[pchelpers] Re: user accounts and malware removal

Hi Scott

> EGlnl> If malware leaves behind any exe or other executable files in
> EGlnl> the temp folders or elsewhere, i would think the antimalware
> EGlnl> programs should be able to find and delete them so that there
> EGlnl> hardly seems a need to make normal users go looking for hidden
> EGlnl> temp folders. In fact, i can't understand why the programs
> EGlnl> don't find malware or viable malware components that are
> EGlnl> disguised in tmp files. In any case, it's a complete mystery to
> EGlnl> me how tmp files can be used to resurrect malware
> EGlnl> automatically.
> 
> Clearly, SOMETHING is wrong, else you woudn't need to run under each
> user.

Well, actually no, or rather yes. The problem is not with the computer i 
was cleaning but with a large part of the security program industry. 
Even worse, even many of the independent experts didn't know about the 
multiple user account problem.

I thought i had been very naive because i'd been helping many people for 
several years with infested computers and didn't know that many 
antimalware programs need to be rerun on each user account, but i was a 
bit relieved that this quite unbelievable shortcoming in many 
antimalware programs is or at least was unknown to many real gurus who 
previously helped hundreds of people. I cannot imagine how it is 
possible that these gurus didn't notice the need to advise users to 
rerun the cleanup programs on each user account. The fact that the 
programs' vendors don't know this either or at least don't include it in 
their manuals (or make the program remind the user after a scan to 
repeat it on the other accounts!) is almost as unbelievable, despite all 
the greed involved in the development and sale of commercial cleanup 
programs. I'm very interested whether this is also a problem in the 
altruistic program Spybot.

So now i don't feel so bad that i didn't help some people adequately 
here on PChelpers. Now we know why some members of this email list had 
problems with trojans and other malware coming back despite cleaning 
their computers with several cleanup programs. I don't remember anyone 
ever recommending rerunning the cleanup programs on other accounts, but 
maybe somebody did advise that very rarely.


Here is some very interesting info i found on this problem:

http://spywarewarrior.com/viewtopic.php?t=5722

http://www.msusenet.com/t-1870900957.html

http://forums.spywareinfo.com/lofiversion/index.php/t48048.html

http://castlecops.com/t107505-Run_Antispyware_as_the_System_account.html
This sounds great, but it doesn't work on my computer (XP Home); maybe 
it's only for XP Pro?

http://castlecops.com/postx25850-0-0.html

This sounds too good to be true:
http://www.greenborder.com/
It was recommended on the following reputable site without any 
contradiction:
http://forums.spywareinfo.com/lofiversion/index.php/t48048.html
Has anyone heard anything about this?


> EGlnl> Thanks! If you sold this code to several vendors -- and your
> EGlnl> suggested additional code for antivirus programs that enables
> EGlnl> them to clean out System Restore -- you could get a lot of
> EGlnl> money!
> 
> If the programmers working for those vendors can't figure out how to
> get into the System Restore folder and the registry entries of other
> users, then they have a serious problem... :)

And you have a golden opportunity.

Ekhart





-- 
-------list-services-below-----------
Regards, John Durham (list moderator) <http://modecideas.com/contact.html?sig>
Freelists login at http://www.freelists.org/cgi-bin/lsg2.cgi
List archives at http://www.freelists.org/archives/pchelpers
PC-HELPERS list subscribe/unsub at http://modecideas.com/discuss.htm?sig
Latest news live feeds at http://modecideas.com/indexhomenews.htm?sig
Good advice is like good paint- it only works if applied.

Other related posts: