Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Spyware installs with no interaction in IE on fully patched XP SP2 box

From: Harlan Carvey <keydet89 () yahoo com>
Date: Sun, 3 Oct 2004 12:36:38 -0700 (PDT)


This machine is a fully patched XP SP2 box, with

the default security 

settings for IE's Internet Zone. Does anybody know

what method this crap 

could be using to install without any user

interaction?


It's a little hard to tell accurately without taking a
look at what you removed; ie, saying that you cleaned
things out of the Registry is great, but without
knowing what keys you "cleaned", it's hard to tell.

However, doing a quick search on Google for
"atpartners", some of the info I found points to
BHOs...

Sorry, wish I could help more, but I'd need more info...

=====
------------------------------------------
Harlan Carvey, CISSP
"Windows Forensics and Incident Recovery"
http://www.windows-ir.com
http://groups.yahoo.com/group/windowsir/

"Meddle not in the affairs of dragons, for
you are crunchy, and good with ketchup."

"The simplicity of this game amuses me. 
Bring me your finest meats and cheeses."
------------------------------------------

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: