First, I am by no means a Mac malware expert, but I am a long time Mac users and I guess you could say a borderline general Mac expert due to that long time use (in other words, I hesitate to call myself an expert, but I am definitely very knowledgable).
The first question that I have is what version of the macOS are you running? I ask because the more recent versions of the macOS (and Windows for that matter) have more built-in protection than older versions. The more you keep your Mac running the latest version of the macOS, the greater you reduce the chances of malware even without third party protection (aka "anti-virus" programs or anti-malware scanners).
In addition, the macOS is WAY less targeted for malware than Windows is. While the threat of malware is slowly growing for the Mac, Mac malware is still rather rare.
So, overall, if you are using a recent version of the macOS, then you likely should not be overly concerned, especially if you also add in a good third party anti-virus/malware program and practice "safe interneting".
FWIW, here is the typical list of "safe interneting" techniques:https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
And if you want to read about some of the built-in protections of the current version of the macOS, then you can read this:http://www.apple.com/macos/security/
I have a couple questions about how concerned I should be. I will look through other threads about Macs and try to run diagnostics, and I am also considering factory resetting the computer (though I would prefer not to if not necessary).
My main question is as follows. I do not let any applications launch at startup. By this, I mean that when I go to “Login Items” in System Preferences, the list of “items that will open automatically when you log in” is empty. Does this mean that no third party software, including malware, can run when I restart my computer? Does it mean that I need to manually launch malware upon each restart for there to be a risk? Or is there a way for malware to automatically launch when I startup despite the list being empty? Having this clarified would be very helpful.
Generally speaking, on the Mac, a program needs to have an administrator password to be entered in order to allow a program to be installed or run for the first time on a Mac. So, for some malware, it can get stopped by that requirement assuming the creator 1) did not find a sneaking way around that requirement and 2) did not find a sneaky way to trick you into supplying that password (i.e. make the program look legit).
There are almost definitely ways around this, however.
As to startup items, while legitimate stuff and some illegitimate stuff will show up in the list, I would be surprised if there are ways for people to get things to run that don't show up on that.
So, while I am not a Mac malware expert and do not know the answers, I would not be surprised if stuff can load and run without you knowing about it. So, by default, I tend to assume it is possible. But, then this is were third party anti-virus/malware programs can come into play.
My second (and last question for now) is whether, based my activity described above, you would recommend factory resetting the computer. Is simply downloading the recommended tools from other threads and scanning enough? Or do I really need to factory reset to put my mind at ease.
Thanks for anyone who took the time to read this. Some people seem to think I’m paranoid because my computer is running fine, and there are no noticeable symptoms of malware. What got me nervous though was reading about the kinds of malware that try very hard to go unnoticed by the victim. Thanks again!
Ultimately, it will really come down to how paranoid you are and how much effort you want to expend and to what level of assurance that your machine is clean you want to go to.
While I am not a Mac malware expert (as previously stated), I am experienced enough with Macs to know that in general the odds of a Mac being infected with something is relatively low. This is due to the general low amount of stuff targeting Macs and the relatively good built-in protections.
So, I would tend to say you likely are just fine getting one or more of the third party anti-malware/virus (only one "real-time" scanner, however) programs and run it/them to see if anything shows up. If you don't find anything and your computer runs with no strange issues, then you are likely fine and wiping and doing a clean install is likely overkill.
But, as I said, it is really a matter of your level of concern as it certainly doesn't hurt to wipe and do a clean install (other than spend a chuck of your time doing it).