> > This machine is a fully patched XP SP2 box, with
> the default security
> > settings for IE's Internet Zone. Does anybody know
> what method this crap
> > could be using to install without any user
> interaction?
It's a little hard to tell accurately without taking a
look at what you removed; ie, saying that you cleaned
things out of the Registry is great, but without
knowing what keys you "cleaned", it's hard to tell.
However, doing a quick search on Google for
"atpartners", some of the info I found points to
BHOs...
Sorry, wish I could help more, but I'd need more info...
=====
------------------------------------------
Harlan Carvey, CISSP
"Windows Forensics and Incident Recovery"
http://www.windows-ir.com
http://groups.yahoo.com/group/windowsir/
"Meddle not in the affairs of dragons, for
you are crunchy, and good with ketchup."
"The simplicity of this game amuses me.
Bring me your finest meats and cheeses."
------------------------------------------
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Received on Oct 03 2004
Intro
