To look for a possible viral infection I also look for increased traffic, or outbound traffic of unknown origin (yes, I run a firewall and read the logs, and also filter outbound traffic). I examine log files for known viral or worm signatures. If files are missing, I'm particularly suspicious. I look for unusual activity of any kind. I run an IDS that warns me when unregistered programs attempt to run, or when unusual programs attempt to access the network. I consider many popups to be mobile malicious code, so I also run software that detects their presence on my system and allows me to remove them. I consider many apps which 'phone home' to check for updates to also be potentially malicious and turn them off, too. In short, I try to be proactive and if I can't prevent infection, I try to be more aware of how to identify and get rid of potential harmful software.
This was first published in August 2002