How do I Ferret out a Trojan When Anti-Malware Doesn't Detect it?

[britechguy]

The only reason I thought it might be one now is because even the cloned drive produced the same results as her original drive and I wasn't sure enough about the cloning to know whether or not a virus would escape cloning or come over with it.

Cloning does what it's name implies: Clones.

So if you have a hideously corrupted Windows instance on the source drive, you will have exactly the same hideously corrupted Windows instance on the destination drive. If you had an infection on the source drive, you will have exactly the same infection on the destination drive. Lather, rinse, repeat.

If, however, the problem was mainly with the source drive's own hardware, you can sometimes get a "miracle revival" with a clone, but it's quite rare, because a failing source drive generally means you're not going to get a good, complete, functioning result on the cloned drive.

 

[ThatPlace928]

If, however, the problem was mainly with the source drive's own hardware, you can sometimes get a "miracle revival" with a clone.....

That's exactly what I had hoped for..... a miracle. All is good now, though. Data files have been transferred, the laptop updated itself to Windows 11, and so far things are running well. I'm pleased and I believe the customer will be very happy that everything is functioning as it should. We went through what to keep and what to let go of earlier so her "new" system will be better than before.

 

[Markverhyden]

Long ago I stopped trying to "repair" Windows, or any other OS for that matter, instances. Quickly learned I was putting in a lot of time that I wasn't getting paid for. Even in *nix's like Linux and macOS crap can happen that just can't be undone. So if a few things like , Disk Warrior, Tweaking AIO, antimalware scan, new profile, etc don't work it's nuke and pave time.

 

[ThatPlace928]

Long ago I stopped trying to "repair" Windows, or any other OS for that matter, instances. Quickly learned I was putting in a lot of time that I wasn't getting paid for. Even in *nix's like Linux and macOS crap can happen that just can't be undone. So if a few things like , Disk Warrior, Tweaking AIO, antimalware scan, new profile, etc don't work it's nuke and pave time.

I agree. For most customers, that's exactly what I do and everything goes back into balance so they can start with a clean machine. I've had a few ransomware cases lately and, as long as they don't have much on the laptop, it's easy peasy.

Customer just picked his Dell up yesterday, which fell victim to ransomware for the 2nd time in 2 years. The first time, he called the number and it cost him around $2,000. Then, they said he needed to pay $14,000 for a "very safe system [best in the market]" but he turned them down. They left time-delayed garbage on his system, though, and that's what recently came back. I did a fresh install of Windows 10, installed SuperAntiSpyware, MalwareBytes, and MB Browser Guard. He's got instructions on how and when to use everything to keep his laptop safe so, hopefully, he does.

 

[Sky-Knight]

With malware that can stay resident in the EFI and the SSD's firmware?

Format C: isn't good enough anymore, you have to flash all the ROMs too.

 

[GTP]

SuperAntiSpyware

OMG! Why???? This garbage software is worse than the Malware you're trying to prevent!

 

[ThatPlace928]

OMG! Why???? This garbage software is worse than the Malware you're trying to prevent!

It's worked well for me for 14 years. I see no need to dump what works.

 

[britechguy]

I've reached the point that I use nothing other than Windows Security. There was a time where Malwarebytes and similar were a very distinct "value added" but that time is long past.

I see lots of value in dumping what's no longer needed. Most of these utilities are dead weight. Pick a good all-purpose security product these days and you're done. And based on what those out there who analyze them say, Windows Security has been staying in the top ten for years now, literally:

AV Test (See Windows test section)

AV Comparatives (Reports Page – Look at Real-World Threat Protection and Advanced Threat Protection Test reports)

SE Labs (Reports Page – Look at Endpoint Security Reports)

MRG Effitas (360° Assessment & Certification Reports)

 

[Diggs]

I just scanned the thread but didn't seen any mention of DISM?

DISM /Online /Cleanup-Image /RestoreHealth

I've complained in the past how DISM never fixes anything but this is one of the things it was built for.

 

[britechguy]

I just scanned the thread but didn't seen any mention of DISM?

Nor did I. But I've posted the tutorial I hand out, Using DISM (Deployment Imaging Servicing and Management) and SFC (System File Checker) to Repair Windows 10 & 11, so many times now and I presume that DISM/SFC and, possibly, a full-repair install will be tried as a matter of course when Windows corruption is suspected.

My steps for what appears to be "Windows Wonkiness" are always:
1. DISM followed by SFC.
2. Windows Repair Install (or Feature Update if a newer ISO is available).
3. Completely clean reinstall of Windows.

You stop after whichever step indicates, "Problem Solved!"

 

[ThatPlace928]

This was recommended in another group. Does anyone use it and, if so, how effective is it?

Simply Super Software - Trojan Remover

 

[GTP]

It's worked well for me for 14 years. I see no need to dump what works.

IMO, SuperAntiSpyware is of the same ilk as Spybot S&D, Avast/AVG, Webroot, and many other "snakeoil" programs that cause more problems than they solve. They never were - nor ever will be - programs a professional Technician should or would install on a clients PC.
These are the kinds of programs unwitting (read cheap) end users install.

This has been recommended on Technibble. Its free and it works perfectly. Microsoft Defender

Rouge Security Products. to avoid.

 

[britechguy]

Both Avast and AVG were, at one time perfectly legitimate antivirus/security tools, and both were ones I used. That being said, I stopped using them because they "went rogue."

Spybot S&D was once useful, too.

That wikipedia List of rogue security software does not list "legit" AVG, Avast, or Spybot S&D, but imposters for same. I still don't use any of them and don't recommend using them, but that list does not lump them in with the rogues.

 

[ThatPlace928]

Both Avast and AVG were, at one time perfectly legitimate antivirus/security tools, and both were ones I used.

Way back when..... I used AVGFree. It wasn't that great but the list was much shorter back then. I never did like Avast so I installed it, then got rid of it right away.

 

[Sky-Knight]

Avast / AVG were quite good for a long while too. I stopped using them not so much because they were bad, but because their use injected additional risk that I didn't feel was worth the benefits when compared against Windows Defender.

Then there are the ads... oy the ads... just nope.

 

[britechguy]

I stopped using them not so much because they were bad

I guess that depends on our individual definitions of "bad." For me, AVG became so hypersensitive and so prone to constant false positives that I could no longer tolerate it, for myself, nor the endless client calls in a panic about nothing.

I have a fuzzier memory about Avast, but what I do recall is that after whatever it was that "turned" for me, I couldn't get away from it fast enough.

 

[Sky-Knight]

I guess that depends on our individual definitions of "bad." For me, AVG became so hypersensitive and so prone to constant false positives that I could no longer tolerate it, for myself, nor the endless client calls in a panic about nothing.

I have a fuzzier memory about Avast, but what I do recall is that after whatever it was that "turned" for me, I couldn't get away from it fast enough.

Yeah there was a window there right after Avast! bought AVG that both products started consuming systems during feature updates... that wasn't ideal. And yet, several AV vendors were suing Microsoft at the time because Microsoft wasn't releasing the data they needed to test things in advance, and in the process made their own security products look better. They won the suit... but we both know how that turned out. The monopoly carries on.

 

[frase]

I find SuperAntiSpyware as usefull as a cup with a hole. It does next to nothing in my view just another snake oil product. MB is too annoyingly intrusive. Best practice is to nuke & pave if is a very intrusive trojan. It is up to the customer to have clean backups. Now I reckon you will get constant calls in regards to MB stating this or that.

I normally check drive for Issues if loading slowly or freezing etc
Run DISM
Run WRT.

The only tool I use is Windows Repair Tool, has everything one needs in one application and more can be added.
Created from a member here - @AlexCa

WRT

 

[AlexCa]

Thank you for the shout out! @frase

 

[ThatPlace928]

Thank you for the shout out! @frase

Thank you for the tool and @frase for the referral to it. I'm downloading it now and will check it out soon.