Ad-aware and spyware question ...

[Mike Fields]

Greetings -- I realize there are antivirus and spyware groups, but
I often see people in this group recommending the typical ad-aware,
spybot and an antivirus solution. I use ad-aware often, and in
looking at their site this morning, I found a statement that raised a
flag in my mind. I have been sort of working on the assumption that
when you run it, it scans the whole machine (unless told otherwise),
however, on their "plus" version, they have the comment that it

[begin "improved features" quote]
-- Now scans registry branches of multiple user accounts
-- Scan registry for all users instead of current user only
[end quote]

The obvious (well to me anyway) implication is that without their
"plus" version, you have to run it logged on as each user on your
machine to make sure you get stuff. Is this just my way of reading
their information, or have I been wandering along assuming that
it was checking things when in reality it was only looking at my
stuff ??

mikey

 

[Malke]

Greetings -- I realize there are antivirus and spyware groups, but
I often see people in this group recommending the typical ad-aware,
spybot and an antivirus solution. I use ad-aware often, and in
looking at their site this morning, I found a statement that raised a
flag in my mind. I have been sort of working on the assumption that
when you run it, it scans the whole machine (unless told otherwise),
however, on their "plus" version, they have the comment that it

[begin "improved features" quote]
-- Now scans registry branches of multiple user accounts
-- Scan registry for all users instead of current user only
[end quote]

The obvious (well to me anyway) implication is that without their
"plus" version, you have to run it logged on as each user on your
machine to make sure you get stuff. Is this just my way of reading
their information, or have I been wandering along assuming that
it was checking things when in reality it was only looking at my
stuff ??

mikey

No, you're correct that you were making a wrong assumption. I always log
on to each user on a system and run antispyware tools because there are
user-specific settings in each account. To do the clean-up job
properly, you need to go into every account.

Malke

 

[Mike Fields]

Greetings -- I realize there are antivirus and spyware groups, but
I often see people in this group recommending the typical ad-aware,
spybot and an antivirus solution. I use ad-aware often, and in
looking at their site this morning, I found a statement that raised a
flag in my mind. I have been sort of working on the assumption that
when you run it, it scans the whole machine (unless told otherwise),
however, on their "plus" version, they have the comment that it

[begin "improved features" quote]
-- Now scans registry branches of multiple user accounts
-- Scan registry for all users instead of current user only
[end quote]

The obvious (well to me anyway) implication is that without their
"plus" version, you have to run it logged on as each user on your
machine to make sure you get stuff. Is this just my way of reading
their information, or have I been wandering along assuming that
it was checking things when in reality it was only looking at my
stuff ??

mikey

No, you're correct that you were making a wrong assumption. I always log
on to each user on a system and run antispyware tools because there are
user-specific settings in each account. To do the clean-up job
properly, you need to go into every account.

Malke

OK, thanks -- I think this is going to be a surprise to others also.
I had been seeing stuff "found" for all the accounts on the system in
the temp internet files etc and had been just assuming the registry
was also being scanned. "Ignorance is bliss" I guess !! So, how is
the best way to log onto the other accounts without changing their
passwords (I have full admin on these machines, no domain - just
a workgroup). I know how to use "runas" to change user for
a single thing to run, but not how to log on as someone else (like the
"su command in unix").

mikey

 

[Kerry Brown]

Greetings -- I realize there are antivirus and spyware groups, but
I often see people in this group recommending the typical ad-aware,
spybot and an antivirus solution. I use ad-aware often, and in
looking at their site this morning, I found a statement that raised a
flag in my mind. I have been sort of working on the assumption that
when you run it, it scans the whole machine (unless told otherwise),
however, on their "plus" version, they have the comment that it

[begin "improved features" quote]
-- Now scans registry branches of multiple user accounts
-- Scan registry for all users instead of current user only
[end quote]

The obvious (well to me anyway) implication is that without their
"plus" version, you have to run it logged on as each user on your
machine to make sure you get stuff. Is this just my way of reading
their information, or have I been wandering along assuming that
it was checking things when in reality it was only looking at my
stuff ??

mikey

Computers with several user accounts can be very hard and tedious to clean.
You have to logon in safe mode as each user (including administrator) in
turn and scan with several antispyware and antivirus applications. Then do
it all again in normal mode. Sometimes you have to repeat this process
several times. Even that doesn't always work. Sometimes when you logon as
one user the other users will be re-infected. When that happens you have to
resort to manual registry edits for each user and hunting down and killing
the offending program with BartPe or a Linux boot CD. No one said it was
easy

Kerry

 

[Malke]

Greetings -- I realize there are antivirus and spyware groups, but
I often see people in this group recommending the typical ad-aware,
spybot and an antivirus solution. I use ad-aware often, and in
looking at their site this morning, I found a statement that raised a
flag in my mind. I have been sort of working on the assumption that
when you run it, it scans the whole machine (unless told otherwise),
however, on their "plus" version, they have the comment that it

[begin "improved features" quote]
-- Now scans registry branches of multiple user accounts
-- Scan registry for all users instead of current user only
[end quote]

The obvious (well to me anyway) implication is that without their
"plus" version, you have to run it logged on as each user on your
machine to make sure you get stuff. Is this just my way of reading
their information, or have I been wandering along assuming that
it was checking things when in reality it was only looking at my
stuff ??

mikey

Computers with several user accounts can be very hard and tedious to
clean. You have to logon in safe mode as each user (including
administrator) in turn and scan with several antispyware and antivirus
applications. Then do it all again in normal mode. Sometimes you have
to repeat this process several times. Even that doesn't always work.
Sometimes when you logon as one user the other users will be
re-infected. When that happens you have to resort to manual registry
edits for each user and hunting down and killing the offending program
with BartPe or a Linux boot CD. No one said it was easy

Kerry

Thanks for expanding on this, Kerry. The only thing I'd mention is that
you usually don't have to log onto different accounts for the antivirus
scans.

Malke

 

[Kerry Brown]

Greetings -- I realize there are antivirus and spyware groups, but
I often see people in this group recommending the typical ad-aware,
spybot and an antivirus solution. I use ad-aware often, and in
looking at their site this morning, I found a statement that raised a
flag in my mind. I have been sort of working on the assumption that
when you run it, it scans the whole machine (unless told otherwise),
however, on their "plus" version, they have the comment that it

[begin "improved features" quote]
-- Now scans registry branches of multiple user accounts
-- Scan registry for all users instead of current user only
[end quote]

The obvious (well to me anyway) implication is that without their
"plus" version, you have to run it logged on as each user on your
machine to make sure you get stuff. Is this just my way of reading
their information, or have I been wandering along assuming that
it was checking things when in reality it was only looking at my
stuff ??

mikey

Computers with several user accounts can be very hard and tedious to
clean. You have to logon in safe mode as each user (including
administrator) in turn and scan with several antispyware and antivirus
applications. Then do it all again in normal mode. Sometimes you have
to repeat this process several times. Even that doesn't always work.
Sometimes when you logon as one user the other users will be
re-infected. When that happens you have to resort to manual registry
edits for each user and hunting down and killing the offending program
with BartPe or a Linux boot CD. No one said it was easy

Kerry

Thanks for expanding on this, Kerry. The only thing I'd mention is that
you usually don't have to log onto different accounts for the antivirus
scans.

Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User

I've recently come across several java exploits that are caught by some of
the online antivirus scanners but not by any of the antispyware scanners.
They only seem to show up for each user when logged in as that user. I
usually just delete the java cache but using the control panel applet these
files didn't get deleted. I could only manually delete them from BartPe or
when logged in as a different user. I'm sure it was just a permissions issue
but I've been doing antivirus scans as each user since I ran across them. If
they show up I know I've got to boot into BartPe and manually delete the
java cache.

Kerry

 

[Mike Fields]

OK, I'll buy the need to be different users, HOWEVER, I still
have not figured out how to logon as "user2" without knowing
their password. Yes, I can change the password as an admin,
but I just want to be able to logon as them to make sure the
spywarefinder stuff can work without having to know their
password. I did a google for "xp logon different user" and found
others asking the same question, but no one seemed to have an
answer (other than you could run IE with runas to run under a
different user and comments that you could NOT do that with
Explorer). What is the incantation that I have missed somewhere??

mikey

Greetings -- I realize there are antivirus and spyware groups, but
I often see people in this group recommending the typical ad-aware,
spybot and an antivirus solution. I use ad-aware often, and in
looking at their site this morning, I found a statement that raised a
flag in my mind. I have been sort of working on the assumption that
when you run it, it scans the whole machine (unless told otherwise),
however, on their "plus" version, they have the comment that it

[begin "improved features" quote]
-- Now scans registry branches of multiple user accounts
-- Scan registry for all users instead of current user only
[end quote]

The obvious (well to me anyway) implication is that without their
"plus" version, you have to run it logged on as each user on your
machine to make sure you get stuff. Is this just my way of reading
their information, or have I been wandering along assuming that
it was checking things when in reality it was only looking at my
stuff ??

mikey



Computers with several user accounts can be very hard and tedious to
clean. You have to logon in safe mode as each user (including
administrator) in turn and scan with several antispyware and antivirus
applications. Then do it all again in normal mode. Sometimes you have
to repeat this process several times. Even that doesn't always work.
Sometimes when you logon as one user the other users will be
re-infected. When that happens you have to resort to manual registry
edits for each user and hunting down and killing the offending program
with BartPe or a Linux boot CD. No one said it was easy

Kerry

Thanks for expanding on this, Kerry. The only thing I'd mention is that
you usually don't have to log onto different accounts for the antivirus
scans.

Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User

I've recently come across several java exploits that are caught by some of
the online antivirus scanners but not by any of the antispyware scanners.
They only seem to show up for each user when logged in as that user. I
usually just delete the java cache but using the control panel applet these
files didn't get deleted. I could only manually delete them from BartPe or
when logged in as a different user. I'm sure it was just a permissions issue
but I've been doing antivirus scans as each user since I ran across them. If
they show up I know I've got to boot into BartPe and manually delete the
java cache.

Kerry

 

[Kerry Brown]

OK, I'll buy the need to be different users, HOWEVER, I still
have not figured out how to logon as "user2" without knowing
their password. Yes, I can change the password as an admin,
but I just want to be able to logon as them to make sure the
spywarefinder stuff can work without having to know their
password. I did a google for "xp logon different user" and found
others asking the same question, but no one seemed to have an
answer (other than you could run IE with runas to run under a
different user and comments that you could NOT do that with
Explorer). What is the incantation that I have missed somewhere??

mikey

You either need to know their password or change it when logged in as
another user with administrator permissions. Be aware that if they have
encrypted files and you change the password via another user they may lose
those files forever. When you are working on a computer you need the
passwords for all of the users.

Kerry

Kerry Brown wrote:

Greetings -- I realize there are antivirus and spyware groups, but
I often see people in this group recommending the typical ad-aware,
spybot and an antivirus solution. I use ad-aware often, and in
looking at their site this morning, I found a statement that raised a
flag in my mind. I have been sort of working on the assumption that
when you run it, it scans the whole machine (unless told otherwise),
however, on their "plus" version, they have the comment that it

[begin "improved features" quote]
-- Now scans registry branches of multiple user accounts
-- Scan registry for all users instead of current user only
[end quote]

The obvious (well to me anyway) implication is that without their
"plus" version, you have to run it logged on as each user on your
machine to make sure you get stuff. Is this just my way of reading
their information, or have I been wandering along assuming that
it was checking things when in reality it was only looking at my
stuff ??

mikey



Computers with several user accounts can be very hard and tedious to
clean. You have to logon in safe mode as each user (including
administrator) in turn and scan with several antispyware and antivirus
applications. Then do it all again in normal mode. Sometimes you have
to repeat this process several times. Even that doesn't always work.
Sometimes when you logon as one user the other users will be
re-infected. When that happens you have to resort to manual registry
edits for each user and hunting down and killing the offending program
with BartPe or a Linux boot CD. No one said it was easy

Kerry

Thanks for expanding on this, Kerry. The only thing I'd mention is that
you usually don't have to log onto different accounts for the antivirus
scans.

Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User

I've recently come across several java exploits that are caught by some
of
the online antivirus scanners but not by any of the antispyware scanners.
They only seem to show up for each user when logged in as that user. I
usually just delete the java cache but using the control panel applet these
files didn't get deleted. I could only manually delete them from BartPe
or
when logged in as a different user. I'm sure it was just a permissions issue
but I've been doing antivirus scans as each user since I ran across them. If
they show up I know I've got to boot into BartPe and manually delete the
java cache.

Kerry

 

[Mike Fields]

You either need to know their password or change it when logged in as
another user with administrator permissions. Be aware that if they have
encrypted files and you change the password via another user they may lose
those files forever. When you are working on a computer you need the
passwords for all of the users.

Kerry

Thanks Kerry -- I would assume another option for the "spyware scan"
would be to load each users hive using regedit ( using the method at
Doug Knox - http://www.dougknox.com/xp/tips/xp_adv_reg_editing.htm )
run the scan then unload the hive. As admin, I have access to the files
(none are encrypted), just trying to make sure that I scan all corners for
those handy little "mouse droppings" that get placed in the registry by
today's current crop of spyware. The whole intent here was to make sure
I scanned everywhere (once I found out Ad-aware only looked at the
current user !)

mikey

 

[Kerry Brown]

Thanks Kerry -- I would assume another option for the "spyware scan"
would be to load each users hive using regedit ( using the method at
Doug Knox - http://www.dougknox.com/xp/tips/xp_adv_reg_editing.htm )
run the scan then unload the hive. As admin, I have access to the files
(none are encrypted), just trying to make sure that I scan all corners for
those handy little "mouse droppings" that get placed in the registry by
today's current crop of spyware. The whole intent here was to make sure
I scanned everywhere (once I found out Ad-aware only looked at the
current user !)

mikey

Loading the hive in regedit you could manually search for malware entries
and delete them. I don't think it would help with antispyware software
scanning them.

Kerry

 

[Mike Fields]

Loading the hive in regedit you could manually search for malware entries
and delete them. I don't think it would help with antispyware software
scanning them.

Kerry

Thanks Kerry and Malke -- I will do some experimenting (after imaging
the drive !) and if I find anything interesting, I will post back so others
will know also.

mikey