Removing spyware from a device takes four actions: stop the active infection, uninstall suspicious apps, update the operating system, and secure your accounts afterward.
One infected download can hand a stranger access to your passwords, photos, and saved logins. Knowing how to eliminate spyware means cutting that access off completely, and the steps follow the same pattern whether you use Android, Windows, or Mac: isolate the device, remove what’s running, update everything, then lock down your accounts.
Signs Your Device Has Spyware
Spyware doesn’t always announce itself, but a few common clues point to an infection. The battery draining faster than normal, data usage spiking unexpectedly, pop-up ads appearing outside of any browser, and the device feeling sluggish or hot are all worth treating seriously.
If you notice any of these, treat the device as compromised and move through the removal steps below. Acting fast limits how much data the spyware can collect.
Eliminating Spyware on Android: Steps Google Recommends
Google’s official guidance for Android spyware is straightforward: turn on Play Protect, update the system, remove untrusted apps, and reset if signs remain. These steps apply to any Android phone or tablet with Google Play access.
Start by opening Google Play Store and tapping your profile icon. Go to Play Protect > Settings and turn on Scan apps with Play Protect. If you’ve sideloaded apps from outside the Play Store, also enable Improve harmful app detection. The toggle turns green when it’s active.
Next, check for system updates. Open Settings > System > Software updates. For security patches specifically, go to Settings > Security & privacy > System & updates > Security update or Google Play system update. Some patches install automatically after a restart.
Then review your installed apps. Open Settings > Apps & notifications > See all apps and uninstall anything you don’t recognize, don’t trust, or didn’t get from Google Play.
If an app refuses to uninstall, it likely has device administrator privileges. Before uninstalling, go to Settings > Security > Device admin apps and revoke admin access for that app. Then return to the apps list and uninstall it.
Booting into Safe mode can help identify stubborn spyware. Safe mode loads only the system’s built-in apps, so any third-party app still running can be spotted and removed. The exact method varies by device, but typically involves holding the power button and long-pressing Power off until the Safe mode prompt appears.
If spyware signs persist after all these steps, Google says you may need to reset your Android device to factory settings or contact the manufacturer for further help.
| Platform | Primary Removal Method | Backup If That Fails |
|---|---|---|
| Android (Play Store apps) | Turn on Play Protect, run scan | Uninstall suspicious apps manually |
| Android (sideloaded apps) | Safe mode → revoke admin → uninstall | Factory reset |
| Android (persistent infection) | Factory reset from recovery | Contact manufacturer |
| Windows (mild infection) | Windows Security full scan | Malwarebytes or similar tool |
| Windows (persistent infection) | Clean reinstall from USB media | Replace the drive entirely |
| macOS | Update OS, check Login Items | Clean reinstall from Recovery mode |
| All platforms | Change passwords + enable 2FA | Monitor accounts for unusual activity |
How to Remove Spyware on Windows or Mac
For desktop operating systems, the most reliable way to eliminate persistent spyware is a clean reinstall from trusted media. Microsoft’s own guidance for a suspected persistent compromise describes this exact approach.
On Windows, start by backing up only the essential personal files you can’t lose — documents, photos, and anything irreplaceable. Do not back up programs or system files, since malware can hide inside them. Use a separate trusted computer to prepare a Windows installation USB drive from Microsoft’s official tool.
Once the media is ready, disconnect the infected computer from power, internet, and all peripherals. Physically remove the old drive if possible. Do the clean install from the USB drive, staying offline throughout. After reaching the desktop, install chipset and network drivers from the motherboard manufacturer’s site before reconnecting to the internet. Microsoft explicitly warns not to reuse the old drive.
On macOS, start by updating to the latest macOS version through System Settings > Software Update. Check Login Items under General in System Settings and remove anything unfamiliar. Run the built-in malware removal tool by opening Privacy & Security and checking for any security warnings. For persistent cases, a clean reinstall of macOS from Recovery mode is the safest option.
The FTC’s malware removal guide reinforces the same sequence: stop logging into sensitive accounts, update security software, run a scan, then change passwords and enable two-factor authentication.
What Comes After the Cleanup?
Removing the spyware is only half the job. Until you secure the accounts the spyware may have compromised, the attacker still has a foothold.
Start by changing the passwords on every account you accessed from the infected device — especially email, banking, and social media. Use a password manager to generate and store strong, unique passwords. Then enable two-factor authentication (2FA) wherever it’s available, starting with your email provider, since email is the recovery key for most other accounts.
Check the recent activity on each account for logins you don’t recognize. Most major services — Google, Microsoft, Facebook, and banks — have an activity log that shows recent sign-ins, devices, and locations. Revoke access for anything unfamiliar.
Finally, update the software on every device you own. Spyware often spreads through unpatched vulnerabilities, and the same OS and app updates that close those holes also prevent the next infection.
If you downloaded the spyware by clicking a suspicious link or opening an unexpected attachment, the FTC also recommends monitoring your credit reports for signs of identity theft. You can get one free credit report per week from each of the three bureaus at AnnualCreditReport.com.
Post-Removal Security Checklist
| Action | What It Does | Why It Matters |
|---|---|---|
| Update all devices to latest OS | Installs security patches | Closes the holes spyware used to get in |
| Uninstall unused or untrusted apps | Removes potential backdoors | Reduces attack surface significantly |
| Change passwords (email first) | Locks out unauthorized users | Email is the recovery key for other accounts |
| Enable two-factor authentication | Adds a second verification layer | Blocks access even if passwords leak |
| Review account activity logs | Identifies ongoing unauthorized access | Catches problems the scan may have missed |
| Monitor credit reports | Detects identity theft early | Free weekly reports at AnnualCreditReport.com |
References & Sources
- FTC. “Malware: How to Protect Against, Detect, and Remove It.” Covers the full malware removal sequence for all platforms.