Re: Ad-aware and spyware question ...

From: Kerry Brown (kerry_at_kdbNOSPAMsys-tems.c*a*m)
Date: 06/11/05


Date: Sat, 11 Jun 2005 12:17:30 -0700


"Malke" <invalid@not-real.com> wrote in message
news:OUv9koqbFHA.464@TK2MSFTNGP15.phx.gbl...
> Kerry Brown wrote:
>
>> "Mike Fields" <spam_me_not_mr.gadget2@comcast.net> wrote in message
>> news:eqUJAWpbFHA.1392@TK2MSFTNGP14.phx.gbl...
>>> Greetings -- I realize there are antivirus and spyware groups, but
>>> I often see people in this group recommending the typical ad-aware,
>>> spybot and an antivirus solution. I use ad-aware often, and in
>>> looking at their site this morning, I found a statement that raised a
>>> flag in my mind. I have been sort of working on the assumption that
>>> when you run it, it scans the whole machine (unless told otherwise),
>>> however, on their "plus" version, they have the comment that it
>>>
>>> [begin "improved features" quote]
>>> -- Now scans registry branches of multiple user accounts
>>> -- Scan registry for all users instead of current user only
>>> [end quote]
>>>
>>> The obvious (well to me anyway) implication is that without their
>>> "plus" version, you have to run it logged on as each user on your
>>> machine to make sure you get stuff. Is this just my way of reading
>>> their information, or have I been wandering along assuming that
>>> it was checking things when in reality it was only looking at my
>>> stuff ??
>>>
>>> mikey
>>>
>>>
>>
>> Computers with several user accounts can be very hard and tedious to
>> clean. You have to logon in safe mode as each user (including
>> administrator) in turn and scan with several antispyware and antivirus
>> applications. Then do it all again in normal mode. Sometimes you have
>> to repeat this process several times. Even that doesn't always work.
>> Sometimes when you logon as one user the other users will be
>> re-infected. When that happens you have to resort to manual registry
>> edits for each user and hunting down and killing the offending program
>> with BartPe or a Linux boot CD. No one said it was easy :-)
>>
>> Kerry
>
> Thanks for expanding on this, Kerry. The only thing I'd mention is that
> you usually don't have to log onto different accounts for the antivirus
> scans.
>
> Malke
> --
> Elephant Boy Computers
> www.elephantboycomputers.com
> "Don't Panic!"
> MS-MVP Windows - Shell/User

I've recently come across several java exploits that are caught by some of
the online antivirus scanners but not by any of the antispyware scanners.
They only seem to show up for each user when logged in as that user. I
usually just delete the java cache but using the control panel applet these
files didn't get deleted. I could only manually delete them from BartPe or
when logged in as a different user. I'm sure it was just a permissions issue
but I've been doing antivirus scans as each user since I ran across them. If
they show up I know I've got to boot into BartPe and manually delete the
java cache.

Kerry



Relevant Pages

  • Re: Ad-aware and spyware question ...
    ... Kerry Brown wrote: ... You have to logon in safe mode as each user (including ... > administrator) in turn and scan with several antispyware and antivirus ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Microsoft Office Problem
    ... Bluebird wrote: ... Kerry -- Thank You! ... firewall and antivirus will do nothing to stop a buffer overflow ... unless it is a known signature to the antivirus. ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: Microsoft Office Problem
    ... Kerry -- Thank You! ... security updates are about opening files with malicious intent. ... and antivirus will do nothing to stop a buffer overflow unless it is a known ... signature to the antivirus. ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: URGENT! Computer Name Change = No Admin Login
    ... Kerry ... > Windows may cause problems and should only be used as a last resort. ... > Another thing to try is to have the administrator use the Active Directory ... > Users and Computers snap in to add the new computer name to the ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: SBS 2003 GPO setting exclusion
    ... OK Kerry, I'll give it one last shot.. ... I've a feeling it's down to the permissions on the policy, ... group of computers in a very granular manner. ... If you really want to do this via GPO, don't set it up on computers at ...
    (microsoft.public.windows.server.sbs)