ExceptThat
@inet.fi | reply to goofy01
Re: How did someone with a limited account install Antivirus XP
Except that if you're referring to All Users\Desktop or something like that, limited users do not have write privileges there. Are you absolutely sure the account is a limited user and not a member of admin group? How have you confirmed this? |
|
norwegian
Premium
join:2005-02-15
Outback
 ·WestNet Broadband
| reply to redxii
There was a topic here where is was proved that shortcuts can be placed elsewhere from a limited acct. I believe psloss asked the question. I proved it on 2 of my O/S's. Can't remember the name of the topic though. That was a year ago, seems that isn't fixed yet, or it's using another method.
--
The only thing necessary for the triumph of evil is for good men to do nothing - Edmund Burke |
|
redxii
too big to fail
Premium,Mod
join:2001-02-26
Texas | You mean this? »Who else is having fun with OEM security defaults? |
|
norwegian
Premium
join:2005-02-15
Outback
·WestNet Broadband
|
Spot on the mark Red. Not that I was trying to disagree, but it is possible. I did notice though, exocet's pdf file on the link supplied is not there any more either in that topic.
--
The only thing necessary for the triumph of evil is for good men to do nothing - Edmund Burke |
|
fatdcuk
Premium
join:2005-02-20
England
| reply to goofy01
Well if any experts wants to experiment with live xpantivirus2008 infection and ltd account etc then here is source for it**(ActiveX install & file download)
infectionscanner.com/1/?xx=1&in=2&h=1
**Do not run infection unless you know how to manually clear it up and also repair settings damaged incurred!
VT currently flagging dropper@ 5/33
»www.virustotal.com/analisis/c45f···8143f917 |
|
norwegian
Premium
join:2005-02-15
Outback
·WestNet Broadband
|
First, no expert here. Kaspersky warned of installation, and 6 or so popups from registry, exe etc, so allowed them all, but in the latest version it it placed in low restricted. After found nothing installed, but with "low restricted" is isn't allowed some permissions on the O/S.
Once I'm home tonight, this home user will turn off KIS to see what happens then.
First test - negative
Note: There was no messages of permissions from using a limited account either....Mmmmm
--
The only thing necessary for the triumph of evil is for good men to do nothing - Edmund Burke |
|
redxii
too big to fail
Premium,Mod
join:2001-02-26
Texas
Host:
/dev/null
Broadband Tweaks
Suddenlink
ISDN
Fiber Optic
| reply to fatdcuk
That took quite a bit of user interaction, but all it did was install the xpantivirus2008 scamware at the worst in the admin account. It just added a RunOnce key to the limited user's account which pointed to a file in the cache, but that was only after willingly running the exe.
This was XP Pro SP3, IE6 and none of the internet settings were altered from install defaults.
The previous mentioned thread was about OEMs relaxing permissions. They aren't Microsoft's defaults. Permissions can be set in INF files w/ SDDL, and since INFs are plain text anyone can edit them and if you can understand the SDDL syntax you can make it anything you want. |
|
norwegian_away
@net.au |
Thanks for the clarification
I was curious if it was related to the topic raised by psloss, the shortcuts being placed on other accounts, which is why I brought it up. Excuse my thinking if I was incorrect. |
|
Doctor Olds
I Need A Remedy For What's Ailing Me.
Premium,VIP
join:2001-04-19
1970 442 W30
clubs:
| reply to norwegian
said by norwegian  :I did notice though, exocet's pdf file on the link supplied is not there any more either in that topic. It is archived here:
»web.archive.org/web/*/http://www···inxp.pdf
--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time? |
|
vcf1
join:2000-03-21
Duncansville, PA | reply to goofy01
Surfing I'm sure and believing what they see.
--
Dick |
|
