Maybe I'm nuts. Maybe I'm sick of dealing with malware. But I have some very simple questions about things I almost ALWAYS see on infected systems. Perhaps someone here can clarify something for me that I have yet to see Microsoft and any antivirus vender directly address. I'm gonna start this with one point, and then how the conversation goes:
I almost always see malware injection points in the allusers\appdata folder. In these instances I *always* see a reference in one of the "run" registry keys. As far as I know; this top level appdata filer should NOT contain files at all. I repeat: NO FILES AT F'ING ALL. Can someone confirm this? Can someone with contacts at Microsoft or other AV providers confirm why this is completely overlooked when scanning? This is were 0-day malware live very commonly. This is very easy to check! Thank you for your time and any vender reach-outs you can provide. I'm currently working on a set of scripts to check what I consider very foolish things like this. If anyone wants to team-up, please do. -- Espi ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin