To detect trojan infected hard disk, it is not possible to work in front of the computer, or to remove the hard disk from the computer.
I'm thinking about remote detection possibilities, for example with software line PC anymwhere or VNC.
What kind of solution do you use in this case ?
Could we use the netbios exploit, if the client shares the disk ?