TeMerc Internet Countermeasures

Adware, malware, spyware and hijacker information

[Gain Knowledge]  [Install Prevention]  [Maintain Security]  [Seek Assistance]

  

Home About Our Forums Enter Forums About My Site Newbie Reading How'd I Get Infected? Rules Of Protection Infection Symptoms Infection Help
Security Musts AV-Firewall Protection Countermeasures Apps XP Acct. Protection Security Scans Browser Scans Email & Ecurity OE 6 Security Vendor Forums
Forums I Visit Excellent Websites Win XP Links Hero's In The Fight Zero's Tips\Misc. Info Techionary Tutorial Links Email Us

Buy Security Software Via TeMerc Internet Countermeasures

Malware Advisor Blog

XP Account Protection As Per The Following Security Apps

The following is what we currently know about the overall protection which is offered on each user account set up on WIN XP machines, with the following security programs. Please note this will change from time to time as we get more info regarding more apps.
  Ad-Aware 2007  
Scans all users. Recently updated.

    SpywareGuard 
IE protection is global....restricted sites protection is not.
Set up globally but it's startup is not...open the program> options> save settings (all need to be checked green)

  SpywareBlaster v3.5.1
Active X kill bits are global, the cookie protection is per user. Recently updated, Details here.

 Spybot Search & Destroy v1.5
Now scans entire system, all users, except for cookies, and Temporary Internet Files.
Immunize protection and bad download blocker are not global....need to enable the protection on each user. Recently updated, Details here.

Scotty Icon  WinPatrol 2007 v12.2.2007 
Global protection. Recently updated.


IE-SPYAD II  
Now installs to protect all user accounts
IESPY AD still available for other Windows OS's.

  MVPS Hosts File
Installed globally
 

Installing virus protection is global <--not sure about user specific settings (such as what all protection fields are enabled/disabled)

Firewall install is also global.

Disabling system restore is global.

  HijackThis! 1.99.1

What we have found in the logs that usually need cleaning from each user with: (missing some because all HJT fields not documented as yet)
***WARNING-DO NOT ATTEMPT TO REMOVE ITEMS WITH HJT UNLESS YOU ARE TRAINED TO DO SO, THE WRONG STEP CAN RENDER YOUR MACHINE DISABLED***

R0, R1, R2, R3-Internet Explorer Start/Search pages URLs

04- HKLM, HKCU -Auto loading programs from Registry

08- Extra items in IE right

09-Extra Button

013- IE Default Prefix hijack

014-'Reset Web Settings' hijack

These are found to have a global affect...affects all users.
01-Hosts
04- Global startup
016- DPF(Downloaded Program Files)
O23-Services

It is also important to clean temporary files up from each individual user.
c:\docs and settings\user\*local settings\temp, and temp internet file.
* = hidden file..so they will have to show hidden files and folders

Related Links

HijackThis Categories Lists:

09-IE Buttons 

018-Extra protocols and protocol hijackers 

020-AppInit_DLLs and Winlogon Notify 

HijackThis! Tutorial 

Latest Malware Threats
 

 021-ShellServiceObjectDelayLoad

O22- Shared Task Scheduler 

O23- List of Windows XP/NT services 

CCleaner For Temp Files\Folders 

Index.dat Suite For Temp Files\Folders