwarebytes is an effective and free option for a first-time user; download it from its official website, install it, update it, and run a Quick Scan. If you don't have a connection on the compromised computer, use another machine and copy the installer to a USB.

When the scan is complete, review the results and tap "Remove Selected" to remove what's detected. If prompted to restart, accept to complete the cleanup. For deep threats, continue with a Full Scan.

If Malwarebytes closes when you start the scan and doesn't reopen, the infection may be severe; in these cases, strongly consider reinstalling Windows after backing up your data. Forcing anchored anti-rootkit tools may be slower than reinstalling.

As a second opinion, it complements the scan with other trusted on-demand scanners and, if everything checks out, runs a full real-time antivirus scan to validate. Cross-checking reduces false negatives.

Other removal and support routes

If you don't want to do it yourself or the infection is complex, there is paid technical support "at the point of need" or the windows reinstall as a definitive solution. Both routes shorten times when gravity is high.

Also, check out Microsoft tools and support articles for specific guides if you prefer to maintain your system and thoroughly clean it. Manufacturer solutions reduce compatibility risks.

Repair Windows Damage After Infection

SFC and DISM commands to restore system files

Open a symbol of the system (Administrator) or PowerShell (Administrator) and execute, one by one, the following commands to repair components: guide to repair system files.

sfc /scannow
DISM.exe /online /cleanup-image /scanhealth
DISM.exe /online /cleanup-image /restorehealth
DISM.exe /online /cleanup-image /startcomponentcleanup

SFC repairs protected files from the system cache, while DISM fixes the Windows image used by SFC. Be patient: each phase may take several minutes.

Manually replacing a corrupted system file

If you identify a corrupt system file that SFC can't repair, take ownership, grant permissions, and replace it with a complete copy. Use correct routes and extreme caution.

takeown /f C:\Windows\System32\jscript.dll
icacls C:\Windows\System32\jscript.dll /grant administrators:F
copy E:\temp\jscript.dll C:\Windows\System32\jscript.dll

Make sure the source copy is reliable and matches your version of Windows. An incorrect file can cause instability.

Update Windows and drivers

From Settings > Update & security, install all pending updates (including Defender) and restart. Patching in a timely manner fixes bugs and closes vectors exploited by malware.

Boot Repair (MBR/BOOTMGR) and BIOS

If the system fails to boot due to boot loader corruption, boot into the Recovery Environment (from an installation USB/DVD) and run:

bootrec /RebuildBcd
bootrec /fixMbr
bootrec /fixboot

You can also reset the BIOS/UEFI to default values ​​if you suspect settings that are preventing the disk or OS from being detected. Erroneous firmware changes also block boot.

Damaged Partitioning and Recovery

If the partition table has been corrupted, try to recover it with TestDisk before doing anything else. This free utility can restore lost partitions and make the disk bootable again.

Recovery Environment: Copying Data with Notepad

After two failed startups, Windows offers automatic repair; go to Advanced Options > Command Prompt and launch Notepad.exe to use File > Open as Mini-Explorer. This will allow you to copy folders (e.g., C:\Users\YourName\Desktop) to another drive.

Bootable Antivirus and Safe Mode

A self-booting rescue disk from a trusted vendor allows you to scan without starting Windows and remove threats that are blocking your system. If you can, also try Safe Mode to recover data with minimal services running.

Recovery with Linux Live USB

Boot a Live distro (e.g., Ubuntu) from a USB drive and copy your files to an external drive; it doesn't modify the Windows disk. It is a safe way if the system does not boot but the disk is readable.

Backups and connecting the disk to another PC

If you have backups, restore them; if not, remove the drive and connect it via SATA-USB to another PC without active encryption to copy the data. Then, decide whether to repair or install Windows from scratch.

Windows Defender: What it offers, why it won't start, and what to do

Microsoft Defender integrates antivirus, firewall, and real-time protection with automatic signature updates and low resource consumption. It's a solid first line for most users.

Typical causes when Defender does not start

• Conflict with another antivirus or firewall which puts Defender in passive mode or blocks components.
• Incomplete update of the system or the signatures that have been left hanging.
• Corrupted system files or corrupt registry entries after failed installations or malware.
• Misconfigured services or policies that disable Defender.

Quick checks

Uninstall or temporarily stop other antivirus/antimalware to rule out conflicts (Acronis with security modules, anti-malware tools, etc.). Never keep two engines resident at the same time.

Force Windows Update and Defender signature updates; if that fails, manually download the definitions package from Microsoft. Reboot and check again.

Run SFC and DISM as described above to repair files and the system image. Many blockages are resolved after these repairs.

Clean Boot (msconfig): Hides Microsoft services and disables the rest; in Startup, disables everything in the Task Manager and reboot to isolate conflicts. Rehabilitate in groups until the culprit is found.

Make sure Real-time Protection is turned on in Windows Security > Virus & threat protection > Manage settings. If it is disabled, activate it.

Common errors and solutions

0x8050800c: It is usually related to third-party antivirus remnants, damaged signatures, or a corrupted registry. Install all updates, disables the “periodic scan” If you are using a third-party antivirus, completely remove any leftovers with the vendor's official tool and run DISM /RestoreHealth.

0x80240438: update conflicts, parallel antivirus or use of proxy/VPN. Control apps security settings, update definitions manually, check Windows Update, and temporarily disable proxy/VPN. Reset the network can help.

0x8007139f: Usually due to a collision with another antivirus or an incomplete update. Stop/uninstall the other engine, check for updates, run the Windows Update troubleshooter, and SFC / scannow.

0x800700aa: often associated with corrupt system files. Run SFC, check for conflicts with third-party antivirus, update Windows and deactivates and reactivates Real-time protection.

0x800704ec: Defender disabled by policy. Open gpedit.msc and in Windows Components > Antivirus Windows Defender, set “Turn off Windows Defender Antivirus” to Not Configured or Disabled.

0x80073b01: conflict with security software; uninstall other engines and restarts.

0x800106ba: stopped services; in services.msc, set “Windows Defender Antivirus” and “Windows Defender Network Inspection Service” to Automatic.

0x80070005: Lack of permissions; run Defender as administrator and check security permissions.

Prevention: avoiding reinfection

Keep Windows and apps up to date with critical and security patches from Windows Update. Patching in time reduces the attack surface.

Don't open attachments or links from unknown senders; if in doubt, delete the message. Email hygiene cuts off the main entry route for malware.

Use a single, up-to-date real-time antivirus and on-demand second-opinion scanners. Multiple resident engines generate conflicts.

Scan removable media (USB, external drives, CD/DVD) before opening and avoid software from dubious sources. USB drives remain a common route of spread.

Scan downloads and attachments before running them, and be wary of .exe, .pif, .com, and .src files received via email or chat. Set your browser to block potentially dangerous downloads.

Review online banking, email, and social media activity, and change passwords after an infection. If you have backups, scan them to avoid restoring malware.

Windows Registry: What It Is, Risks, and How to Safely Repair It

The Registry is the hierarchical database where Windows stores system settings, programs, hardware and profiles. Its main hives (HKLM, HKCU, HKU, HKCR) orchestrate the behavior of the OS and apps.

Editing the Registry by hand is not recommended unless you are an expert and have a backup, because a wrong change can leave the system unstable or unusable.

Why it breaks and what it means

Malware, abrupt shutdowns, faulty installations, problematic hardware, and incomplete uninstalls leave behind orphaned or corrupted entries. The result: slowness, errors, crashes, and even boot problems.

How to detect problems in the Registry

Look for symptoms such as frequent crashes, failure to install software, or noticeable performance degradation. Built-in and third-party tools help diagnose and repair.

Safe Methods to Fix the Registry

First of all, export a copy from regedit (Run as administrator > File > Export). This copy allows you to revert if something goes wrong.

Use Disk Cleanup to clean up temporary files and system junk, which reduces conflicts and speeds up checks.

Run DISM and SFC As stated, they correct the Windows image and replace corrupt protected files, often related to Registry errors.

Startup repair from the Recovery Environment: Resolves items that block boot (including inconsistencies in the Boot Record).

Malware scanning with Microsoft Defender (including offline scanning) to remove malicious registry modifications.

System Restore to a previous point returns the Registry and system files to a known functional state.

Restart this PC It's the last resort: reinstall, keeping or not keeping your files, removing programs and drivers that may have damaged the Registry.

Third-party tools (use them wisely)

Recovery Toolbox for Registry Attempts to restore information from damaged registry files using Automatic and Advanced modes; useful when Windows tools aren't enough.

Ultimate Defense Mechanical System It combines optimization, antivirus, cleaning, and recovery with a focus on resolving thousands of common issues; use its registry cleaning modules with caution.

Advanced SystemCare PRO It applies AI to clean junk, invalid registry entries, and online traces, as well as optimizes RAM and browser performance. Remember to create a restore point before applying changes.

You have a clear roadmap: contain, diagnose, disinfect, repair key components, and future-proof the system. If cleaning is more time-consuming and risky than reinstalling, safeguard your data and opt for a clean install: You will save time and regain stability with guarantees.