gds4141
Premium
join:2003-08-10
Omaha, NE
| reply to JoeSchmoe007
Re: Making the user a member of "Users" group to p
How do you get CWS on a user? On my unpatched, non-updated test machine I’ve been trying to get it to install for the last 5 or 6 months. This box is not on a network and is XP. I’ve manage to capture CWS attempts on regmon and filemon and captured a couple of “exe”, but even running the “exe” later does not work. I even keep all the security settings on IE set to low. I must be something wrong.:o
Gary |
|
TerryMiller
Premium
join:2003-10-23
| I don't know how they get it. But there were 3 on the box I cleaned today. They were cleanable with spybot so perhaps they hadn't fully executed, but registry entries and files were on the box. The noticable problem was some sort of home page hijack to one of the fake search engines and pop-ups.
--
My family site |
|
Indy Sabre
Sabre Rider From Indianapolis
join:2003-10-02
1 edit | said by TerryMiller  :I don't know how they get it. But there were 3 on the box I cleaned today. They were cleanable with spybot so perhaps they hadn't fully executed, but registry entries and files were on the box. The noticable problem was some sort of home page hijack to one of the fake search engines and pop-ups. Terry, thanks for the info. If they were cleanalbe with Spybot maybe that says that the damage was at least limited  . Running spybot is pretty easy.
In your previuos post, you implied they weren't running IEspyad, right? Were they runnning a realtime AV?
IMHO, I think for the non tech savy user, installing (me) and teaching (them) to keep Spywareblaster and Spywareguard updated is easier.
Also, if there is a infection on the limited account some others have said that they are removed by just deleting the user account. If this is the case, maybe just copying the user profile into a back up account (before an infection) would be handy becuase you could then just consider the actual working user account as disposable (this is one of my current strategies). |
|
