I recently spent many hours troubleshooting a laptop that could not connect to the internet. The laptop exhibited no other unnatural behavior, and so my first thoughts were to try connecting to other networks, try a new NIC, etc... The question I posted can be found here with more detail. One of the first things I did was to check for viruses with MalwareBytes, eSet, and Panda Cloud Antivirus... All 3 scans were run separately and independently of one another, and no virus was found. I then proceeded to spend hour after hour troubleshooting, and in the end I just took the computer to a repair shop where it was discovered to have a virus.

My question is not subjective, I'm not asking what is the best anti-virus software to use. I'm asking how can I actually be certain I have no viruses when popular and generally effective anti-virus scans detect absolutely nothing?

In the past my routine would be to run through the list of running processes and start-up programs, and use online resources to try and find anything malicious. This routine seemed relatively silly to me in the face of all of these anti-virus programs, and I thought it would be more effective to run scans than to manually look on my own.

Obviously IT firms have some effective method of identifying viruses, and I doubt these companies are just running some virus scanner. Clearly experience would have led me to identify my own problem as a virus, but I feel like there are all kinds of ways an undetected virus can manifest itself, so I don't want to rely solely on experience.


I should clarify this a little bit. I'm not necessarily looking for some "ultimate" checklist of things to do to identify viruses, but clearly there are ways to identify them when our normal anti-virus scans fail, and I'm wondering what some of these approaches might be.

  • "I thought it would be more effective to run scans than to manually look on my own." => Completely incorrect, human (with enough experience and good training) is a lot more effective virus detection/removal system than any software solution today. Software can not beat IT-persons heuristic scans. Commented Aug 22, 2012 at 17:41
  • 1
    If you question the security of the system, the only real solution, is to format the system. What virus was discovered, these computer repair shops, have this nasty habit of finding stuff that does not actually exist. Post the log file that proved you had a virus, if they cannot supply this, I would ask for your money back. If they claim they deletd it, ask for your money back, because that means they never actually found anything.
    – Ramhound
    Commented Aug 22, 2012 at 19:54
  • When it comes to antivirus software, you (to a degree) get what you pay for. Of the three packages you list, only eSet is apparently a fully commercial AV product, and if you used the "free trial" likely you got a crippled version. (I'm getting the impression that you had no AV product on the laptop to start with, and only tried to close the agricultural portal after the bovines were afield.) Commented Aug 22, 2012 at 21:19
  • Give a try to ComboFix it is a good malware detector.
    – avirk
    Commented Aug 23, 2012 at 1:35
  • Did it have Mcafee on it by chance? I spent 4 hours troubleshooting a similar problem and it turned out Mcafee sent out a bad patch, which made networking impossible.
    – Phillip R.
    Commented Aug 23, 2012 at 3:00

5 Answers 5


No antivirus package is perfect. I had seen viruses which I submit to http://virusscan.jotti.org/en and only 2 or 3 of the packages detect them. I have also had a virus which was reported clean by them all.

So, if I need to clean/scan a machine for virus, this is some of the things I do.

Prelimary Check

Check and possibly delete the files in the temp folder and also temporary internet files. If there are ten of thousands of files or more, deleting these can significantly reduce the time it takes to perform a full scan. It is however possible for this to delete a virus stored in these locations before it can be identified.

Stage 1

Boot off a clean CD/DVD for example a Bart CD or a special AntiVirus CD

  • Run scans with several different anti-virus, anti-malware and rootkit programs
  • Configure Explorer to show hidden files and folders and look for files that are recently added to the root folder, Windows, Windows\System32, and Program files folders. Also look for hidden files and/or folders in those places. The presence of such files does not necessarily mean an issue, but I usually try to identify them to make sure they are legitimate)

Stage 2

Boot in the operating system normally

  • Run scans with several different anti-virus, anti-malware and rootkit programs
  • Run programs such as Autoruns and Hijackthis which show everything that is started automatically or things that hook into windows (eg addons to Windows). Neither of these programs try to determine what is good and what is bad, but instead they give you information and it is up to you to decide if the entries are valid.
  • Run TaskManager or Process Explorer to see what processes are running.
  • Look in add/remove programs and see what sort of programs have been reinstalled and remove any junk. Don't want to mention any names, but there are some toolbars, poker games and some file sharing programs that always seem to cause programs and quite often the user/owner of the computer did not deliberately install them. (For example, toolbars that are bundled with other programs)

Stage 3 (time permitting)

  • Reboot into windows and connect to the internet and leave for a while and then repeat Stage 1 to make sure the machine is still clean.

Stage 4

  • Keep fingers crossed and/or pray that the machine is clean.
  • I'm giving you the answer because you've provided a good routine here that I feel would be very effective. I will go through these steps next time I run into an undetected virus before I resort to killdisking/reformatting.
    – JonathonG
    Commented Aug 27, 2012 at 0:30
  • I have a clean image (with applications and updates) that I restore to every year or so, so even if something sneaky finds its way onto my system it would get flushed out eventually anyway. Commented Mar 4, 2013 at 4:53

How to be certain you don't have a virus when anti-virus scanners find nothing

You can't.

However if you want to be sure that a virus isn't causing problems with Internet access, just boot from a live-CD or USB. If that cannot access the INternet you may have a hardware problem. Preferably one created on a different and clean system.

  • I know you can't be 100% certain, but there have to be better ways than ONLY running main-stream anti virus scanners, which never seem to be 100% effective to me. As to your suggestion, I generally DO boot to an alternative OS via clean, portable media, generally Ubuntu. In this particular case I didn't have that as an option however. Furthermore, in the event that a clean OS does successfully access the internet, that tells me only that I can expect to look for a problem with my normal OS/files/drivers, not necessarily how I can find that problem (whether it be a virus or not.)
    – JonathonG
    Commented Aug 22, 2012 at 16:52
  • @JonathonG: I don't share your conviction. IT firms use commercial AV. The only other techniques are checksums produced using a clean live-CD, compared daily (say) against checksums stored on media that are never connected to vulnerable systems other than when booted from live-CD. Here's an Old but interesting article that won't help directly :-) Commented Aug 22, 2012 at 17:00
  • Thank you. I understand that "commercial AV" solutions are going to be different from something such as eSet's free scan. However, I still have to wonder why it is that 3 separate, fully updated virus scanners all failed to find even a single malicious file, and the IT company's virus scanner found it with no problem.
    – JonathonG
    Commented Aug 22, 2012 at 17:10
  • @JonathonG: We can only speculate: Perhaps they ran a different AV and were lucky. Perhaps they configured an AV to run the most rigorous checks (and therefore the most time-consuming and CPU-intensive testing that ordinary users don't tolerate). Commented Aug 22, 2012 at 17:14

I am not a malware analyst, but I will share my little knowledge with you. My two cents -

Look for things like - strange files in your start up, windows folder and wide fluctuations in free hard disk space. Sometimes malware file names are similar to windows OS file names like %svchost%.exe or %Splwow64%.exe etc. Also, look for "weird" processes in task manager.

You cannot be certain that an AV will even be able to detect a malware written and detected 1 year ago. How ? If this malware is crypted properly then it will become undetectable. Crypters can be purchased from illegal online markets. Here is a video which advertises a crypter with a lot of features. Don't know how effective it is at making malware FUD though.


Also, consider becoming a member of bleepingcomputer.com. IMHO, it is a better place for asking these type of questions and for reading free tutorials for securing home computers and also for anti malware strategies.



I personally dont use a live anti-virus. I keep a clean backup image and backup to a external regularly. Although if i were to experience a syatem that needed a deep clean, rootkits are the nemesis.

Boot into bart run a rootkit revealer, reboot into bart cleanup, reboot into bart run malwarebytes (free) if you do this before cleanup it takes forever.

Reboot into OS and run rootkit revealer, you may need to tun regedit and clean out any regfiles that are suspect. Then cleanup again, malwarebytes and run defrag…

If rootkit still there you may need to reimage the machine to a clean OS to kill any sys files that are infected… ive had to boot into dos and replace startup files in the past no fun.

  • Hirens is another good tool for your toolbox
    – Alan Ray
    Commented Apr 26 at 14:01
  • 1
    Your answer could be improved with additional supporting information. Please edit to add further details, such as citations or documentation, so that others can confirm that your answer is correct. You can find more information on how to write good answers in the help center.
    – Community Bot
    Commented Apr 26 at 14:12

For any virus made by a competent programmer, what has been mentioned isn't enough, luckily most virus are made by 15 year-old's using visual basic. That wasn't a joke, it's a fact, but here is some more information.

Because Microsoft is so "great" NTFS has a way to hide files, it's called alternate data streams, nothing there is visible though explorer or command line, some anti-virus's don't even scan it, erreech.

Make sure you're using Windows 8 or grater, there have been some long overdue security updates that "prevent" Direct kernel object manipulation, before it was as easy as a few lines of code and you could hide a process from the process list.

Most viruses are made exclusively for Windows, but Windows does have better security in many aspects such as memory protection.

The best defense against viruses is knowledge, training people and getting them to follow safety rules, for example not downloading anything not made by trusted companies.

  • Thanks for the response, I know the question was a little ridiculous. I'm on Windows 10 now but moving towards Linux for all my development needs.
    – JonathonG
    Commented Mar 25, 2016 at 19:57
  • I updated my post and changed some of my misconceptions.
    – Aaron
    Commented Apr 9, 2016 at 14:25
  • 1
    Starting with made up statistics (Most virus' are made by teenagers with VB). Continuing with random junk ("great" NTFS, Alternative data streams). Finishing with unneeded info (most virus' are made for windows). None of this answers the question: How can I be sure I don't have a virus despite scanners given me an all clear? "The best defense is knowledge"... that's what was asked about an clearly not provided here...
    – WernerCD
    Commented Jul 3, 2016 at 17:16

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .