Warm despite limited users?

[Skywalker Senior]

I use limited users on my XP computer (with strong password), the Admin
user has a strong password too but, despite this, I've found a Warm
acting in my system, lounching an exe file from my temp folder.
My antivirus (Kaspersky) founded it only after a couple of days I've
noticed the first problems.
Now it seems to be all clear but I wonder "How it is possible" with a
user who cannot install anything on the system and cannot edit the
registry?

 

[JJ]

I use limited users on my XP computer (with strong password), the Admin
user has a strong password too but, despite this, I've found a Warm
acting in my system, lounching an exe file from my temp folder.
My antivirus (Kaspersky) founded it only after a couple of days I've
noticed the first problems.
Now it seems to be all clear but I wonder "How it is possible" with a
user who cannot install anything on the system and cannot edit the
registry?

As long as a user has create, write and execute rights. Any programs can be
created/copied then executed. And one of those programs can be a virus or
the like.

 

[Paul in Houston TX]

I use limited users on my XP computer (with strong password), the Admin
user has a strong password too but, despite this, I've found a Warm
acting in my system, lounching an exe file from my temp folder.
My antivirus (Kaspersky) founded it only after a couple of days I've
noticed the first problems.
Now it seems to be all clear but I wonder "How it is possible" with a
user who cannot install anything on the system and cannot edit the
registry?

It sounds like someone using your computer downloaded something
they should not have and gave the executable permission to run.
Tell them not to click on every pop up that pops up.

 

[Char Jackson]

It sounds like someone using your computer downloaded something
they should not have and gave the executable permission to run.
Tell them not to click on every pop up that pops up.

Quite a few years ago I ran across a humorous list of things that WILL
be clicked on, thus ensuring the constant spread of malware. The only
thing I remember from the list was "See <insert name of female
celebrity> naked!". I wish I could remember the rest.

 

[Skywalker Senior]

Sembra che David H. Lipman abbia detto :

Warm ?

You mean worm and Kaspersky found it.

Yes, kind of typo... sorry!

What worm was it that was found?

Unfortunately I was not the administrator of the antivirus system and
I've a limited view on it. I only know that the quarantined exe file
was named "opera.exe"

 

[Skywalker Senior]

JJ ha usato la sua tastiera per scrivere :

As long as a user has create, write and execute rights. Any programs can be
created/copied then executed. And one of those programs can be a virus or
the like.

OK, but how can this program make changes to the system to let itself
autostart? Theere was nothing in the "autostart" menu, so it had to be
launched by some registry key

 

[Skywalker Senior]

David H. Lipman ha detto questo venerdì :

Any file can be named anything and as such a file name doesn't help.

You don't have to be an administrator to view a Anti Virus log.

Generically...

My administrators have already deleted dei file in quarantine and they
periodically clean the registry of all the antivirus client (I don't
know if they save it somewhere)

Under the conditions of a Limited User Account (LUA) any malware can
read/write to areas of the user's profile and the user's Hive of the Registry
(HKCU) as the user as full rights to those areas.

Understand, thank's