Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

RE: Spyware installs with no interaction in IE on fully patched XP SP2 box
From: "Todd Towles" <toddtowles () brookshires com>
Date: Mon, 4 Oct 2004 09:47:44 -0500

Aren't their still cross-scripting problems with IE still? Plus I think
the Drag and Drop exploit is still unpatched? Comments anyone?

-----Original Message-----
From: full-disclosure-admin () lists netsys com 
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of 
Harlan Carvey
Sent: Sunday, October 03, 2004 2:37 PM
To: full-disclosure () lists netsys com
Cc: Joel R. Helgeson; Geraldo Rivera
Subject: Re: [Full-disclosure] Spyware installs with no 
interaction in IE on fully patched XP SP2 box


This machine is a fully patched XP SP2 box, with
the default security
settings for IE's Internet Zone. Does anybody know
what method this crap
could be using to install without any user
interaction?

It's a little hard to tell accurately without taking a look 
at what you removed; ie, saying that you cleaned things out 
of the Registry is great, but without knowing what keys you 
"cleaned", it's hard to tell.

However, doing a quick search on Google for "atpartners", 
some of the info I found points to BHOs...

Sorry, wish I could help more, but I'd need more info...

=====
------------------------------------------
Harlan Carvey, CISSP
"Windows Forensics and Incident Recovery"
http://www.windows-ir.com
http://groups.yahoo.com/group/windowsir/

"Meddle not in the affairs of dragons, for you are crunchy, 
and good with ketchup."

"The simplicity of this game amuses me. 
Bring me your finest meats and cheeses."
------------------------------------------

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]