Practical cleanup sequence
Document
Record filename, path, hash, detection name, scanner result, and when the alert appeared.
Disconnect risky activity
Stop downloads, close unknown installers, and avoid entering passwords until the system is checked.
Scan broadly
Include startup entries, scheduled tasks, browser extensions, temporary folders, and recently installed apps.
Quarantine
Prefer quarantine over manual deletion so you can recover from false positives and preserve evidence.
Reset affected apps
For adware or hijackers, reset browser settings and remove suspicious extensions or proxy settings.
Verify after reboot
Restart, rescan, and check whether the same file, path, or startup entry returns.
When to escalate
Escalate the incident when ransomware notes appear, credentials may be stolen, the threat disables security tools, the machine belongs to a business network, or the same object reappears after quarantine.