Advice Request One time scanners to make sure everything is clean

[MrMr]

I received a laptop from a recently deceased family member.
I set up all security on it (CFW+WV+MD signature only) but they did allow things they shouldn't have and I found some HEUR files with a WiseVector scan.
I know they wouldn't have wanted to let the laptop collect dust because its a beast of a laptop but I want to run some one time scanners to make sure nothing got deep into the system (I doubt it but worth double checking).
.
I need some advice which one time scanners would be best for this situation and which are currently the best in general

 

[Freki123]

Norton Power Eraser and Kaspersky Virus Removal Tool would be my ideas.
To be honest I would format any pc/laptop where stuff is found and would do a clean install. But that's only my personal opinion.

 

[gonza]

Hi. I use Emsisoft Emergency Kit: Emsisoft - Emergency Kit: Free Portable Malware Scan and Removal
You can also download a 100% portable version from: Emsisoft Emergency Kit Portable (virus, malware, and badware scanner and remover) | PortableApps.com
Though EEK doesn't need any installation.

You can also try Kaspersky Virus removal tool: Free Virus Removal Tool | Free Virus Scanner and Cleaner | Kaspersky

Almost every vendor has this kind of tools, but I really like this 2. Anyway, my rule is: once a system is infected, scan for the fun, reinstall the OS to be safe.

 

[MrMr]

Norton Power Eraser and Kaspersky Virus Removal Tool would be my ideas.
To be honest I would format any pc/laptop where stuff is found and would do a clean install. But that's only my personal opinion.

I would too, I did so with lots of random people computers, but the keyword here is "loved one" you have no idea how hard it is to do that! I wouldn't have expected it be to be this hard either that's why I want to deep scan instead. Thanks for the suggestions.

Hi. I use Emsisoft Emergency Kit: Emsisoft - Emergency Kit: Free Portable Malware Scan and Removal
You can also download a 100% portable version from: Emsisoft Emergency Kit Portable (virus, malware, and badware scanner and remover) | PortableApps.com
Though EEK doesn't need any installation.

You can also try Kaspersky Virus removal tool: Free Virus Removal Tool | Free Virus Scanner and Cleaner | Kaspersky

Almost every vendor has this kind of tools, but I really like this 2. Anyway, my rule is: once a system is infected, scan for the fun, reinstall the OS to be safe.

I usually format too but I doubt its really infected badly because CFW CS stops everything and WV stopped most things too. But since it still had some nonspecific heuristics hits I'd rather be safe than sorry

 

[Pixelman]

To be honest I would format any pc/laptop where stuff is found and would do a clean install. But that's only my personal opinion.

Or a backup?

 

[Freki123]

Or a backup?

Yes that would be the easier way. But when the laptop comes from a relative that already clicked stuff that shouldn't be clicked I just assumed that no backup would exist.
But yes I would use my backup and then do an restore

 

[MrMr]

No backup exists as far as I know, but tbh I forget to backup for myself all the time too, I had problems because of that before but unless it's "set and forget" you usually forget lol
Because its from a relative you don't know what they clicked that they shouldn't. You try to make the security as buetproof as possible but even then, better safe than sorry.

I'm running EEK now, so far 0

0 found with EEK and 0 found with KVRT. Should I bother running anything else or is it clean?

 

[sims0921]

try use ESET SysRescue Live

 

[Shadowra]

Hello

Eset Oneline Scanner / Norton Power Eraser / Kaspersky Virus Removal Tools and Emsisoft Emergency Kit

 

[MrMr]

I will run Norton and eset next! Thanks

 

[cartaphilus]

No backup exists as far as I know, but tbh I forget to backup for myself all the time too, I had problems because of that before but unless it's "set and forget" you usually forget lol
Because its from a relative you don't know what they clicked that they shouldn't. You try to make the security as buetproof as possible but even then, better safe than sorry.

I'm running EEK now, so far 0

After you done that scan I would also yank the Hard Drive, connect to a USB convertor and plug it into my PC via the USB then give it another scan with your antivirus as a USB device. That way you can detect any malware that might be hiding from scanners when the laptop boots.

 

[MrMr]

T

After you done that scan I would also yank the Hard Drive, connect to a USB convertor and plug it into my PC via the USB then give it another scan with your antivirus as a USB device. That way you can detect any malware that might be hiding from scanners when the laptop boots.

That's true but the device had Comodo FW with Cruelsister setting, WiseVector and basic signature Defender so I don't think it could possibly get that deep to begin with, I'm just doing the "paranoid extra scans" to be sure

 

[MrMr]

Only one PUP found and removed in Eset, Norton, Kaspersky and Emisoft downloaded scanners, MD and WV so I think its clean?

 

[Trident]

basic signature Defender

I am not entirely sure what this few times mentioned now "Basic Signature Defender" is.
If you are referring to Microsoft Defender (or Bitdefender) there is nothing "basic signature" about them. These products (specially Microsoft Defender) run an extremely large arsenal of different machine learning/AI types such as decision trees, deep convolutional networks, neural networks, sparse dictionary learning, anomaly detection, bayesian networks, support vector machines, genetic algorithms and many others. Some of these classifiers are fast and light, run locally in milliseconds, whilst others require "bagging" where attributes are extracted and fed into the cloud -- these classifiers would take hours to run locally.

Also, for a mini pc that you are trying to prevent from overheating, you've cramped Comodo (old, out-of-date, unoptimised product), Microsoft Defender (I presume) which is on the heavy side and you are looking to install more security software. I don't see how this will help your situation.
Needless to mention your employer should be providing the tools and utilities needed to secure you whilst you work. Many of these products are free only for home use and using them on a business machine is a violation of the license, and depending on the country you reside in, a violation of the law. Penalties for employers are rather salty in Western EU and US.

 

[Zero Knowledge]

Hello

Eset Oneline Scanner / Norton Power Eraser / Kaspersky Virus Removal Tools and Emsisoft Emergency Kit , Eset etc

This post is a short but great summary of what second opinion scanners you should use. Nothing else matters! You could even use rescue cd's by KS, Avira, Eset for something different, if the laptop doesn't have a DVD/Blu-ray/CD drive then just use YUMI/Rufus to burn/load/use the rescue cd's on a USB.

 

[MrMr]

I am not entirely sure what this few times mentioned now "Basic Signature Defender" is.

I'm using "Basic Signature Defender" to specify that almost everything MD is turned off so technically its just a signature scanner with no cloud access etc. so readers will not be confused and think its a full running hardened WD Which puts the product in a very different category than the full hardened version which can be a very good defence.

If you are referring to Microsoft Defender (or Bitdefender) there is nothing "basic signature" about them. These products (specially Microsoft Defender) run an extremely large arsenal of different machine learning/AI types such as decision trees, deep convolutional networks, neural networks, sparse dictionary learning, anomaly detection, bayesian networks, support vector machines, genetic algorithms and many others. Some of these classifiers are fast and light, run locally in milliseconds, whilst others require "bagging" where attributes are extracted and fed into the cloud -- these classifiers would take hours to run locally.

This both is and isn't the case in this situation, since it only downloads signatures and local heuristic features its not even close to the full product.

Also, for a mini pc that you are trying to prevent from overheating, you've cramped Comodo (old, out-of-date, unoptimised product), Microsoft Defender (I presume) which is on the heavy side and you are looking to install more security software. I don't see how this will help your situation.

I didn't mention the specifications, I started this topic about the laptop. The fact that I use similar settings on a NUC does is irrelevant but to bring up the topic anyway, smaller PCs run hotter and to prevent that I like to keep the load as low as possible

Needless to mention your employer should be providing the tools and utilities needed to secure you whilst you work. Many of these products are free only for home use and using them on a business machine is a violation of the license, and depending on the country you reside in, a violation of the law. Penalties for employers are rather salty in Western EU and US.

I'm self employed and all licenses I use for my devices are not in violation of any law (trust me I checked) thank you for all your helpful insights!

 

[Trident]

I think I got few threads of yours mixed up.

There is still more than basic signature going on there with the local ML but yeah, if you've turned off the cloud features you have rendered the product very basic indeed.

Norton Power Eraser is the lightest and fastest from these scanners and totally definition-less. It is my favourite and KVRT follows. Another one that I sometimes use is RogueKiller. It is very aggressive and detects a lot.

 

[MrMr]

I think I got few threads of yours mixed up.

We are only human, it happens

There is still more than basic signature going on there with the local ML but yeah, if you've turned off the cloud features you have rendered the product very basic indeed.

That's why I said basic, of course it still works well but at half the capacity at best.

Norton Power Eraser is the lightest and fastest from these scanners and totally definition-less. It is my favourite and KVRT follows. Another one that I sometimes use is RogueKiller. It is very aggressive and detects a lot.

I used Emisoft, Eset online, Norton Power Eraser and KVRT next to MD signature and the outdated WV. It only found one or two PUPs from not that well known companies so I THINK (can't every be 100% sure) that its clean so my basic setup (CFW CS+WV+MD signature) did a great job

 

[Trident]

I used Emisoft, Eset online, Norton Power Eraser and KVRT next to MD signature and the outdated WV. It only found one or two PUPs from not that well known companies so I THINK (can't every be 100% sure) that its clean so my basic setup (CFW CS+WV+MD signature) did a great job

It will work OK specially if you are not engaging in risky behaviour such as downloading torrents (not seeing the movie has *.exe extension), pirated software and running outdated apps that cry to be exploited. This setup is a bit on the "too much going on" side though and I personally would replace all that with Kaspersky Standard. Being self-employed I can assume you are in the UK and it's dirty cheap here. One provider dealing with this all will be a lot better for security and performance.

 

[MrMr]

It will work OK specially if you are not engaging in risky behaviour such as downloading torrents (not seeing the movie has *.exe extension), pirated software and running outdated apps that cry to be exploited. This setup is a bit on the "too much going on" side though and I personally would replace all that with Kaspersky Standard. Being self-employed I can assume you are in the UK and it's dirty cheap here. One provider dealing with this all will be a lot better for security and performance.

No torrenting or clicking on .exe files I don't know for me. I tried to explain that to the, now deceased, owner of the laptop and it looks like they took my advice because the system seems clean.

You guessed correctly and while I'm going to install Kaspersky free as a replacement, I don't think I can do away with Comodo just yet, it's heavy yes, but its so versatile and Cruelsisters settings have not failed me yet (I think she's more of a legend than the software itself is at this point because it sucks out of the box).
Off topic but I'm trying to make a perfect VPN killswitch with it between me, my server and my customers. Its not easy because Im bad with FW rules but I think I can get there with some help.