Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Spyware installs with no interaction in IE on fully patched XP SP2 box
From: Harlan Carvey <keydet89 () yahoo com>
Date: Sun, 3 Oct 2004 12:36:38 -0700 (PDT)


This machine is a fully patched XP SP2 box, with
the default security 
settings for IE's Internet Zone. Does anybody know
what method this crap 
could be using to install without any user
interaction?

It's a little hard to tell accurately without taking a
look at what you removed; ie, saying that you cleaned
things out of the Registry is great, but without
knowing what keys you "cleaned", it's hard to tell.

However, doing a quick search on Google for
"atpartners", some of the info I found points to
BHOs...

Sorry, wish I could help more, but I'd need more info...

=====
------------------------------------------
Harlan Carvey, CISSP
"Windows Forensics and Incident Recovery"
http://www.windows-ir.com
http://groups.yahoo.com/group/windowsir/

"Meddle not in the affairs of dragons, for
you are crunchy, and good with ketchup."

"The simplicity of this game amuses me. 
Bring me your finest meats and cheeses."
------------------------------------------

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault