Helping people with computers... one answer at a time.

Sometimes it seems obvious, sometimes not, but ultimately there's no way to prove that a computer is not infected. Best we can do is increase the odds.

How can I tell if my computer is infected? I picked up a bunch of malware from face book. I have run several programs and erased about 15 trojans. AVG says I'm protected. Is there a program I can run to make sure I'm clean? Computer appears to be running fine.

No one's going to like this answer. Not at all.

I'll start by putting it a slightly different way: while there are many ways that you'll notice some ... many ... perhaps even most infections, there is no way to prove that your machine does not have malware.

You cannot prove that your machine is clean.

Sounds scary, and I guess it is. So I'll also discuss why I'm still using my computers every day while still sleeping soundly at night.

You cannot prove that a computer is not infected.

Or as the semanticists or philosophers or perhaps plain old pedants would say: you can't prove a negative.

"There is no tool, no scanner or collection of scanners that will prove you do not have an infection."

But I'm no philosopher, so I'll put it in more concrete terms.

There is no tool, no scanner or collection of scanners that will prove you do not have an infection. No tool catches everything. Even if you run them all, they're all as up to date as possible, and they all come up clean ... there might still be something.

There's simply no way to know.

Now, before we all throw all our computers out the window in a fit of collective paranoia, we also need take a more practical, pragmatic perspective on the situation.

After running all those scans and having them come up clean, it's pretty darned likely that your machine is in fact clean.

We just can't prove it.

So, how do you tell that your computer is infected? You might be infected if ...

  • if your good, up-to-date anti-malware software tells you you are, you might be infected.

  • if your computer's performance is suddenly affected, you might be infected.

  • if your internet speed is suddenly affected, you might be infected.

  • if you're suddenly getting popups telling you that you need to download and run some scanner you've never heard of, you might be infected.

  • if your machine suddenly won't boot, or keeps rebooting before you can log in, you might be infected.

You get the idea.

Note the annoyingly repeated use of the word "might" in all those symptoms. That's because if any of those symptoms appear it doesn't mean that you are infected, it just means that you might be infected. Malware detection and removal should be part of your diagnostic efforts.

Here's the kicker, though:

  • if your machine is running cleanly, quickly and without any apparent issues ... you might be infected.

You're probably OK, but ... you might be infected.

So what do you do? If even an apparently clean computer might still be harboring malware, what do you do?

You stack the deck in your favor. You increase the odds that it's not infected. You'll never be able to prove it's not infected, but by following some basic, common, and often repeated steps, you can dramatically increase the likelihood that it's actually a clean machine:

  • keep your software up to date to make sure that any discovered vulnerabilities are corrected on your machine

  • install and run up-to-date anti-virus and anti-malware software, and make sure that they are updating their databases of information daily

  • get thee behind a firewall - software or hardware using a router

  • be careful who you share with and connect to - particularly in your home and on your home network - one compromised computer or uneducated user on your local network can wreak havoc on all your machines

  • don't be stupid.

I don't think I've ever put that last one so bluntly before, and I don't mean it to offend, but I want to get your attention.

Recent reports of the number of people who regularly click on spam, download unsolicited attachments and just generally disregard even basic security has me asking what the heck are they thinking?

If you don't know what I mean by "being stupid", that's ok! Take it as an opportunity to educate yourself on the basics of safe behaviour on the internet.

The people that really concern me are those that do know, and yet act stupid anyway.

All the tools and safety measures in the world can't protect you from yourself.

That we can prove.

Article C4254 - April 2, 2010 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

8 Comments
Mr On Line
April 1, 2010 12:00 PM

Very neat and well written article .. and that is the thing that keeps me coming back to your website even though i know most of these stuff , i simply enjoy the way you write about things ..

Have a good day !

Yeppers
April 1, 2010 6:17 PM

So, Leo, do you also recommend that we check our PC’s with an online scanner (such as Trend Micro’s Housecall)? Is it worth the risk to get another opinion on the health of our PC with an online anti-malware scanner? By “risk” I mean that I’m a bit concerned with having a 3rd party (as reputable as they may be) scan my PC online for a couple of hours. Despite taking your stated precautions, it seems like that could be a good way to get infected. Or are my worries overblown? Thanks…

Well, by definition all scanners and anti-malware products are 3rd party applications, online or not. And yes, I'll sometimes use an additional scanner - either one of the free reputable downloads, or one of the reputable online scanners. Emphasis on reputable, of course, to make sure you're not doing exactly what you're concerned about.
Leo
02-Apr-2010

Azrael
April 6, 2010 8:48 AM

Not only that but, as a precautionary method, you could have a second - non real-time - antivirus permanently installed. The free version of BitDefender is just that.

Hugh E Torrance
April 6, 2010 10:34 AM

Ah ha ... Linux is just wonderful !

Yep. Only time I've ever been infected was my compromised Linux server. You can't prove it's not infected now either.
Leo
07-Apr-2010

Mike
April 6, 2010 2:31 PM

How do you prove who's absolutely healthy and uninfected? You don't. Because no matter how healthy someone is, he's STILL going to die someday. When people talk about a Slow Death as something negative, I'll take the slowest death possible, say, 125 years?

If my computer is running fine, no slowdowns, no popups, no leakage of personal information, no program crashes, and no indications from my security sofware, I really don't care if it's infected. In fact, I'm more concerned with Microsoft, itself, being an infection with its near-daily nuisances of "updating" my operating system. Or worse, its intrusive WGA.

keith
April 6, 2010 4:49 PM

Hi Leo, thank's for all your great information. As for this subject I have protection from my OS server that provides the latest Norton product and I receive anti virus updates at all times I also run the following....Windows Defender, Anti -Malaware and Ad-aware. I think I may be "overboard" on all this as I also have a firewall and router !! What is your opinion?
Thanks again and have a great day.

Peter
April 7, 2010 11:20 AM

Hi Leo, Great article.I like the way you put things bluntly ;)
I tend to agree with the comment that Mike made:
"In fact, I'm more concerned with Microsoft, itself, being an infection with its near-daily nuisances of "updating" my operating system. Or worse, its intrusive WGA."
On numerous occasions Windows Updates screwed up my system.If it wasn't changing my video drivers ,it would be interfering with my programs,but never anything positive.So I just very selectively apply the updates.
As for internet I use a variety of browsers ,including IE6 - yes IE6 ;) -it's the lightest browser and is faster (for me) than IE7 ,IE8 ,Chrome, Opera or Firefox and I use them all as needed.One little secret - to be safe -I use Sandboxie - http://www.sandboxie.com/
If the browser is run in the "sandbox" - everything is trapped in there.Good and bad - I save the good and the bad gets deleted - never "sees" my system.So I'm not particularly worried about picking up malware from websites.
Anyway that's my approach.I do still run an AV program,but it never picks up anything if all apps are first tested in the sandbox.

Richard
April 7, 2010 2:44 PM

There's only one sure fire way to be absolutely sure that your system is clean and never infected

from the first day that the system is setup
it has to be a closed system, not connected to anything but power sockets, which = no internet,
you can still have a closed LAN but as long as it's a closed system where there's never an introduction of foreign media ie. Flash chips, floppies(yes they're still around), external HDD's etc. and never connected to the web not even once.

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.