Same concept and similar to NPE in that it's a specialized, more aggressive, on-demand tool used for proving a specific failure and removing stubborn malware.
Question malware found
- Thread starter classicaran
- Start date
- Featured
- Status
I tried using Norton Ghost, found it problematic for sure, but don't recall why, soooo long ago...
This is the safest solution, but it's not always the case for all users. I'd like to share this video to demonstrate how useful second opinion scanners are in general and how powerful NPE is in particular.
"Badly infected system" needs Windows re-install; trying to fix and patch with security solutions carries the risk of leaving tails behind.
A full system reinstall is the textbook fix for severe malware, but that approach quickly falls apart when a user hasn't backed up their irreplaceable files. I ran a computer repair shop for years, and customers rarely followed best practices, making data recovery a constant challenge. This is precisely why tools like on-demand scanners and Sysinternals are warranted. The only safe way to proceed is a meticulous, manual removal of the infection, repairing any resulting corruption, and then extracting the verified clean files before the final wipe. Without that manual analysis step, that precious data is simply lost.
On Norton Ghost, it was much more popular as Symantec Backup Exec (not necessarily for good but nevertheless, the golden standard). It originated from Veritas. Quite a lot of companies acquired Veritas and got rid of them and they lost quite a lot of money.
For malware to be remediated, it is enough to change its state from active to latent.
There are some persistence hooks not effectively monitored by most on demand scanners, including NPE.
WMI, scheduled tasks and bits jobs are 3 things not monitored by NPE and they all allow persistence.
These trails are nothing compared to the trails safe applications leave, specially on systems where users engage in daly install/uninstall of software.
For malware to be remediated, it is enough to change its state from active to latent.
There are some persistence hooks not effectively monitored by most on demand scanners, including NPE.
WMI, scheduled tasks and bits jobs are 3 things not monitored by NPE and they all allow persistence.
and as an average user, I cannot examine all those areas efficiently, and it is more safe to re-install.
I can't remember either why it was not an easy program to master, I remember my bro-in-law was a bit more tech than I back then introduced me to it, it may not have been a totally legal copy, but it was a while before I could afford a Windows 95 CD as I had to borrow one as no disc copiers back then & no licencing either (you are on day 225 of your 30 trial of Paint shop Pro) I've since reformed
What if we think differently, if a device has been tested with NPE, KVRT, and EEK and all results are clean, can you prove it's not?
Last edited:
To test with all mentioned on-demand scanner, it must showed signs suspicious of malware infection, unless I have a kink of running scanners for pleasure.
In such a situation, the effort and time to prove or preclude infection is more than that for re-installing Windows.
Which one would you choose?
I think we've reached a point where personal preferences trump the logic of whether scanners are good or bad. Personally, I don't like reinstalling Windows. Unless there's clear evidence that I need to reinstall, I won't.
If infection is detected and removed (after execution) either by the primary AV or the secondary scanner, I will always feel something is running in the background which makes me uncomfortable.
I re-install Windows while making a mug of tea.
There is no right or wrong answers in detection and removal. It all depends upon personal preference,corporate procedures or even runbooks.
I had to disable my NextDNS to see the GIF you posted, because it wasn't showing up for me, probably blocked by NextDNS. Don't get me wrong about what I'm about to say, I'm being honest and I don't talk behind people's backs, but please don't take this personally. I like you, but sometimes you're really annoying, I have to admit it. You always come up with arguments for removing malware about using these tools. We're talking about "Question malware found" That was the member @classicaran who is the author of this thread, not to format your computer. If I were to format your computer, you wouldn't even need to open this thread, just format it and that's it, simple as that. I realized that this is how a thread starts that becomes polarized, and ends up becoming similar to the Comodo thread. There is always one member who disagrees and others who agree, and that's how it starts. And when I start to realize that the topic is getting heated, I prefer to remain neutral, so this is my last post on this topic. I don't want to upset my colleagues, so in this case I prefer to stay out of these discussions. I am sincere in my words, and I sincerely apologize to my colleagues and fellow MT members.
Ahhh forensics, how boring. Staring at log and registry files for 9 hours a day. No thanks .
Just reinstall OS, or install Comodo to be sure. Forget about this NPE, EEK, KVRT scanner crap advice. Comodo is where it's at. Especially version 5.12 released in 2010
.Just reinstall OS, or install Comodo to be sure. Forget about this NPE, EEK, KVRT scanner crap advice. Comodo is where it's at. Especially version 5.12 released in 2010
I don’t like reinstalling either, specially after Microsoft added the update step, which doubles the install time now and yet, when you check for updates, there are still some to install.
It is not suitable advice for production environments at all.
Ahhh forensics, how boring. Staring at log and registry files for 9 hours a day. No thanks
Just reinstall OS, or install Comodo to be sure. Forget about this NPE, EEK, KVRT scanner crap advice. Comodo is where it's at. Especially version 5.12 released in 2010
I unplug the ethernet cable before re-install: two hits: no updates, and bypass asking for using MS email account.
"Annoying" because I am trying to explain my point of view and the other side trying to repeat statements with alternative words just to refute my pov; just want a big "like" and not discussion, especially if leading to other opinions.
The fix is easy, just avoid replying to me and you will not be annoyed.
And there is a little nice button "ignore", click it and will you will not see what I state.
Have a good day.
Make sure you download the most recent ISO for installing, all the updates are inside it, maybe after finishing installing the computer or laptop, 1 or 2 new updates left.
Totally not a big deal i think ;-) Or use the Reset this PC option, no need to reinstall, just a freshly Windows when finished.
- Status
You may also like...
-
-
Testing Orion Malware Cleaner Designed by Me- Started by Trident
- Replies: 8
-
Help Needed: Suspicious Activity & Possible Malware on Windows 10 PC- Started by Thomas Ellias
- Replies: 4
-
40+ Passwords Found in Data Breach - Help Me Understand What Actually Happened- Started by vaultedlogic
- Replies: 24
-
Testing real-time protection of antiviruses with 10.124 Sample- Started by Dexter_Morgan31
- Replies: 120