First, disconnect from the internet. Pull the ethernet cable or turn off Wi-Fi. This stops any active malware from phoning home, downloading more payloads, or exfiltrating data. It also prevents reinfection during cleanup. This step is non-negotiable and it's the one most people skip.
Reboot into Safe Mode with Networking. On Windows 11: Settings → System → Recovery → Advanced startup → Restart now → Troubleshoot → Advanced options → Startup Settings → Restart → press 5. Most modern malware doesn't load its persistence mechanisms in Safe Mode, which makes it much easier to remove.
Run Windows Defender Offline Scan. Open Windows Security → Virus & threat protection → Scan options → Microsoft Defender Offline scan. This reboots into a minimal environment before Windows loads, so rootkits and active processes can't hide from it. It takes about 15 minutes and is genuinely one of the most effective free scanners available.
Now run Malwarebytes Free. Download it from malwarebytes.com directly — not from a third-party site, those are often poisoned. Run a full threat scan. Malwarebytes is particularly good at catching PUPs (potentially unwanted programs), adware, and the junk that bundled installers leave behind. Quarantine everything it finds and reboot.
For browser hijackers specifically, reset your browser. In Chrome: Settings → Reset settings → Restore settings to their original defaults. Edge and Firefox have similar options. This clears out malicious extensions, modified search providers, and injected startup tabs. Then go into extensions and uninstall anything you don't recognize.
Change your passwords from a different, known-clean device. Start with email, banking, and anywhere you have payment info saved. If you reused passwords anywhere, assume those accounts are also compromised. A password manager — Bitwarden is free — prevents this problem from ever happening again.
If the machine is still behaving oddly after all of that, it's time to nuke and pave. Back up your documents to an external drive (not your files — the drive itself may be compromised; use a fresh OS to scan those files before opening them), then do a full Windows reset with the 'Remove everything' option. It's a hassle, but it's the only way to be truly sure.