Windows Defender is absolutely useless and Malwarebytes is only slightly better. I’d recommend Bitdefender, and make sure it’s installed on a freshly erased computer. Digital security is an arms race and the bad guys are winning.
I wouldn’t rely on software running on the (potentially infected) system, since all malware these days will attempt to turn off or evade antivirus tools.
If you believe your device is compromised then you should wipe it and reinstall the OS. You should also delete any executable files on external media (secondary drives etc.) that may have been infected (eg. any setup.exe programs or portable exes), or at the very least verify the cryptographic hashes of those files if possible.
If you want to know if your credentials appear in a breach then search on Have I Been Pwned?. If it says your password appeared in an “infostealer dump” then you know that it was stolen directly from your device and you need to wipe it. If it was just the website that was breached then it wasn’t you personally that was hacked and you should just change your password.
In your opinion, what’s the best way to find and remove malware for the average user?
I currently use Malwarebytes and windows defender. I’m wondering if this is enough or should I change something?
Windows Defender is absolutely useless and Malwarebytes is only slightly better. I’d recommend Bitdefender, and make sure it’s installed on a freshly erased computer. Digital security is an arms race and the bad guys are winning.
I wouldn’t rely on software running on the (potentially infected) system, since all malware these days will attempt to turn off or evade antivirus tools.
If you believe your device is compromised then you should wipe it and reinstall the OS. You should also delete any executable files on external media (secondary drives etc.) that may have been infected (eg. any setup.exe programs or portable exes), or at the very least verify the cryptographic hashes of those files if possible.
If you want to know if your credentials appear in a breach then search on Have I Been Pwned?. If it says your password appeared in an “infostealer dump” then you know that it was stolen directly from your device and you need to wipe it. If it was just the website that was breached then it wasn’t you personally that was hacked and you should just change your password.