|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Full-Disclosure] Spyware installs with no interaction in IE on fully patched XP SP2 box
From: Harlan Carvey (keydet89
yahoo.com)
Date: Sun Oct 03 2004 - 14:36:38 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> > This machine is a fully patched XP SP2 box, with
> the default security
> > settings for IE's Internet Zone. Does anybody know
> what method this crap
> > could be using to install without any user
> interaction?
It's a little hard to tell accurately without taking a
look at what you removed; ie, saying that you cleaned
things out of the Registry is great, but without
knowing what keys you "cleaned", it's hard to tell.
However, doing a quick search on Google for
"atpartners", some of the info I found points to
BHOs...
Sorry, wish I could help more, but I'd need more info...
=====
------------------------------------------
Harlan Carvey, CISSP
"Windows Forensics and Incident Recovery"
http://www.windows-ir.com
http://groups.yahoo.com/group/windowsir/
"Meddle not in the affairs of dragons, for
you are crunchy, and good with ketchup."
"The simplicity of this game amuses me.
Bring me your finest meats and cheeses."
------------------------------------------
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]