Infected by a Trojan plus CoolWebSearch

I am using Opera and I got infected by a Trojan and a Malware called CoolWebSearch..I am running as a Restricted User on Win2000 and even though i am..my username folder is where all these malware have gone under Documents/Settings/Myusername...

Is it possible to protect these folders in the Security tab as ADMIN > FULL CONTROL and myusername folder as READ ONLY so no malware or trojan can write to it?

When running as a Restricted user, whats the best way to protect the myusername folder under the Documents and Settings folder?
slajoh01Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

r-kCommented:
I would think in general it is a bad idea to make folders within c:\documents and settings\..  "read only". A large number of applications want to write into that folder on a routine basis. Preventing that would probably make your PC a lot less useful.

There are general tips here:

 http://www.winability.com/folderguard/users-guide_what-to-protect.htm
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
masnrockCommented:
You definitely wouldn't want to do that. Saving files in easy to remember places would suddenly become a pain. Plus you wouldn't be able to do bookmarks, many of your settings couldn't get saved.... see where this is going already?

Was Opera using the IE rendering engine at the time of infection? Try using Firefox or not using the IE engine at all with Opera.

You could try software like Spybot S&D (I use it myself)... it has a component called TeaTimer to try acting proactively. There is also a component that blocks known spyware sites. Here's a link to info on TeaTimer: http://www.safer-networking.org/en/faq/33.html
0
gidds99Commented:
I would agree with the above and would suggest using realtime protection for spyware and viri in order that any known malware can be picked up before it can cause any harm.
0
greyknight17Commented:
Do you still have CoolWebSearch on this computer? If so, see if the below can remove it:

Download CWShredder at http://www.intermute.com/spysubtract/cwshredder_download.html and run it. Click on 'I Agree' button if you agree. Click on 'Fix' (it will automatically fix anything it finds for you) and then click OK. If it asks if you want to delete a certain random file, choose No and post that filename here. Let it finish the scan and then hit Next and Exit.

Download AboutBuster http://www.bleepingcomputer.com/files/aboutbuster.php and unzip the files to a folder on your Desktop. Don't run it yet.

Boot into Safe Mode...

Run AboutBuster and click Begin Removal. It will then give you a prompt asking to shut down Internet Explorer if opened. Click Yes. Once the scan is done, just hit the OK button. Click Exit once you are done. Click the OK button and it should exit.

Boot back to Normal Mode.

Run AboutBuster and click Begin Removal. It will then give you a prompt asking to shut down Internet Explorer if opened. Click Yes. Once the scan is done, just hit the OK button. Click Exit once you are done. Click the OK button and it should exit. Open up the 'Ab LogFile.txt' (which was created in the same folder as AboutBuster) and post the log here.

I recommend using anti-spyware programs to help prevent these infections...it's a must these days since spyware is spreading more wildly than viruses.

To help prevent future spyware infections, read the [url=http://www.greyknight17.com/spyware.php#prevent]Anti-Spyware Tutorial[/url] and use the tools provided.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.