• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 325
  • Last Modified:

Infected by a Trojan plus CoolWebSearch

I am using Opera and I got infected by a Trojan and a Malware called CoolWebSearch..I am running as a Restricted User on Win2000 and even though i am..my username folder is where all these malware have gone under Documents/Settings/Myusername...

Is it possible to protect these folders in the Security tab as ADMIN > FULL CONTROL and myusername folder as READ ONLY so no malware or trojan can write to it?

When running as a Restricted user, whats the best way to protect the myusername folder under the Documents and Settings folder?
0
slajoh01
Asked:
slajoh01
3 Solutions
 
r-kCommented:
I would think in general it is a bad idea to make folders within c:\documents and settings\..  "read only". A large number of applications want to write into that folder on a routine basis. Preventing that would probably make your PC a lot less useful.

There are general tips here:

 http://www.winability.com/folderguard/users-guide_what-to-protect.htm
0
 
masnrockCommented:
You definitely wouldn't want to do that. Saving files in easy to remember places would suddenly become a pain. Plus you wouldn't be able to do bookmarks, many of your settings couldn't get saved.... see where this is going already?

Was Opera using the IE rendering engine at the time of infection? Try using Firefox or not using the IE engine at all with Opera.

You could try software like Spybot S&D (I use it myself)... it has a component called TeaTimer to try acting proactively. There is also a component that blocks known spyware sites. Here's a link to info on TeaTimer: http://www.safer-networking.org/en/faq/33.html
0
 
gidds99Commented:
I would agree with the above and would suggest using realtime protection for spyware and viri in order that any known malware can be picked up before it can cause any harm.
0
 
greyknight17Commented:
Do you still have CoolWebSearch on this computer? If so, see if the below can remove it:

Download CWShredder at http://www.intermute.com/spysubtract/cwshredder_download.html and run it. Click on 'I Agree' button if you agree. Click on 'Fix' (it will automatically fix anything it finds for you) and then click OK. If it asks if you want to delete a certain random file, choose No and post that filename here. Let it finish the scan and then hit Next and Exit.

Download AboutBuster http://www.bleepingcomputer.com/files/aboutbuster.php and unzip the files to a folder on your Desktop. Don't run it yet.

Boot into Safe Mode...

Run AboutBuster and click Begin Removal. It will then give you a prompt asking to shut down Internet Explorer if opened. Click Yes. Once the scan is done, just hit the OK button. Click Exit once you are done. Click the OK button and it should exit.

Boot back to Normal Mode.

Run AboutBuster and click Begin Removal. It will then give you a prompt asking to shut down Internet Explorer if opened. Click Yes. Once the scan is done, just hit the OK button. Click Exit once you are done. Click the OK button and it should exit. Open up the 'Ab LogFile.txt' (which was created in the same folder as AboutBuster) and post the log here.

I recommend using anti-spyware programs to help prevent these infections...it's a must these days since spyware is spreading more wildly than viruses.

To help prevent future spyware infections, read the [url=http://www.greyknight17.com/spyware.php#prevent]Anti-Spyware Tutorial[/url] and use the tools provided.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now