There is no rulebook on how to verify if a device is infected or not. The ability to discover the presence of a malware depends on many variables. It is all about practice and training your eye. After a while, you will naturally notice things that stand out from the normal. Spot what shouldn’t be there. In our general approach we rely on some assumptions: If the system is clean, there shouldn’t be any applications or system processes running that we do not recognize. If the system is clean, there shouldn’t be any applications registered for automatic launch that we do not recognize. If the system is clean, there shouldn’t be abnormal modifications to the system itself. Regardless of the OS, we essentially look for anomalies under all these assumptions.