|
 
Doctor Olds
I Need A Remedy For What's Ailing Me.
Premium,VIP
join:2001-04-19
1970 442 W30
clubs:
| Re: How did someone with a limited account install Antivirus XP Safe Mode will let you install programs sometimes
OR
They may have watched over a shoulder to find the Admin Password
OR
There are Linux Boot CDs that can be burned to a blank, placed in the drive so that when rebooted the CD shows all passwords used on the system. 
Regards,
Doctor Olds
--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time? | |
|
|
teh_zeus
@cogentco.com
thumbs down from:
ahulett 
| Re: How did someone with a limited account install Antivirus XP Ok, how he did it, i dont know.
But the reason i want to reply after reading this, is that you are already using firefox, which is good.
Just install the no-script extension, and you can visit as many pr0n sites as you want (or he wants) and it wont matter....no-script will do its work to keep your pc safe.
If you want to see streaming content like on youtube, all you do is just allow that particular site in the no-script options.
I've been using no-script ever since it came out, and once you get used to it, infections will be a thing of the past.
(im sure you already are covered on the firewall front) | |
|
ahulett
Life Without Walls
Premium
join:2003-02-02
Bellevue, WA
3 edits | Running in a Limited User account is a good way to help potentially reduce the degree malware effects a system. Here's some information we have on Limited User accounts under Windows XP, which includes a link for information on Windows Vista:
Microsoft Security At Home
Limited User accounts can protect your Windows XP computer when you browse the Web
»www.microsoft.com/protect/comput···unt.mspx
Hope this helps,
Aaron
--
Aaron Hulett | Senior Spyware Researcher | Microsoft Malware Protection Center
This posting is provided "AS IS" without warranty, and confers no rights. | |
|
redxii
too big to fail
Premium,Mod
join:2001-02-26
Texas
Host:
/dev/null
Broadband Tweaks
Suddenlink
ISDN
Fiber Optic
| If it installed globally or changed system policies like it usually does to prevent changing preferences, then it wasn't a limited account. Safe mode won't make a limited account an administrator. An account in both "Users" and "Administrators" group will make it an administrator.
Otherwise you could have just deleted the profile folder from another account and been done with it, or it had failed from installing altogether. | |
|
Bubba17
Less is More
Premium
join:2006-09-21 | Just curious .. what security software is installed on the machine?
And, what tool did you employ to rid the machine of the infection?
--
"Fast is fine, but accuracy is everything" --Wyatt Earp | |
|
goofy01
join:2004-02-05
Hammond, IN
 ·Comcast
| Dr. Olds, he didn't do any of that, he was browsing and said something like "It said to update my player, so I clicked on it"
I know before I have had to log into the admin account just to install Adobe before since another account needed to read a PDF and they were set up the same way.
I will look into adding no-script. Thanks Aaron, will read that in a bit.
It was installed across all accounts, since there was a desktop icon on my admin desktop.
The computer has McAfee Security Center from Comcast on it, fully updated. This did catch the desktop hijack part of the program. I used Malwarebytes to remove it. | |
|
 | 
bcastner
Premium,VIP,MVM
join:2002-09-25
Chevy Chase, MD
clubs: 
 ·Verizon Online DSL
3 edits | Re: How did someone with a limited account install Antivirus XP I would seriously consider installing the free Microsoft product SteadyState on this computer. The link below has a fairly extensive set of links to discussions as to what it is, how to obtain it, and why it could help: »aumha.net/viewtopic.php?f=26&t=27570
quote:
What state is your shared computer in at the end of the day?
• Hard disk filled with downloaded files?
• Strange options configured?
• Programs installed that you don't want?
• System infected with viruses and spyware?
• Computer bogged down for unknown reasons?
Windows SteadyState, successor to the Shared Computer Toolkit, is designed to make life easier for people who set up and maintain shared computers.
An easy way to manage multiple users
You can manage whole groups of users as single user accounts. The new Windows SteadyState console makes it easier than ever to create and modify user profiles.
A locked-down platform for stable shared computing
Not every computer user should have access to every software capability. Your system can be more stable and consistent when you limit user access to control panel functions, network resources, and other sensitive areas.
Set it and forget it
Once you have everything set up the way you want it, you can share the computer and rest easy. Any changes a user might make to the configuration or hard disk can be undone by simply restarting the machine
Recommended.
(Now available for Vista 32-bit as well).
Bill Castner
--
============
MS-MVP 2004 - -2008, ASAP Member
Users Helping Users
| |
|
|
ahulett
Life Without Walls
Premium
join:2003-02-02
Bellevue, WA
| quote:
he was browsing and said something like "It said to update my player, so I clicked on it"
Wild guess: Zlob "Media Codec". You go to watch a video. It looks like it's about to play, then wham! A dialog appears saying a new media codec is needed to play it. User, wanting to see the video, clicks Yes, and then is hit with desktop shortcuts, rogue security software, or other potentially unwanted software.
--
Aaron Hulett | Senior Spyware Researcher | Microsoft Malware Protection Center
This posting is provided "AS IS" without warranty, and confers no rights. | |
|
| 
Shriyash
Sungazer
Premium
join:2005-02-23
PuNe, InDiA
1 edit | said by goofy01 : he was browsing and said something like "It said to update my player, so I clicked on it" Yep, definitely sounds like a fake codec update that installs spyware upon execution.
It may have looked something like the pic in this post.
Edit: i would install No-Script if i were you. | |
|
|
redxii
too big to fail
Premium,Mod
join:2001-02-26
Texas
1 edit | It wasn't a limited account if it could place a shortcut outside the limited account; and hijack your desktop, if you mean it prevented you from making changes.
Or not using NTFS. | |
|
| | 
norwegian
Premium
join:2005-02-15
Outback
·WestNet Broadband
| Re: How did someone with a limited account install Antivirus XP
There was a topic here where is was proved that shortcuts can be placed elsewhere from a limited acct. I believe psloss asked the question. I proved it on 2 of my O/S's. Can't remember the name of the topic though. That was a year ago, seems that isn't fixed yet, or it's using another method.
--
The only thing necessary for the triumph of evil is for good men to do nothing - Edmund Burke | |
|
| | | |
| | | |
norwegian
Premium
join:2005-02-15
Outback
·WestNet Broadband
| Re: How did someone with a limited account install Antivirus XP
Spot on the mark Red. Not that I was trying to disagree, but it is possible. I did notice though, exocet's pdf file on the link supplied is not there any more either in that topic.
--
The only thing necessary for the triumph of evil is for good men to do nothing - Edmund Burke | |
|
| | | | | |
|
Lanik
Lab-nik
Premium,ExMod 2002-03
join:2001-06-25
Bay Area
2 edits | This just happen to a coworker of mine and to make matters worse the desktop background gets hijacked and Display properties are missing tabs so you can't switch your desktop now. Does anyone know what Antivirus XP 2008 installs and how to get rid of it.
Thanks.
--
"If it ain't broke don't fix it." | |
|
| |
| |
Lanik
Lab-nik
Premium,ExMod 2002-03
join:2001-06-25
Bay Area | Re: How did someone with a limited account install Antivirus XP I've already been through them guys, thanks.
I can't unregister these files shlwapi.dll, wininet.dll there is no unregister information.
--
"If it ain't broke don't fix it." | |
|
| |
|
|
Lanik
Lab-nik
Premium,ExMod 2002-03
join:2001-06-25
Bay Area | Re: How did someone with a limited account install Antivirus XP That did it thanks.  | |
|
goofy01
join:2004-02-05
Hammond, IN | Wrong Red. When this one hit me, it placed the icon in the shared desktop folder, so this icon came up on all users desktops. It didn't hijack the backgrounds on all users though, just on the one that was logged in. | |
|
|
ExceptThat
@inet.fi | Re: How did someone with a limited account install Antivirus XP Except that if you're referring to All Users\Desktop or something like that, limited users do not have write privileges there. Are you absolutely sure the account is a limited user and not a member of admin group? How have you confirmed this? | |
|
fatdcuk
Premium
join:2005-02-20
England
| Well if any experts wants to experiment with live xpantivirus2008 infection and ltd account etc then here is source for it**(ActiveX install & file download)
infectionscanner.com/1/?xx=1&in=2&h=1
**Do not run infection unless you know how to manually clear it up and also repair settings damaged incurred!
VT currently flagging dropper@ 5/33
»www.virustotal.com/analisis/c45f···8143f917 | |
|
|
norwegian
Premium
join:2005-02-15
Outback
·WestNet Broadband
| Re: How did someone with a limited account install Antivirus XP
First, no expert here. Kaspersky warned of installation, and 6 or so popups from registry, exe etc, so allowed them all, but in the latest version it it placed in low restricted. After found nothing installed, but with "low restricted" is isn't allowed some permissions on the O/S.
Once I'm home tonight, this home user will turn off KIS to see what happens then.
First test - negative
Note: There was no messages of permissions from using a limited account either....Mmmmm
--
The only thing necessary for the triumph of evil is for good men to do nothing - Edmund Burke | |
|
|
redxii
too big to fail
Premium,Mod
join:2001-02-26
Texas
Host:
/dev/null
Broadband Tweaks
Suddenlink
ISDN
Fiber Optic
| That took quite a bit of user interaction, but all it did was install the xpantivirus2008 scamware at the worst in the admin account. It just added a RunOnce key to the limited user's account which pointed to a file in the cache, but that was only after willingly running the exe.
This was XP Pro SP3, IE6 and none of the internet settings were altered from install defaults.
The previous mentioned thread was about OEMs relaxing permissions. They aren't Microsoft's defaults. Permissions can be set in INF files w/ SDDL, and since INFs are plain text anyone can edit them and if you can understand the SDDL syntax you can make it anything you want. | |
|
| |
norwegian_away
@net.au | Re: How did someone with a limited account install Antivirus XP
Thanks for the clarification
I was curious if it was related to the topic raised by psloss, the shortcuts being placed on other accounts, which is why I brought it up. Excuse my thinking if I was incorrect. | |
|
vcf1
join:2000-03-21
Duncansville, PA | Surfing I'm sure and believing what they see.
--
Dick | |
|
|
|
|
How did someone with a limited account install Antivirus XP
