Re: [Full-Disclosure] Spyware installs with no interaction in IE on fully patched XP SP2 box

[Harlan Carvey <keydet89@xxxxxxxxx>]

> > This machine is a fully patched XP SP2 box, with
> the default security 
> > settings for IE's Internet Zone. Does anybody know
> what method this crap 
> > could be using to install without any user
> interaction?

It's a little hard to tell accurately without taking a
look at what you removed; ie, saying that you cleaned
things out of the Registry is great, but without
knowing what keys you "cleaned", it's hard to tell.

However, doing a quick search on Google for
"atpartners", some of the info I found points to
BHOs...

Sorry, wish I could help more, but I'd need more info...

=====
------------------------------------------
Harlan Carvey, CISSP
"Windows Forensics and Incident Recovery"
http://www.windows-ir.com
http://groups.yahoo.com/group/windowsir/

"Meddle not in the affairs of dragons, for
you are crunchy, and good with ketchup."

"The simplicity of this game amuses me. 
Bring me your finest meats and cheeses."
------------------------------------------

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html