goofy01
join:2004-02-05
Hammond, IN
 ·Comcast
| reply to goofy01
Re: How did someone with a limited account install Antivirus XP
Dr. Olds, he didn't do any of that, he was browsing and said something like "It said to update my player, so I clicked on it"
I know before I have had to log into the admin account just to install Adobe before since another account needed to read a PDF and they were set up the same way.
I will look into adding no-script. Thanks Aaron, will read that in a bit.
It was installed across all accounts, since there was a desktop icon on my admin desktop.
The computer has McAfee Security Center from Comcast on it, fully updated. This did catch the desktop hijack part of the program. I used Malwarebytes to remove it. |
|
bcastner
Premium,VIP,MVM
join:2002-09-25
Chevy Chase, MD
clubs: 
 ·Verizon Online DSL
3 edits | I would seriously consider installing the free Microsoft product SteadyState on this computer. The link below has a fairly extensive set of links to discussions as to what it is, how to obtain it, and why it could help: »aumha.net/viewtopic.php?f=26&t=27570
quote:
What state is your shared computer in at the end of the day?
• Hard disk filled with downloaded files?
• Strange options configured?
• Programs installed that you don't want?
• System infected with viruses and spyware?
• Computer bogged down for unknown reasons?
Windows SteadyState, successor to the Shared Computer Toolkit, is designed to make life easier for people who set up and maintain shared computers.
An easy way to manage multiple users
You can manage whole groups of users as single user accounts. The new Windows SteadyState console makes it easier than ever to create and modify user profiles.
A locked-down platform for stable shared computing
Not every computer user should have access to every software capability. Your system can be more stable and consistent when you limit user access to control panel functions, network resources, and other sensitive areas.
Set it and forget it
Once you have everything set up the way you want it, you can share the computer and rest easy. Any changes a user might make to the configuration or hard disk can be undone by simply restarting the machine
Recommended.
(Now available for Vista 32-bit as well).
Bill Castner
--
============
MS-MVP 2004 - -2008, ASAP Member
Users Helping Users
|
|
ahulett
Life Without Walls
Premium
join:2003-02-02
Bellevue, WA
| reply to goofy01
quote:
he was browsing and said something like "It said to update my player, so I clicked on it"
Wild guess: Zlob "Media Codec". You go to watch a video. It looks like it's about to play, then wham! A dialog appears saying a new media codec is needed to play it. User, wanting to see the video, clicks Yes, and then is hit with desktop shortcuts, rogue security software, or other potentially unwanted software.
--
Aaron Hulett | Senior Spyware Researcher | Microsoft Malware Protection Center
This posting is provided "AS IS" without warranty, and confers no rights. |
|
Shriyash
Sungazer
Premium
join:2005-02-23
PuNe, InDiA
1 edit | reply to goofy01
said by goofy01  : he was browsing and said something like "It said to update my player, so I clicked on it" Yep, definitely sounds like a fake codec update that installs spyware upon execution.
It may have looked something like the pic in this post.
Edit: i would install No-Script if i were you. |
|
redxii
too big to fail
Premium,Mod
join:2001-02-26
Texas
1 edit | reply to goofy01
It wasn't a limited account if it could place a shortcut outside the limited account; and hijack your desktop, if you mean it prevented you from making changes.
Or not using NTFS. |
|
norwegian
Premium
join:2005-02-15
Outback
·WestNet Broadband
|
There was a topic here where is was proved that shortcuts can be placed elsewhere from a limited acct. I believe psloss asked the question. I proved it on 2 of my O/S's. Can't remember the name of the topic though. That was a year ago, seems that isn't fixed yet, or it's using another method.
--
The only thing necessary for the triumph of evil is for good men to do nothing - Edmund Burke |
|
redxii
too big to fail
Premium,Mod
join:2001-02-26
Texas | You mean this? »Who else is having fun with OEM security defaults? |
|
norwegian
Premium
join:2005-02-15
Outback
·WestNet Broadband
|
Spot on the mark Red. Not that I was trying to disagree, but it is possible. I did notice though, exocet's pdf file on the link supplied is not there any more either in that topic.
--
The only thing necessary for the triumph of evil is for good men to do nothing - Edmund Burke |
|
Doctor Olds
I Need A Remedy For What's Ailing Me.
Premium,VIP
join:2001-04-19
1970 442 W30
clubs:
| said by norwegian :I did notice though, exocet's pdf file on the link supplied is not there any more either in that topic. It is archived here:
»web.archive.org/web/*/http://www···inxp.pdf
--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time? |
|
