How to know if your device has a virus (and what to do about it)

Some viruses and malware, such as adware, make their presence known rather obviously (and very annoyingly), while others are much more subtle and go out of their way to avoid detection. It’s not always easy to determine if your device is infected.

You may well have an antivirus installed – as you should – but an antivirus won’t necessarily detect every threat out there, particularly emerging threats.

In this post, we go over the most common and useful ways to know your device is infected with a virus or malware (and how to get rid of it).

Quick virus and malware primer

When it comes down to it, viruses and malware are designed to hinder your system for the attacker’s benefit. That usually means exploiting your system for things like botnets or stealing your personal information for financial gain and identity theft.

Once the virus or malware makes it onto your device, it will harness your device’s resources to do its magic. And that’s where you can glean signs of an infection. A device infected with malware or a virus often behaves differently because of what’s happening behind the scenes.

Below is a list of the most common signs your device may be infected. If you regularly experience multiple elements in this list, the odds are your device is compromised.

Signs your device may be infected with a virus

Your antivirus states you’re infected

I thought I’d get this one out of the way early. The easiest way to know your device is infected with a virus is if your antivirus scans your computer and detects one. You should, of course, be running a reputable antivirus program and have it configured to run full scans at regular intervals.

But not everyone runs an antivirus. And for those who do, it may not always detect everything. Emerging threats and potentially unwanted programs (PUPs) you’ve unknowingly installed might go unnoticed by your antivirus. So, even with a proper antivirus installed, you should still be on the lookout for the following hints.

Your device feels sluggish and runs slow

If you feel your device is consistently running slower than usual, that may be a sign of a virus infection. As I mentioned above, viruses use your device’s resources to do their damage – some use a significant amount of your device’s CPU.

Your computer will run slower during intensive tasks, like video rendering or (somewhat ironically) a full virus scan – this is normal. What we’re talking about here is an unusual yet consistent slowdown. If you experience repeated slowdowns, freeze-ups, or worse, crashes over multiple days, it may be time to check if your system has been infected.

Increased battery drain

This one is causally related to the former point. The increased load the infection imposes on your system will inevitably impact your device’s battery life (laptops and mobile). But the battery drain can occur even if your system remains snappy.

The virus may not cause a noticeable degradation in usability. However, it’s still doing its thing, which can be reflected in your battery depleting much faster than usual, so keep an eye out for that, too.

Your device feels unusually hot to the touch

Again, related to the above, if your device is constantly running hot, it may be a symptom of the above (virus eating up system resources that drain your battery). In such an event, your device will likely run hotter than usual.

On its own, I wouldn’t jump the gun on this one. But if you also notice your device is sluggish and has poor battery life, you might want to investigate further.

Your device’s security software has been disabled without your intervention

Viruses can be pretty sneaky. Many are designed to hunt down and disable your device’s security tools once they infiltrate your system. If you experience any of the above and notice your device’s security software has somehow been disabled (i.e., not by you), there’s mounting evidence your system is infected.

Your browser’s homepage has changed

This one’s a bit classic and is typically tied to adware, but it’s a tell-tale sign that your system has been compromised. If you launch your browser and notice that your homepage has been changed – usually to a dodgy site of one type or another – your browser may have been hijacked, and you should take the steps we’ll highlight below.

You notice unrecognized software installed (and/or running) on your device

Viruses alter your system to do what they were designed to do. Sometimes, this occurs without manifesting anything to the user. Other times, it will install toolbars to your browser, change the homepage, as above, or install (and run) unknown software that you’d rather not have on your system.

If you notice any apps installed on your device that you know you didn’t install, or worse, you see unknown apps launch when you start your computer, that’s another strong sign of a virus infection.

You notice unrecognized files or folders on your device

As mentioned above, viruses may copy or download additional files and folders onto your system. And they’re nothing you’d want. Not much to add here beyond the fact that if you see random files and folders that shouldn’t be there, it could be a sign that your system is infected.

Frequent barrage of pop-ups

Another one from the annals of virus history is incessant pop-up ads. It’s a classic that may be less frequent nowadays, as most browsers block pop-ups out of the box. But rest assured, these kinds of attacks never went away.

A common variation of this one that goes beyond relentlessly displaying obnoxious ads is to display an ad for an antivirus that will fix your pop-up problem. However, clicking on the ad will bring you to a site controlled by the attacker, which is all too eager for you to enter your details to purchase a non-existent antivirus.

If you’re experiencing frequent pop-up ads, the odds are high that your system is infected.

Your contacts receive spam messages coming from your accounts

Many viruses attempt to steal your personal information and gain access to your accounts. If this is successful, the attacker may access your email, messaging, or social media accounts and spam your contacts with fraudulent offers or out-of-character emails asking for money.

You’re likely to find out quickly if this is happening. And, at this point, even if your device isn’t infected with a virus, your accounts are nonetheless compromised, and you should take immediate action (we’ll provide guidance below).

You’re locked out of your accounts

If the above happens, there’s a good chance this one will happen too. If an attacker gains access to your accounts via a virus infection or other means, they’re likely to change your passwords and lock you out.

But even if all you experience is being locked out of your accounts, that should be a big, bright red flag for a potential virus infection.

You notice unauthorized charges on your credit card statement

Viruses want a piece of your personal information. And the holy grail of PII is financial information. Of course, as above, your financial accounts can be compromised in other ways beyond viruses.

So, again, if this is the only anomaly you notice, I wouldn’t necessarily assume you have an infected device. But if you run into this with any of the other points in this list, the chances of a virus infection are high.

What should you do if you experience any of the above?

If, for whatever reason, you suspect your device is infected with a virus, do the following in short order:

Purchase and install a high-quality antivirus program

If you don’t already have an antivirus installed on your system, now’s the time to get one. A good antivirus program can detect and remove most viruses you’re likely to encounter. It might also be advisable to sign up for an antivirus provider that supports portable USB versions of their antivirus software. That way, the next time (hopefully never…) you’re in a similar situation, you can disconnect the infected device and run a full scan from the USB drive.

Disconnect your device from the internet and reboot in safe mode

Disconnecting from the internet will cut off your attacker’s (presumed) remote connection to your system. Booting up in safe mode will also help because only core functionality is enabled when your computer is in safe mode. There’s a good chance it will stop the threat from running, giving you time to figure things out. (instructions later in this article)

To boot into safe mode in Windows:

1. Restart your computer while holding down the Shift key. The Shift key is the most commonly used, but your PC manufacturer may have configured a different key. Check your user guide to be sure.
2. Once restarted, your computer displays an option menu. Select Troubleshoot.
3. Another set of options is displayed. Select Advanced options.
4. Yet another set of options is displayed. Select Startup Settings. The Startup Settings menu is displayed.
5. Click Restart. Your computer will restart.
6. Once restarted, the Startup Settings menu displays a new set of options. Press F5 to select Enable Safe Mode with Networking.
7. Your computer will reboot into Safe Mode.

To boot into safe mode in macOS:

Intel macs

1. Restart your Mac while holding the Shift key until you see a login window.
2. Log in. You should see Safe Boot in the menu bar.
3. You have successfully booted into safe mode.

Apple silicon macs

1. 1. Shut down your MacMac completely.
   2. Press and hold your Mac’s power button until you see Loading startup options displayed on the screen.
   3. You’re prompted to select a volume. Select the volume with macOS on it (typically Macintosh HD).
   4. Press and hold the Shift key, and click Continue in Safe Mode.
   5. Your computer will restart and after logging in, you should see Safe Boot in the menu bar.
   6. You have successfully booted into safe mode.

Remove unknown apps

Go through your system’s installed applications. If you see any apps that you don’t recognize or know you didn’t install, remove them, but be careful not to stop any critical operating system processes. This can be done from the Control Panel in Windows and by moving applications listed in the Applications folder to the Trash on macOS.

Reset your browser and remove unknown browser extensions

Some viruses can change your browser settings. Resetting your browser to its default settings can fix this. Every major web browser has a Reset button in the browser’s settings menu.

Open your browser’s add-ons/extensions menu and remove any browser extensions you don’t recognize.

Clear your system and browser cache and run a full scan of your device

Deleting your browser’s cache (temp files, site settings, history, and cookies) can help clean up residual adware traces.

You want to run a deep scan of your system. A good antivirus should be able to detect and remove most viruses you’re likely to get. Be patient, as deep or full scans can take several hours. But once it’s done, your system should be virus-free.

If the above fails, you can perform a system restore if you know you have a backup of your system that predates your infection. A complete system reset may be your last remaining option if you don’t.

How to avoid virus infections in the first place

Keeping viruses at bay isn’t rocket science; it’s just about having good “online hygiene” and using common sense.

• Be mindful of consistent slowdowns, sluggishness, and overheating of your device.
• Don’t open attachments in emails unless you know who the sender is and you’ve confirmed with that person that they really did send you that email. You should also ensure they know the email contains an attachment and know what the attachment is.
• Don’t click links (URLs) in emails unless you can confirm who sent you the link and its destination. Contacting the sender through another channel (not email) might also be good to ensure the sender is not impersonated. Also, check the link for incorrect spelling (faceboook instead of facebook or goggle instead of google)? If you can reach the destination without using the link, do that instead to avoid phishing scams.
• Use a firewall. All major operating systems have built-in incoming firewalls, and all commercial routers on the market provide a built-in NAT firewall. Enable both. You’ll thank me if you click a malicious link.
• Use an antivirus program. Only purchase genuine and well-reviewed antivirus software from legitimate vendors. Keep your antivirus updated and set it up to run frequent scans and real-time monitoring.
• Keep your operating system and apps updated. You want the latest OS and app updates. They contain the latest security patches that will fix any known vulnerabilities. Make sure you install them as soon as they’re available. You may be protected from yesterday’s malware, but today is a new day. Keep your entire system up-to-date.
• Never click on pop-ups. Ever. Pop-ups are bad news—you never know where they will lead you.
• Don’t give in to “warning fatigue” if your browser displays yet another warning about a website. Web browsers are becoming more secure every day, which tends to raise the number of security prompts they display. Still, you should take those warnings seriously. So, if your browser displays a security prompt about a URL you’re attempting to visit, pay attention to your browser’s warning and get your information elsewhere. That’s especially true if you click a link you received by email or SMS – it could send you to a malicious site. Do not disregard your computer’s warning prompts.

Wrapping up

Viruses can be a nasty business. The tips in this article should help you avoid them. But even if you get caught out by a virus, you’ll know what to do now (and it won’t require a full system reset).

Stay vigilant (and safe).