You can't be certain your system is malware-free unless you reformat and reinstall -- and you'll get a superclean PC in the process In my last column, I talked about making online shopping safer, starting with ensuring your computer isn’t already infected with some devious malware. But I didn’t tell readers how to confirm that their computer wasn’t maliciously compromised from the start.Let me give it a shot. First, the reality is that without extreme measures (such as comparing every file on your computer to the vendor’s known, legitimate checksum), you can’t have absolute assurance that your computer is malware-free. If you want that, format your computer’s hard drive and reinstall everything from vendor-distributed media and content — then disable the network card and never connect to the Internet.[ Find out how to block the viruses, worms, and other malware that threaten your business, with hands-on advice from expert contributors in InfoWorld’s “Malware Deep Dive” PDF guide. | Keep up with key security issues with InfoWorld’s Security Central newsletter. ]Unreasonable advice aside, here’s how to determine with some degree of assurance that your computer is malware-free, even after you’ve surfed the Internet. This column contains the steps I take when I try to verify my own computers (or those of my friends or neighbors) aren’t infected. Prime suspect: Suspicious autostarting programs The first thing I do is to look for suspicious autostarting programs. Several programs are available to aid in your search, including Silent Runners and HijackThis. I prefer Autoruns, which has an excellent and easy-to-use GUI, allows you to make (and undo) modifications very quickly, and offers a range of choices to verify found executables.Usually I look for any entries without a verified publisher. Malware sometimes has a verified publisher, but it often doesn’t. Next, I search out executables with extremely random names (for example, xy3Wfi9sh~.exe) located in Windows/System32. Next, I single out executables I don’t recognize or executables related to publishers I don’t recognize. Then I research every last unknown executable and publisher. If I can’t confirm there’s a need for an executable, I prevent it from autostarting and reboot. Look for unneeded browser add-ons Using the autostart searching tools mentioned in the previous section or the browser’s own management menus, I review installed browser add-ons and remove any I don’t recognize or don’t need.Target unexplained network connections From there, I close all software that might possibly connect to the Internet, starting with the browser, social network tools, or other memory resident-tools that may connect to the Internet.Then I start a program that will show me all the active network connections to the Internet and what programs, services, and processes are involved. With Microsoft Windows, you can use the built-in command-line program netstat.exe -ano if you don’t have anything else. I prefer Microsoft’s TCPView, but any tool that does the same thing can be used. Look for and research any process connecting to the Internet you don’t recognize. This part of the search can take a long time and require more investigation. Usually, you’ll find lots of legitimate programs connecting to the Internet; I seldom disconnect any legitimate program. Who knows what you’ll break? I keep an eye out for strange programs I don’t recognize connecting to suspicious-looking websites. You can often use the autostart programs to remove offending software.If you find something suspicious with any of these steps, disable it from automatically running. As a last-ditch effort, I’ll boot into Safe Boot mode (F5 or F8) or from another OS copy, then rename the suspicious file so that its autoloading program can’t find it. If the file is needed and legitimate, you can rename it and your system will function normally again.Run antimalware Last, but not least, try rerunning your antimalware program. Sometimes malware in memory prevents antimalware software from successfully identifying it; when you prevent malware from loading into memory, the antimalware software may do a better job. I’ve been cleaning PCs like this for over two decades. Normally, I’ll find one or two malware programs and manually remove them from the PC. Then I’ll rerun the antimalware scanner in quick-scan mode, followed by a complete scan. Usually, the antimalware program finds one or two (or 200) hidden malware programs I didn’t pin down. Either way, you should have a significantly cleaner PC.None of the preceding advice is perfect. Malware is often designed to hide from prying eyes. If you think your computer is still infected after all of the above measures, start fresh: Format and reinstall. Nothing gives peace of mind like knowing for sure that you’re system isn’t infected. Plus, your computer will run faster and have more disk space — three benefits for the price of one suspicion.To see how to keep your new install clean, read “The 5 cyber attacks you’re most likely to face.” Follow the countermeasures there and you’ll vastly reduce the chance you’ll need to scour your system again anytime soon.This story, “How the pros sniff out a malware infection,” was originally published at InfoWorld.com. Keep up on the latest developments in network security and read more of Roger Grimes’ Security Adviser blog at InfoWorld.com. For the latest business technology news, follow InfoWorld.com on Twitter. Related content analysis The 5 types of cyber attack you're most likely to face Don't be distracted by the exploit of the week. Invest your time and money defending against the threats you're apt to confront By Roger Grimes Aug 21, 2017 7 mins Phishing Malware Social Engineering analysis 'Jump boxes' and SAWs improve security, if you set them up right Organizations consistently and reliably using one or both of these approaches have far less risk than those that do not. By Roger Grimes Jul 26, 2017 13 mins Authentication Access Control Data and Information Security analysis Attention, 'red team' hackers: Stay on target You hire elite hackers to break your defenses and expose vulnerabilities -- not to be distracted by the pursuit of obscure flaws By Roger Grimes Dec 08, 2015 4 mins Hacking Data and Information Security Network Security analysis 4 do's and don'ts for safer holiday computing It's the season for scams, hacks, and malware attacks. But contrary to what you've heard, you can avoid being a victim pretty easily By Roger Grimes Dec 01, 2015 4 mins Phishing Malware Patch Management Software Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe