Ad-aware and spyware question ...

[Guest]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Greetings -- I realize there are antivirus and spyware groups, but
I often see people in this group recommending the typical ad-aware,
spybot and an antivirus solution. I use ad-aware often, and in
looking at their site this morning, I found a statement that raised a
flag in my mind. I have been sort of working on the assumption that
when you run it, it scans the whole machine (unless told otherwise),
however, on their "plus" version, they have the comment that it

[begin "improved features" quote]
-- Now scans registry branches of multiple user accounts
-- Scan registry for all users instead of current user only
[end quote]

The obvious (well to me anyway) implication is that without their
"plus" version, you have to run it logged on as each user on your
machine to make sure you get stuff. Is this just my way of reading
their information, or have I been wandering along assuming that
it was checking things when in reality it was only looking at my
stuff ??

mikey

 

[Malke]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Mike Fields wrote:

> Greetings -- I realize there are antivirus and spyware groups, but
> I often see people in this group recommending the typical ad-aware,
> spybot and an antivirus solution. I use ad-aware often, and in
> looking at their site this morning, I found a statement that raised a
> flag in my mind. I have been sort of working on the assumption that
> when you run it, it scans the whole machine (unless told otherwise),
> however, on their "plus" version, they have the comment that it
>
> [begin "improved features" quote]
> -- Now scans registry branches of multiple user accounts
> -- Scan registry for all users instead of current user only
> [end quote]
>
> The obvious (well to me anyway) implication is that without their
> "plus" version, you have to run it logged on as each user on your
> machine to make sure you get stuff. Is this just my way of reading
> their information, or have I been wandering along assuming that
> it was checking things when in reality it was only looking at my
> stuff ??
>
> mikey

No, you're correct that you were making a wrong assumption. I always log
on to each user on a system and run antispyware tools because there are
user-specific settings in each account. To do the clean-up job
properly, you need to go into every account.

Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User

 

[Guest]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

"Malke" <invalid@not-real.com> wrote in message
news:Ot4NOdpbFHA.2444@TK2MSFTNGP15.phx.gbl...
> Mike Fields wrote:
>
> > Greetings -- I realize there are antivirus and spyware groups, but
> > I often see people in this group recommending the typical ad-aware,
> > spybot and an antivirus solution. I use ad-aware often, and in
> > looking at their site this morning, I found a statement that raised a
> > flag in my mind. I have been sort of working on the assumption that
> > when you run it, it scans the whole machine (unless told otherwise),
> > however, on their "plus" version, they have the comment that it
> >
> > [begin "improved features" quote]
> > -- Now scans registry branches of multiple user accounts
> > -- Scan registry for all users instead of current user only
> > [end quote]
> >
> > The obvious (well to me anyway) implication is that without their
> > "plus" version, you have to run it logged on as each user on your
> > machine to make sure you get stuff. Is this just my way of reading
> > their information, or have I been wandering along assuming that
> > it was checking things when in reality it was only looking at my
> > stuff ??
> >
> > mikey
>
> No, you're correct that you were making a wrong assumption. I always log
> on to each user on a system and run antispyware tools because there are
> user-specific settings in each account. To do the clean-up job
> properly, you need to go into every account.
>
> Malke
> --
> Elephant Boy Computers

OK, thanks -- I think this is going to be a surprise to others also.
I had been seeing stuff "found" for all the accounts on the system in
the temp internet files etc and had been just assuming the registry
was also being scanned. "Ignorance is bliss" I guess !! So, how is
the best way to log onto the other accounts without changing their
passwords (I have full admin on these machines, no domain - just
a workgroup). I know how to use "runas" to change user for
a single thing to run, but not how to log on as someone else (like the
"su command in unix").

mikey

 

[Guest]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

"Mike Fields" <spam_me_not_mr.gadget2@comcast.net> wrote in message
news:eqUJAWpbFHA.1392@TK2MSFTNGP14.phx.gbl...
> Greetings -- I realize there are antivirus and spyware groups, but
> I often see people in this group recommending the typical ad-aware,
> spybot and an antivirus solution. I use ad-aware often, and in
> looking at their site this morning, I found a statement that raised a
> flag in my mind. I have been sort of working on the assumption that
> when you run it, it scans the whole machine (unless told otherwise),
> however, on their "plus" version, they have the comment that it
>
> [begin "improved features" quote]
> -- Now scans registry branches of multiple user accounts
> -- Scan registry for all users instead of current user only
> [end quote]
>
> The obvious (well to me anyway) implication is that without their
> "plus" version, you have to run it logged on as each user on your
> machine to make sure you get stuff. Is this just my way of reading
> their information, or have I been wandering along assuming that
> it was checking things when in reality it was only looking at my
> stuff ??
>
> mikey
>
>

Computers with several user accounts can be very hard and tedious to clean.
You have to logon in safe mode as each user (including administrator) in
turn and scan with several antispyware and antivirus applications. Then do
it all again in normal mode. Sometimes you have to repeat this process
several times. Even that doesn't always work. Sometimes when you logon as
one user the other users will be re-infected. When that happens you have to
resort to manual registry edits for each user and hunting down and killing
the offending program with BartPe or a Linux boot CD. No one said it was
easy

Kerry

 

[Malke]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Kerry Brown wrote:

> "Mike Fields" <spam_me_not_mr.gadget2@comcast.net> wrote in message
> news:eqUJAWpbFHA.1392@TK2MSFTNGP14.phx.gbl...
>> Greetings -- I realize there are antivirus and spyware groups, but
>> I often see people in this group recommending the typical ad-aware,
>> spybot and an antivirus solution. I use ad-aware often, and in
>> looking at their site this morning, I found a statement that raised a
>> flag in my mind. I have been sort of working on the assumption that
>> when you run it, it scans the whole machine (unless told otherwise),
>> however, on their "plus" version, they have the comment that it
>>
>> [begin "improved features" quote]
>> -- Now scans registry branches of multiple user accounts
>> -- Scan registry for all users instead of current user only
>> [end quote]
>>
>> The obvious (well to me anyway) implication is that without their
>> "plus" version, you have to run it logged on as each user on your
>> machine to make sure you get stuff. Is this just my way of reading
>> their information, or have I been wandering along assuming that
>> it was checking things when in reality it was only looking at my
>> stuff ??
>>
>> mikey
>>
>>
>
> Computers with several user accounts can be very hard and tedious to
> clean. You have to logon in safe mode as each user (including
> administrator) in turn and scan with several antispyware and antivirus
> applications. Then do it all again in normal mode. Sometimes you have
> to repeat this process several times. Even that doesn't always work.
> Sometimes when you logon as one user the other users will be
> re-infected. When that happens you have to resort to manual registry
> edits for each user and hunting down and killing the offending program
> with BartPe or a Linux boot CD. No one said it was easy
>
> Kerry

Thanks for expanding on this, Kerry. The only thing I'd mention is that
you usually don't have to log onto different accounts for the antivirus
scans.

Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User

 

[Guest]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

"Malke" <invalid@not-real.com> wrote in message
news:OUv9koqbFHA.464@TK2MSFTNGP15.phx.gbl...
> Kerry Brown wrote:
>
>> "Mike Fields" <spam_me_not_mr.gadget2@comcast.net> wrote in message
>> news:eqUJAWpbFHA.1392@TK2MSFTNGP14.phx.gbl...
>>> Greetings -- I realize there are antivirus and spyware groups, but
>>> I often see people in this group recommending the typical ad-aware,
>>> spybot and an antivirus solution. I use ad-aware often, and in
>>> looking at their site this morning, I found a statement that raised a
>>> flag in my mind. I have been sort of working on the assumption that
>>> when you run it, it scans the whole machine (unless told otherwise),
>>> however, on their "plus" version, they have the comment that it
>>>
>>> [begin "improved features" quote]
>>> -- Now scans registry branches of multiple user accounts
>>> -- Scan registry for all users instead of current user only
>>> [end quote]
>>>
>>> The obvious (well to me anyway) implication is that without their
>>> "plus" version, you have to run it logged on as each user on your
>>> machine to make sure you get stuff. Is this just my way of reading
>>> their information, or have I been wandering along assuming that
>>> it was checking things when in reality it was only looking at my
>>> stuff ??
>>>
>>> mikey
>>>
>>>
>>
>> Computers with several user accounts can be very hard and tedious to
>> clean. You have to logon in safe mode as each user (including
>> administrator) in turn and scan with several antispyware and antivirus
>> applications. Then do it all again in normal mode. Sometimes you have
>> to repeat this process several times. Even that doesn't always work.
>> Sometimes when you logon as one user the other users will be
>> re-infected. When that happens you have to resort to manual registry
>> edits for each user and hunting down and killing the offending program
>> with BartPe or a Linux boot CD. No one said it was easy
>>
>> Kerry
>
> Thanks for expanding on this, Kerry. The only thing I'd mention is that
> you usually don't have to log onto different accounts for the antivirus
> scans.
>
> Malke
> --
> Elephant Boy Computers
> www.elephantboycomputers.com
> "Don't Panic!"
> MS-MVP Windows - Shell/User

I've recently come across several java exploits that are caught by some of
the online antivirus scanners but not by any of the antispyware scanners.
They only seem to show up for each user when logged in as that user. I
usually just delete the java cache but using the control panel applet these
files didn't get deleted. I could only manually delete them from BartPe or
when logged in as a different user. I'm sure it was just a permissions issue
but I've been doing antivirus scans as each user since I ran across them. If
they show up I know I've got to boot into BartPe and manually delete the
java cache.

Kerry

 

[Guest]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

OK, I'll buy the need to be different users, HOWEVER, I still
have not figured out how to logon as "user2" without knowing
their password. Yes, I can change the password as an admin,
but I just want to be able to logon as them to make sure the
spywarefinder stuff can work without having to know their
password. I did a google for "xp logon different user" and found
others asking the same question, but no one seemed to have an
answer (other than you could run IE with runas to run under a
different user and comments that you could NOT do that with
Explorer). What is the incantation that I have missed somewhere??

mikey

"Kerry Brown" <kerry@kdbNOSPAMsys-tems.c*a*m> wrote in message
news:uzZj3orbFHA.3444@TK2MSFTNGP10.phx.gbl...
> "Malke" <invalid@not-real.com> wrote in message
> news:OUv9koqbFHA.464@TK2MSFTNGP15.phx.gbl...
> > Kerry Brown wrote:
> >
> >> "Mike Fields" <spam_me_not_mr.gadget2@comcast.net> wrote in message
> >> news:eqUJAWpbFHA.1392@TK2MSFTNGP14.phx.gbl...
> >>> Greetings -- I realize there are antivirus and spyware groups, but
> >>> I often see people in this group recommending the typical ad-aware,
> >>> spybot and an antivirus solution. I use ad-aware often, and in
> >>> looking at their site this morning, I found a statement that raised a
> >>> flag in my mind. I have been sort of working on the assumption that
> >>> when you run it, it scans the whole machine (unless told otherwise),
> >>> however, on their "plus" version, they have the comment that it
> >>>
> >>> [begin "improved features" quote]
> >>> -- Now scans registry branches of multiple user accounts
> >>> -- Scan registry for all users instead of current user only
> >>> [end quote]
> >>>
> >>> The obvious (well to me anyway) implication is that without their
> >>> "plus" version, you have to run it logged on as each user on your
> >>> machine to make sure you get stuff. Is this just my way of reading
> >>> their information, or have I been wandering along assuming that
> >>> it was checking things when in reality it was only looking at my
> >>> stuff ??
> >>>
> >>> mikey
> >>>
> >>>
> >>
> >> Computers with several user accounts can be very hard and tedious to
> >> clean. You have to logon in safe mode as each user (including
> >> administrator) in turn and scan with several antispyware and antivirus
> >> applications. Then do it all again in normal mode. Sometimes you have
> >> to repeat this process several times. Even that doesn't always work.
> >> Sometimes when you logon as one user the other users will be
> >> re-infected. When that happens you have to resort to manual registry
> >> edits for each user and hunting down and killing the offending program
> >> with BartPe or a Linux boot CD. No one said it was easy
> >>
> >> Kerry
> >
> > Thanks for expanding on this, Kerry. The only thing I'd mention is that
> > you usually don't have to log onto different accounts for the antivirus
> > scans.
> >
> > Malke
> > --
> > Elephant Boy Computers
> > www.elephantboycomputers.com
> > "Don't Panic!"
> > MS-MVP Windows - Shell/User
>
> I've recently come across several java exploits that are caught by some of
> the online antivirus scanners but not by any of the antispyware scanners.
> They only seem to show up for each user when logged in as that user. I
> usually just delete the java cache but using the control panel applet
these
> files didn't get deleted. I could only manually delete them from BartPe or
> when logged in as a different user. I'm sure it was just a permissions
issue
> but I've been doing antivirus scans as each user since I ran across them.
If
> they show up I know I've got to boot into BartPe and manually delete the
> java cache.
>
> Kerry
>
>

 

[Guest]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

"Mike Fields" <spam_me_not_mr.gadget2@comcast.net> wrote in message
news:%23vOdepsbFHA.3120@TK2MSFTNGP12.phx.gbl...
> OK, I'll buy the need to be different users, HOWEVER, I still
> have not figured out how to logon as "user2" without knowing
> their password. Yes, I can change the password as an admin,
> but I just want to be able to logon as them to make sure the
> spywarefinder stuff can work without having to know their
> password. I did a google for "xp logon different user" and found
> others asking the same question, but no one seemed to have an
> answer (other than you could run IE with runas to run under a
> different user and comments that you could NOT do that with
> Explorer). What is the incantation that I have missed somewhere??
>
> mikey
>

You either need to know their password or change it when logged in as
another user with administrator permissions. Be aware that if they have
encrypted files and you change the password via another user they may lose
those files forever. When you are working on a computer you need the
passwords for all of the users.

Kerry


> "Kerry Brown" <kerry@kdbNOSPAMsys-tems.c*a*m> wrote in message
> news:uzZj3orbFHA.3444@TK2MSFTNGP10.phx.gbl...
>> "Malke" <invalid@not-real.com> wrote in message
>> news:OUv9koqbFHA.464@TK2MSFTNGP15.phx.gbl...
>> > Kerry Brown wrote:
>> >
>> >> "Mike Fields" <spam_me_not_mr.gadget2@comcast.net> wrote in message
>> >> news:eqUJAWpbFHA.1392@TK2MSFTNGP14.phx.gbl...
>> >>> Greetings -- I realize there are antivirus and spyware groups, but
>> >>> I often see people in this group recommending the typical ad-aware,
>> >>> spybot and an antivirus solution. I use ad-aware often, and in
>> >>> looking at their site this morning, I found a statement that raised a
>> >>> flag in my mind. I have been sort of working on the assumption that
>> >>> when you run it, it scans the whole machine (unless told otherwise),
>> >>> however, on their "plus" version, they have the comment that it
>> >>>
>> >>> [begin "improved features" quote]
>> >>> -- Now scans registry branches of multiple user accounts
>> >>> -- Scan registry for all users instead of current user only
>> >>> [end quote]
>> >>>
>> >>> The obvious (well to me anyway) implication is that without their
>> >>> "plus" version, you have to run it logged on as each user on your
>> >>> machine to make sure you get stuff. Is this just my way of reading
>> >>> their information, or have I been wandering along assuming that
>> >>> it was checking things when in reality it was only looking at my
>> >>> stuff ??
>> >>>
>> >>> mikey
>> >>>
>> >>>
>> >>
>> >> Computers with several user accounts can be very hard and tedious to
>> >> clean. You have to logon in safe mode as each user (including
>> >> administrator) in turn and scan with several antispyware and antivirus
>> >> applications. Then do it all again in normal mode. Sometimes you have
>> >> to repeat this process several times. Even that doesn't always work.
>> >> Sometimes when you logon as one user the other users will be
>> >> re-infected. When that happens you have to resort to manual registry
>> >> edits for each user and hunting down and killing the offending program
>> >> with BartPe or a Linux boot CD. No one said it was easy
>> >>
>> >> Kerry
>> >
>> > Thanks for expanding on this, Kerry. The only thing I'd mention is that
>> > you usually don't have to log onto different accounts for the antivirus
>> > scans.
>> >
>> > Malke
>> > --
>> > Elephant Boy Computers
>> > www.elephantboycomputers.com
>> > "Don't Panic!"
>> > MS-MVP Windows - Shell/User
>>
>> I've recently come across several java exploits that are caught by some
>> of
>> the online antivirus scanners but not by any of the antispyware scanners.
>> They only seem to show up for each user when logged in as that user. I
>> usually just delete the java cache but using the control panel applet
> these
>> files didn't get deleted. I could only manually delete them from BartPe
>> or
>> when logged in as a different user. I'm sure it was just a permissions
> issue
>> but I've been doing antivirus scans as each user since I ran across them.
> If
>> they show up I know I've got to boot into BartPe and manually delete the
>> java cache.
>>
>> Kerry
>>
>>
>
>

 

[Guest]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

"Kerry Brown" <kerry@kdbNOSPAMsys-tems.c*a*m> wrote in message
news:e6sOqLtbFHA.2688@TK2MSFTNGP14.phx.gbl...
> "Mike Fields" <spam_me_not_mr.gadget2@comcast.net> wrote in message
> news:%23vOdepsbFHA.3120@TK2MSFTNGP12.phx.gbl...
> > OK, I'll buy the need to be different users, HOWEVER, I still
> > have not figured out how to logon as "user2" without knowing
> > their password. Yes, I can change the password as an admin,
> > but I just want to be able to logon as them to make sure the
> > spywarefinder stuff can work without having to know their
> > password. I did a google for "xp logon different user" and found
> > others asking the same question, but no one seemed to have an
> > answer (other than you could run IE with runas to run under a
> > different user and comments that you could NOT do that with
> > Explorer). What is the incantation that I have missed somewhere??
> >
> > mikey
> >
>
> You either need to know their password or change it when logged in as
> another user with administrator permissions. Be aware that if they have
> encrypted files and you change the password via another user they may lose
> those files forever. When you are working on a computer you need the
> passwords for all of the users.
>
> Kerry
>

Thanks Kerry -- I would assume another option for the "spyware scan"
would be to load each users hive using regedit ( using the method at
Doug Knox - http://www.dougknox.com/xp/tips/xp_adv_reg_editing.htm )
run the scan then unload the hive. As admin, I have access to the files
(none are encrypted), just trying to make sure that I scan all corners for
those handy little "mouse droppings" that get placed in the registry by
today's current crop of spyware. The whole intent here was to make sure
I scanned everywhere (once I found out Ad-aware only looked at the
current user !)

mikey

 

[Guest]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

"Mike Fields" <spam_me_not_mr.gadget2@comcast.net> wrote in message
news:O%23Im$wubFHA.2288@TK2MSFTNGP14.phx.gbl...
>
> "Kerry Brown" <kerry@kdbNOSPAMsys-tems.c*a*m> wrote in message
> news:e6sOqLtbFHA.2688@TK2MSFTNGP14.phx.gbl...
>> "Mike Fields" <spam_me_not_mr.gadget2@comcast.net> wrote in message
>> news:%23vOdepsbFHA.3120@TK2MSFTNGP12.phx.gbl...
>> > OK, I'll buy the need to be different users, HOWEVER, I still
>> > have not figured out how to logon as "user2" without knowing
>> > their password. Yes, I can change the password as an admin,
>> > but I just want to be able to logon as them to make sure the
>> > spywarefinder stuff can work without having to know their
>> > password. I did a google for "xp logon different user" and found
>> > others asking the same question, but no one seemed to have an
>> > answer (other than you could run IE with runas to run under a
>> > different user and comments that you could NOT do that with
>> > Explorer). What is the incantation that I have missed somewhere??
>> >
>> > mikey
>> >
>>
>> You either need to know their password or change it when logged in as
>> another user with administrator permissions. Be aware that if they have
>> encrypted files and you change the password via another user they may
>> lose
>> those files forever. When you are working on a computer you need the
>> passwords for all of the users.
>>
>> Kerry
>>
>
> Thanks Kerry -- I would assume another option for the "spyware scan"
> would be to load each users hive using regedit ( using the method at
> Doug Knox - http://www.dougknox.com/xp/tips/xp_adv_reg_editing.htm )
> run the scan then unload the hive. As admin, I have access to the files
> (none are encrypted), just trying to make sure that I scan all corners for
> those handy little "mouse droppings" that get placed in the registry by
> today's current crop of spyware. The whole intent here was to make sure
> I scanned everywhere (once I found out Ad-aware only looked at the
> current user !)
>
> mikey
>
>

Loading the hive in regedit you could manually search for malware entries
and delete them. I don't think it would help with antispyware software
scanning them.

Kerry

 

[Guest]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

"Kerry Brown" <kerry@kdbNOSPAMsys-tems.c*a*m> wrote in message
news:OvBUM3wbFHA.2936@tk2msftngp13.phx.gbl...
> "Mike Fields" <spam_me_not_mr.gadget2@comcast.net> wrote in message
> news:O%23Im$wubFHA.2288@TK2MSFTNGP14.phx.gbl...
> >
> > "Kerry Brown" <kerry@kdbNOSPAMsys-tems.c*a*m> wrote in message
> > news:e6sOqLtbFHA.2688@TK2MSFTNGP14.phx.gbl...
> >> "Mike Fields" <spam_me_not_mr.gadget2@comcast.net> wrote in message
> >> news:%23vOdepsbFHA.3120@TK2MSFTNGP12.phx.gbl...
> >> > OK, I'll buy the need to be different users, HOWEVER, I still
> >> > have not figured out how to logon as "user2" without knowing
> >> > their password. Yes, I can change the password as an admin,
> >> > but I just want to be able to logon as them to make sure the
> >> > spywarefinder stuff can work without having to know their
> >> > password. I did a google for "xp logon different user" and found
> >> > others asking the same question, but no one seemed to have an
> >> > answer (other than you could run IE with runas to run under a
> >> > different user and comments that you could NOT do that with
> >> > Explorer). What is the incantation that I have missed somewhere??
> >> >
> >> > mikey
> >> >
> >>
> >> You either need to know their password or change it when logged in as
> >> another user with administrator permissions. Be aware that if they have
> >> encrypted files and you change the password via another user they may
> >> lose
> >> those files forever. When you are working on a computer you need the
> >> passwords for all of the users.
> >>
> >> Kerry
> >>
> >
> > Thanks Kerry -- I would assume another option for the "spyware scan"
> > would be to load each users hive using regedit ( using the method at
> > Doug Knox - http://www.dougknox.com/xp/tips/xp_adv_reg_editing.htm )
> > run the scan then unload the hive. As admin, I have access to the files
> > (none are encrypted), just trying to make sure that I scan all corners
for
> > those handy little "mouse droppings" that get placed in the registry by
> > today's current crop of spyware. The whole intent here was to make sure
> > I scanned everywhere (once I found out Ad-aware only looked at the
> > current user !)
> >
> > mikey
>
> Loading the hive in regedit you could manually search for malware entries
> and delete them. I don't think it would help with antispyware software
> scanning them.
>
> Kerry
>

Thanks Kerry and Malke -- I will do some experimenting (after imaging
the drive !) and if I find anything interesting, I will post back so others
will know also.

mikey