Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

How can I tell if my computer is infected?

Question:

How can I tell if my computer is infected? I picked up a bunch of malware
from face book. I have run several programs and erased about 15 trojans. AVG
says I’m protected. Is there a program I can run to make sure I’m clean?
Computer appears to be running fine.

No one’s going to like this answer. Not at all.

I’ll start by putting it a slightly different way: while there are many ways
that you’ll notice some … many … perhaps even most infections, there is no
way to prove that your machine does not have malware.

You cannot prove that your machine is clean.

Sounds scary, and I guess it is. So I’ll also discuss why I’m still using my
computers every day while still sleeping soundly at night.

]]>

You cannot prove that a computer is not infected.

Or as the semanticists or philosophers or perhaps plain old pedants would say: you can’t prove a negative.

“There is no tool, no scanner or collection of scanners that will prove you do not have an infection.”

But I’m no philosopher, so I’ll put it in more concrete terms.

There is no tool, no scanner or collection of scanners that will prove you do not have an infection. No tool catches everything. Even if you run them all, they’re all as up to date as possible, and they all come up clean … there might still be something.

There’s simply no way to know.

Now, before we all throw all our computers out the window in a fit of collective paranoia, we also need take a more practical, pragmatic perspective on the situation.

After running all those scans and having them come up clean, it’s pretty darned likely that your machine is in fact clean.

We just can’t prove it.

So, how do you tell that your computer is infected? You might be infected if …

  • if your good, up-to-date anti-malware software tells you you are, you might be infected.

  • if your computer’s performance is suddenly affected, you might be infected.

  • if your internet speed is suddenly affected, you might be infected.

  • if you’re suddenly getting popups telling you that you need to download and run some scanner you’ve never heard of, you might be infected.

  • if your machine suddenly won’t boot, or keeps rebooting before you can log in, you might be infected.

You get the idea.

Note the annoyingly repeated use of the word “might” in all those symptoms. That’s because if any of those symptoms appear it doesn’t mean that you are infected, it just means that you might be infected. Malware detection and removal should be part of your diagnostic efforts.

Here’s the kicker, though:

  • if your machine is running cleanly, quickly and without any apparent issues … you might be infected.

You’re probably OK, but … you might be infected.

So what do you do? If even an apparently clean computer might still be harboring malware, what do you do?

You stack the deck in your favor. You increase the odds that it’s not infected. You’ll never be able to prove it’s not infected, but by following some basic, common, and often repeated steps, you can dramatically increase the likelihood that it’s actually a clean machine:

  • keep your software up to date to make sure that any discovered vulnerabilities are corrected on your machine

  • install and run up-to-date anti-virus and anti-malware software, and make sure that they are updating their databases of information daily

  • get thee behind a firewall – software or hardware using a router

  • be careful who you share with and connect to – particularly in your home and on your home network – one compromised computer or uneducated user on your local network can wreak havoc on all your machines

  • don’t be stupid.

I don’t think I’ve ever put that last one so bluntly before, and I don’t mean it to offend, but I want to get your attention.

Recent reports of the number of people who regularly click on spam, download unsolicited attachments and just generally disregard even basic security has me asking what the heck are they thinking?

If you don’t know what I mean by “being stupid”, that’s ok! Take it as an opportunity to educate yourself on the basics of safe behaviour on the internet.

The people that really concern me are those that do know, and yet act stupid anyway.

All the tools and safety measures in the world can’t protect you from yourself.

That we can prove.

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

7 comments on “How can I tell if my computer is infected?”

  1. Very neat and well written article .. and that is the thing that keeps me coming back to your website even though i know most of these stuff , i simply enjoy the way you write about things ..

    Have a good day !

    Reply
  2. Not only that but, as a precautionary method, you could have a second – non real-time – antivirus permanently installed. The free version of BitDefender is just that.

    Reply
  3. Ah ha … Linux is just wonderful !

    Yep. Only time I’ve ever been infected was my compromised Linux server. You can’t prove it’s not infected now either.

    Leo
    07-Apr-2010

    Reply
  4. How do you prove who’s absolutely healthy and uninfected? You don’t. Because no matter how healthy someone is, he’s STILL going to die someday. When people talk about a Slow Death as something negative, I’ll take the slowest death possible, say, 125 years?

    If my computer is running fine, no slowdowns, no popups, no leakage of personal information, no program crashes, and no indications from my security sofware, I really don’t care if it’s infected. In fact, I’m more concerned with Microsoft, itself, being an infection with its near-daily nuisances of “updating” my operating system. Or worse, its intrusive WGA.

    Reply
  5. Hi Leo, thank’s for all your great information. As for this subject I have protection from my OS server that provides the latest Norton product and I receive anti virus updates at all times I also run the following….Windows Defender, Anti -Malaware and Ad-aware. I think I may be “overboard” on all this as I also have a firewall and router !! What is your opinion?
    Thanks again and have a great day.

    Reply
  6. Hi Leo, Great article.I like the way you put things bluntly ;)
    I tend to agree with the comment that Mike made:
    “In fact, I’m more concerned with Microsoft, itself, being an infection with its near-daily nuisances of “updating” my operating system. Or worse, its intrusive WGA.”
    On numerous occasions Windows Updates screwed up my system.If it wasn’t changing my video drivers ,it would be interfering with my programs,but never anything positive.So I just very selectively apply the updates.
    As for internet I use a variety of browsers ,including IE6 – yes IE6 ;) -it’s the lightest browser and is faster (for me) than IE7 ,IE8 ,Chrome, Opera or Firefox and I use them all as needed.One little secret – to be safe -I use Sandboxie – http://www.sandboxie.com/
    If the browser is run in the “sandbox” – everything is trapped in there.Good and bad – I save the good and the bad gets deleted – never “sees” my system.So I’m not particularly worried about picking up malware from websites.
    Anyway that’s my approach.I do still run an AV program,but it never picks up anything if all apps are first tested in the sandbox.

    Reply
  7. There’s only one sure fire way to be absolutely sure that your system is clean and never infected

    from the first day that the system is setup
    it has to be a closed system, not connected to anything but power sockets, which = no internet,
    you can still have a closed LAN but as long as it’s a closed system where there’s never an introduction of foreign media ie. Flash chips, floppies(yes they’re still around), external HDD’s etc. and never connected to the web not even once.

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.