Virus & Malware Removal in Amherst, NY

Honest Virus & Malware Removal for Mac and PC

If your computer is acting up (pop-ups everywhere, browser opening to weird sites, your homepage changed without you doing it, programs running you don't recognize, the whole thing crawling), we can help. We're a drop-off computer repair shop in Amherst, NY, and virus and malware removal is one of the things we handle most often. You bring the machine in, we run a real diagnostic, we tell you what's actually going on, and we give you a quote before any work happens. No upsells, no scare tactics, no "your computer has 1,247 critical errors" nonsense.

We see this issue every single week. People who've never had a problem in ten years suddenly clicked on the wrong thing, opened the wrong attachment, or installed something that looked legitimate. Sometimes it's a kid's laptop loaded with garbage from sketchy game downloads. Sometimes it's a small business owner who got hit with a fake invoice email. Sometimes it's someone whose grandkid "fixed" their computer and made it worse. Whatever the situation, you're not the first person to bring one in with it, and most of the time, the fix is straightforward once we figure out what we're actually dealing with.

The thing we want you to understand right up front: a slow computer is not always a virus. In fact, more often than not, the real problem is something else: a failing hard drive, too much startup software, an aging machine that needs a tuneup, or just a cluttered system. We're not going to sell you virus removal you don't need. If your machine isn't actually infected, we'll tell you that and quote you for what it actually needs instead.

What's Actually Happening When Your Computer "Has a Virus"

Most people use "virus" as shorthand for any unwanted thing happening on their computer, and that's fine. It gets the point across. But under the hood, there are a bunch of different categories of problems, and the fix for each one is different. Here's what we typically run into:

• Adware: the most common thing we see, especially on machines used by multiple people in a household. Adware is software that pushes ads at you, hijacks your browser, redirects searches, and generally makes the computer annoying to use. It's rarely dangerous, but it's relentless. Usually arrives bundled with free software downloads or "free PDF converter" type apps.
• Browser hijackers: specifically target your browser. Your homepage changes, your search engine changes, you keep getting redirected to sites you didn't click on. These are technically a form of malware but they live mostly in browser extensions and shortcuts, which is why they're stubborn but usually fixable.
• Spyware: quieter than adware. Spyware sits in the background recording what you do, what you type, what sites you visit, sometimes even your keystrokes. You might not notice symptoms, but the machine is leaking information. Comes from sketchy free software, malicious browser extensions, and email attachments.
• Trojans: programs that pretended to be something else (a free game, a "video player update," a cracked piece of software) and turned out to be malicious once you ran them. Trojans can do anything depending on what the attacker built in: spy, steal passwords, recruit your computer into a botnet, or download more malware.
• Ransomware: the bad one. Ransomware encrypts your files and demands payment to unlock them. Modern ransomware is genuinely sophisticated and the encryption itself is usually unbreakable. We can clean the ransomware off the machine so it's safe to use again, but recovering encrypted files without a backup is often impossible. This is why we'll talk to you about backup setup if you don't already have one.
• Fake antivirus / scareware: a category by itself because we see it constantly. These are programs that pop up warning you that your computer is infected with hundreds of viruses, then demand you pay them to "fix" it. The program itself is the problem. Removing it is usually quick.
• Cryptojackers: relatively new. These quietly use your computer's processor to mine cryptocurrency for someone else. You'll notice your machine running hot, the fan blasting, slowdowns when you try to do real work. Almost always comes from a malicious browser extension or compromised website.
• Tech support scam aftermath: not exactly malware, but if you called a fake "Microsoft" or "Apple" support number and gave them remote access, we have to treat your machine like it's been compromised. Whoever was on the other end of that call had full control of your computer. We need to clean up whatever they installed and figure out what they may have accessed.

Why does this matter? Because the right fix depends on what you actually have. Adware comes off pretty quickly. A trojan or rootkit might require a full reinstall. Ransomware needs a totally different conversation. We don't know which one you've got until we look at the machine, and that diagnostic is free.

Signs Your Computer Probably Has Malware

Some signs are obvious. Some are more subtle. If you're seeing more than one or two of these, it's worth bringing the machine in for a look:

• Pop-up ads appearing on your desktop or in apps that aren't even web browsers
• Your browser homepage changed by itself, or your default search engine isn't what you set it to
• You're being redirected to websites you didn't click on, especially ones with weird domains
• Programs starting up that you don't remember installing
• The computer is suddenly running hot, the fan is blasting, and the battery dies fast
• Your cursor is moving on its own, or windows are opening and closing without you doing it
• You can't access certain websites, especially security or antivirus sites
• Your security software has been disabled and won't turn back on
• Friends are getting weird emails or messages from your account that you didn't send
• Files have been renamed with strange extensions, or you can't open documents you used to be able to open
• A full-screen warning is telling you to call a phone number to fix your computer
• Your computer is asking you to enter your password constantly when it never used to

If you're seeing the ransom-note style warnings (something like "your files are encrypted, pay X bitcoin"), please don't try to fix it yourself. Don't pay the ransom either. Disconnect the machine from your network so it can't spread, and bring it in. The faster we get to it, the better the chances of recovering anything.

How Our Virus Removal Process Works

Every machine that comes through our shop for virus removal goes through the same basic process. The exact steps vary based on what we find, but here's the general flow:

1. Drop-off and intake.You bring the computer in. We talk through what's been happening: when it started, what you might have clicked on or installed, what symptoms you're seeing. This conversation is more useful than people realize. Often you've already given us a clue about which type of infection we're dealing with.
2. Free diagnostic.We run an initial diagnostic to confirm what's actually going on. About half the time the symptoms point to malware. The other half it's something else: failing hardware, a software conflict, or just a machine that needs a tuneup. We tell you what we found before quoting anything.
3. Quote and your decision.Once we know what's needed, we give you a quote. You decide whether to proceed. If you'd rather take the machine elsewhere, that's fine, the diagnostic was free. No pressure, no guilt trips.
4. Cleanup or reinstall.For most infections, we run multiple scanners with different detection engines, manually inspect the spots malware likes to hide, remove malicious browser extensions and rogue startup entries, and verify the machine is clean. For deep infections (rootkits, persistent ransomware, or anything that's modified system files) we'll recommend a clean reinstall, which is more thorough.
5. Backup before reinstall (if needed).If we're doing a reinstall, we back up your personal files first, do the rebuild on a clean system, then restore your files. Your documents, photos, email, and saved data come back with you.
6. Verify and harden.Before you pick up the computer, we verify it's actually clean. Not just "the scanner came up empty" but actually behaving normally. We also tighten up the basics: make sure your built-in security is on, remove any sketchy browser extensions you didn't intend to install, and check that critical updates are current.
7. Pickup and quick walkthrough.When you come to pick it up, we'll walk you through what we found and the handful of habits that prevent reinfection. Two minutes of conversation here saves people a lot of grief later.

Why Drop-Off Beats Remote "Virus Removal"

You'll see a lot of services online offering remote virus removal. They connect to your computer over the internet and clean it from wherever they are. Some of these are legitimate, but there's a real reason we don't operate that way for serious infections.

When malware has already compromised a machine, the malware itself can interfere with cleanup tools. Some infections actively block antivirus software from running. Some hide in places that only show up when you boot from external media, which you can't really do remotely. And in the worst case (if the infection includes a keylogger or remote access trojan) the technician on the other end of a remote session is potentially exposing themselves to whatever's on your machine, and there's no way to verify the cleanup is actually complete.

When the computer is physically in our shop, we can boot from clean external media, run scanners offline, manually inspect file systems and registries, and verify the machine is genuinely clean before it goes back to you. It's slower than a remote session, but it's the difference between actually fixing the problem and putting a band-aid on it.

We're also not going to ask you for remote access over the phone. If anyone calls you claiming to be from Microsoft, Apple, your ISP, or "Windows technical support" and asks for remote access, that's the scam. Those companies do not call you.

Mac vs PC: It Matters for Virus Removal

The "Macs don't get viruses" thing was sort of true twenty years ago, when Mac market share was tiny enough that nobody bothered targeting them. That changed a long time ago. Macs absolutely get malware now, and we clean infected Macs every week. The categories of malware are slightly different though, and so is the approach.

On the PC side, we're dealing with the full spectrum: adware, browser hijackers, trojans, ransomware, rootkits, and the occasional novel infection. Windows is the bigger target by far, simply because there are more Windows machines in the world, so attackers focus there. Modern Windows 10 and Windows 11 have genuinely good built-in protection, but the threat landscape is also bigger. Most of the deep infections that require full reinstalls come from PCs.

On the Mac side, the most common thing we see is adware and "fake utility" apps: MacKeeper, fake "Mac cleaners," browser hijackers from sketchy extensions, and adware bundled with cracked software. Real malicious malware on Mac is rarer but does happen, especially on machines used to download pirated software. Apple's built-in protection (Gatekeeper, XProtect, the T2 / Apple Silicon security model) catches a lot, but it's not bulletproof.

We have a dedicated Mac virus removal page and a dedicated PC virus removal page with more detail on the platform-specific stuff. The basic process is the same on both (drop it off, free diagnostic, honest quote, real cleanup), but the techniques and tools we use differ depending on the machine.

Common Virus Removal Scenarios We See in Amherst

Some patterns repeat. Here are a few of the situations we end up handling most often, all anonymized:

The "I clicked on a fake update" PC

Someone is browsing the web, a pop-up tells them their Flash player is out of date or their browser needs an update, they click yes, and now they have a browser full of toolbars they didn't ask for, ads everywhere, and search results that go to weird places. This is one of the most common things we handle. It's almost always cleanable in a single visit, and we use it as a teaching moment. Real updates don't come from random websites.

The "tech support called me" computer

Someone got a phone call (or a pop-up that told them to call) claiming to be Microsoft or Apple support. The caller said the computer was infected, asked for remote access, "fixed" it, and charged a few hundred dollars. Sometimes they also installed actual malware while they were in there. We treat these machines as fully compromised, which means a clean reinstall plus changing all important passwords from a different device. The hardest part is convincing the customer they got scammed, because the caller was very convincing.

The student's laptop loaded with sketchy game stuff

Common on machines used by kids or younger teenagers, especially during summer. Free game downloads, unofficial Minecraft mod sites, "free Roblox skins". It's a buffet of adware and bundled junk. Usually a routine cleanup once you know what you're looking for. We'll also have a quick conversation about parental controls and where the safe places to download things are.

The small business with a suspicious email

An employee opened an email that looked like it was from a vendor or the boss, clicked the attachment, and now the machine is acting strange. This is the dangerous one because business malware is usually trying to spread to other machines on the network, steal credentials, or position itself for a ransomware attack. We isolate the machine, clean it thoroughly, and have a serious conversation with the business owner about backup and email security. Sometimes we recommend bringing in other machines too, to make sure nothing spread.

The Mac with "MacKeeper"

Easily one of the most common Mac problems we see. MacKeeper and similar "Mac cleaner" apps install themselves through bundled downloads or aggressive web ads, then are notoriously difficult to fully remove because they hide in multiple places. Mac users often think their Mac is broken when really they just need MacKeeper and its friends fully removed. Quick fix once you know where they hide.

The "this happened after my grandkid used the computer" situation

We see a lot of these. The grandkid was watching videos on a free streaming site, downloading "free movie" software, or installing "helpful" browser extensions, and now grandma's computer is unusable. Standard cleanup. We sometimes also set up a separate user account so the same thing doesn't happen again.

Why Choose Us for Virus Removal in the Amherst & Buffalo Area

Look, you have options. There are big-box retailer service counters, there are national chains, there are remote services online, and there are other local shops. Here's what's true about us, take it or leave it.

The work happens here. Your computer doesn't get shipped anywhere. We don't subcontract. The same shop that quoted you the work is the shop that does the work. If you have a question while we have it, you call us and you get the person actually working on the machine.

We diagnose before we quote. We're not going to estimate over the phone. We're not going to guess. We look at the machine, we tell you what we found, then we tell you what it costs. The diagnostic itself is free. If it turns out you don't have a virus, we'll tell you that and we won't charge you for virus removal.

We don't upsell. If your machine needs virus removal, that's what we'll quote. We're not going to slip in "while we're at it" charges or sell you software subscriptions you don't need. If we think there's something else genuinely worth doing (like an SSD upgrade for a slow machine, or a backup setup since you just learned what ransomware is) we'll mention it and let you decide.

We do both Mac and PC. Lots of shops do one or the other well. We do both. The tools and techniques are different but the underlying job is the same: figure out what's wrong, fix it, hand you back a working machine.

Drop-off only, on purpose. We don't do on-site or remote support. That's not a limitation, it's a choice. Working on a machine in the shop with proper tools and clean media is how you actually fix problems. House calls are a great fit for some shops; we just think the work comes out better when the computer is on our bench.

We're located on North French in the Amherst / Tonawanda area, easy drive from anywhere in Amherst itself, Williamsville, Tonawanda, Kenmore, North Buffalo, Boulevard Mall area, the UB North Campus area, and basically anywhere in the northern Buffalo metro. There's parking right at the building. We work by appointment only. Call ahead, schedule a drop-off time, and we'll be ready for you when you get here.

How Pricing Works for Virus Removal

We don't post a flat rate, and there's a real reason for it: the right price genuinely depends on what we find. A basic adware cleanup on a relatively healthy machine is one thing. A fully infected computer that needs a clean reinstall plus data backup plus software reinstallation is a totally different scope of work. Quoting either one without looking at the machine would mean either overcharging the easy jobs or underquoting the hard ones, and we don't want to do either.

What we can promise:

• The diagnostic is free. We'll look at your machine and tell you what's wrong before quoting anything.
• You'll get a real quote with a real number before any work happens. No "we'll figure it out as we go."
• No surprise charges. The price we quote is the price you pay, unless we find something genuinely unexpected and we'll call you first if that happens.
• You can walk away after the diagnostic. If you decide not to do the work or want a second opinion elsewhere, that's fine. Take your machine and go.

What You Can Do to Avoid Reinfection

We'll cover this when you pick up the machine, but here's the short version. Most infections we see are preventable, and the prevention isn't complicated.

Don't install software from random websites. If you need a free PDF reader, get it from the actual maker's site, not from "freepdfdownload-deals.net" or whatever shows up in a search ad. Free software bundled with installers is the single most common way home users get adware. The "express install" option on free software almost always means "install three other things you didn't ask for." Always pick custom install and uncheck everything you don't recognize.

Don't click on pop-ups telling you to update Flash, your browser, or any plugin. Real updates don't work that way. Browsers update themselves. Flash doesn't exist anymore.

Don't open email attachments you weren't expecting, even if they look like they're from someone you know. Email addresses are easy to fake, and a surprising number of business email accounts get compromised and used to send malware to the contact list. If you weren't expecting an attachment, call or text the person and ask them about it before opening it.

Don't call phone numbers from pop-up "virus warnings." Microsoft, Apple, and your ISP do not warn you about viruses with pop-ups that include a phone number. That's the scam.

Back up your important files. We can fix almost anything, but ransomware that's already encrypted your files is the one situation where prevention is dramatically better than recovery. We can set up a backup the next time you bring the machine in if you don't have one yet.

Service Areas for Virus Removal

We're located in the Amherst / Tonawanda area, near the UB North Campus, easy access from Sheridan Drive, Maple Road, Niagara Falls Boulevard, and the I-290. Customers regularly drop off from across Western New York:

• Amherst, NY
• Buffalo, NY
• Williamsville, NY
• Tonawanda, NY
• Cheektowaga, NY
• Clarence, NY
• Kenmore, NY
• Lancaster, NY

What to Do Right Now If You Think Your Computer Is Infected

If you're reading this on the infected machine, the first thing to do is stop using it for anything sensitive. No banking, no logging into email, no entering passwords. The longer the malware is active, the more data it can collect.

If you can, disconnect from the internet. Unplug the ethernet cable, turn off Wi-Fi, or just unplug the router for a minute. This stops most malware from talking to whoever wrote it and prevents it from spreading to other machines on your network. It also stops ransomware in progress from encrypting more files. If you have a desktop with files on a network drive, disconnecting now might save those files.

Don't try to "clean it yourself" by downloading random tools you find through a search. A lot of "free virus removal tools" are themselves malware, especially the ones that show up in search ads. Even legitimate tools can be tricky on an active infection. Some malware blocks security software from running, and running the wrong tool in the wrong order can make things harder to clean later.

Don't pay any pop-up that's demanding payment, and don't call any phone number a pop-up tells you to call. We've already covered this above but it's worth repeating because tech support scams cost people thousands of dollars and we see victims of them every month.

If you've already entered passwords or financial info on a machine you now suspect is compromised, change those passwords from a different device. Your phone is fine. Start with email and banking. Call your bank's fraud line if you used the card on the suspicious machine recently.

Then bring the computer in. If it's a laptop, just power it down and bring it. If it's a desktop, you only need to bring the tower itself. No need to bring the monitor, keyboard, or mouse unless you suspect those are part of the problem (rare). We work by appointment only, so call 716-771-2536 first to schedule a drop-off time. We'll have a slot ready for you, you'll be in and out in a few minutes, and we can talk through what's been happening so we know what we're looking for.

What Happens to Slow Computers That Aren't Actually Infected

About half the people who bring us a machine convinced they have a virus actually don't. The machine is genuinely slow, or behaving strangely, but the cause is something else. Worth knowing what these other causes are, because they're often easier and cheaper to fix than virus removal.

The big one is the hard drive. Traditional spinning hard drives, the kind that come in older laptops and budget desktops, get slower as they age, and at some point they start to fail. A failing hard drive feels like a virus: the computer freezes, takes forever to open programs, hangs on startup. The fix isn't virus removal, it's a hard drive replacement, and these days we almost always replace with an SSD which makes the machine feel new again. We have a page on SSD upgrades that goes into more detail.

The next most common cause is too much startup software. Every program you install asks if it can start automatically when you turn on the computer, and most people just click yes. After a few years of this, you have twenty or thirty programs all trying to launch at once when you boot up. The machine feels infected because it's doing all this stuff in the background. Cleaning this up is part of a computer tuneup rather than virus removal.

Sometimes it's just an aging machine. A six-year-old laptop with 4GB of RAM and a spinning hard drive trying to run modern Windows is going to feel slow no matter how clean it is. We can usually breathe years of life into it with an SSD upgrade and more memory, but sometimes the honest answer is "you've gotten your money out of this one." We'll tell you that if it's true. We do purchase consulting if you've decided it's time for a new machine and want help picking one.

Frequently Asked Questions

Real questions we get asked at the counter about virus and malware removal.

• How do I know if my computer actually has a virus, or if it's just running slow?

  Most slow computers don't have viruses. They have years of accumulated junk, software conflicts, a hard drive that's aging out, or just too many things trying to start up at once. Real virus or malware symptoms are usually more specific: pop-ups appearing when no browser is open, your homepage changing on its own, programs you don't remember installing, the cursor moving by itself, or files getting encrypted with strange extensions and a ransom note.

  When you bring your machine in, we run a real diagnostic to figure out which it is. Roughly half the time, what people think is a virus turns out to be something a tuneup fixes. We'll tell you the truth either way. We're not going to charge you for virus removal if you don't need it.

• Do I need an appointment, or can I just drop in?

  Yes, please call ahead. We work by appointment only so we can give every machine real attention rather than rushing through a queue. Call 716-771-2536, tell us briefly what's going on, and we'll set up a drop-off time that works for you. Most appointments can be scheduled within a day or two; rush situations get worked in when we can.

  The drop-off appointment itself is short, usually 10 to 15 minutes. We talk through what's been happening, take down your contact info and the machine, and give you a realistic timeline for diagnostics and quote.

• Can you guarantee you'll get every trace of malware off my computer?

  For the vast majority of infections. Yes. We run multiple scanners with different detection engines, because no single tool catches everything. We also check the places malware likes to hide that automatic scanners often miss: scheduled tasks, browser extensions, startup entries, hosts file modifications, and rogue services.

  For deeply rooted infections. Particularly rootkits, persistent ransomware, or malware that's already modified system files, the most reliable fix is a clean reinstall after backing up your personal files. That's a longer process, but it's the only way to be sure. We'll always tell you straight up which path your machine actually needs.

• Will my files be safe during virus removal?

  In a routine virus removal, your documents, photos, email, and personal files stay right where they are. We're going after the malicious software, not your data.

  If we determine that a clean reinstall is the safer call, we back up your files first, do the rebuild, and then put your files back on the clean system. Your data comes home with you either way. The one situation that gets tricky is ransomware that's already encrypted your files. At that point we're talking about data recovery, not just virus removal, and we'll be honest about what's recoverable and what isn't.

• How long does virus removal usually take?

  Most virus removals are 24 to 48 hours from drop-off. The actual scanning and cleanup is fast. What takes time is letting deep scans run thoroughly, then verifying the machine is genuinely clean before you take it home. Rushing this is how problems come back a week later.

  If a clean reinstall is needed, it's usually 48 to 72 hours because we're also reinstalling your software, restoring files, and configuring the system. We'll give you a realistic timeline when you drop off.

• My computer keeps showing pop-ups saying "your computer is infected, call this number". Is that real?

  No. That's a scam, and it's one of the most common things we see come through the shop. Real virus warnings don't tell you to call a phone number. Microsoft does not call you. Apple does not call you. Your bank does not call you about a virus. If you called that number and gave them remote access to your computer, please bring it in. We should check what they did while they were in there. If you only saw the pop-up but didn't call, you probably just need the browser hijacker removed, which is a quick fix.

• Will antivirus software prevent this from happening again?

  Antivirus helps, but it's not a force field. The truth is most modern infections come from the user clicking something, not from a virus magically jumping onto the machine. Fake software updates, sketchy email attachments, pirated programs, and malicious browser extensions are how the majority of infections start.

  We'll set up sensible protection on your machine. Windows Defender on PC is genuinely good now, and built-in macOS protections handle most things on Mac. We'll also walk you through the handful of habits that prevent 90% of reinfections. Paid antivirus suites are usually unnecessary for home users; we'll tell you if your situation is one of the exceptions.

• I think I gave a scammer my password or credit card info. What now?

  First, change your important passwords from a different device. Banking, email, and any account that uses the same password as the one you gave them. Call your bank and your credit card company; they have fraud departments that handle this constantly. Then bring the computer in. If they had remote access, we need to look at what they installed and pull it off completely. Don't keep using the machine for anything sensitive until we've checked it.

• Do you handle ransomware?

  Yes, but with honest expectations. If your files are encrypted by serious ransomware, the encryption itself is usually unbreakable, that's the whole point of the attack. What we can do is remove the ransomware so your computer is safe to use again, restore your files from backup if you have one, and recover any unencrypted shadow copies the ransomware missed. We do not pay ransoms on your behalf and we strongly advise against paying, half the time the criminals don't actually decrypt your files anyway. The hard truth is that prevention (real backups) matters way more than recovery here.

• My Mac says I have a virus. Macs don't get viruses, right?

  That's an outdated belief. Macs absolutely get malware, adware, browser hijackers, fake "Mac cleaner" apps, and increasingly real malware targeting macOS. The "Macs don't get viruses" line was sort of true twenty years ago because Mac market share was tiny and not worth attacking. Apple has more than 100 million users now, so Macs are a real target. The good news is the macOS security model still makes infections harder than on Windows, and most Mac infections we see are adware or fake utilities the user installed themselves rather than drive-by attacks. We handle Mac malware just like PC malware, drop it off, we'll clean it.

• How much does virus removal cost?

  We don't post a flat rate because it depends on what we actually find. A straightforward adware cleanup is one price; a deep infection that requires a full reinstall and data backup is another. Diagnosing your specific situation is free. We'll look at the machine, tell you exactly what's going on, and quote you before any work happens. You decide whether to proceed. No surprise charges, no upsell. Call 716-771-2536 or request a quote and we'll give you a real answer.