April 28th, 2004, 04:03 PM
Spyware spreading through profiles
This is my first post so please bear with me.
I was wondering if anyone has tips on keeping spyware from spreading from pc to pc via user profiles in a domain enviroment? So far I haven't seen much info around specifically addressing that. I use Spybot S & D and Adaware on my workstation and that tends to catch most everything that slips by me. The problem is, whenever certain people log into my PC (my boss being the worst of them all), I have to spend a half hour or so trying to remove the 50 peices of spyware they infect my computer with.
I am thinking their may be some group policy settings that would help. Any pointers on where to further research this would be appreciated. Thanks!
April 28th, 2004, 04:07 PM
It's spreading from pc to pc because the profiles spread from pc to pc (you're probably using roaming profiles, right?). Clean out all profiles and remove any that aren't in use at that time.
(Not sure but there used to be a tool called delprof.exe that'll let you remove cached profiles)
Probably the easiest to do this is after work when everyone is gone.
Make sure everyone is logged out. Remove all cached profiles on all workstations. Then run a cleaning tool on the server that stores the profiles. That should take care of it.
Experience is something you don't get until just after you need it.
April 28th, 2004, 05:34 PM
Thanks. I did actually try scanning the profiles directory on the server with spysweeper. It did detect a few things. However, I don't think its going to help when it comes to registry to spyware in registry keys in the profiles. It seems that the user would actually have to be logged in so that their registry keys are active and able to be scanned. It is looking like maybe a manditory profile would be the only way to really stop things like that from spreading...