RE: [ActiveDir] GPOs for Spyware
Title: Message If these have entries in Control Panel to be removed then you can read the uninstall string at HKLM\software\microsoft\windows\currentversion\uninstall. If you have a machine startup script then it could just run that uninstall routine; unfortunately few (if any) of the spyware programs uninstall silently so there would be pop-ups appearing on screen. I'd guess that most of the programs are actually started by an entry in the "run" bit of HKLM\sw\ms\windows\cv or HKCU\sw\ms\windows\cv; you could delete these entries as part of a machine startup/user logon script and then the programs won't start. Couple this with a brute force delete of the relevant folders and you've effectively uninstalled them. Steve From: Rimmerman, Russ [mailto:[EMAIL PROTECTED] Sent: 08 January 2004 21:31To: '[EMAIL PROTECTED]'Subject: [ActiveDir] GPOs for Spyware After purchasing Patchlink 5.0 as a patch management solution for our 5000 desktops, we have become aware after looking at the "software inventory" feature of it, that a very large amount of our desktops have various forms of Spyware installed on them. ClockSync PrecisionTime Date Manager SaveNow FastSeeker EBatesMoMoneyMaker are some examples. Is there an easy way to remotely uninstall applications? I can remotely delete registry keys, kill processes, and delete files, but this might cause various errors since they're not being properly uninstalled. Any easy solutions or ideas? I knowin Win2k3 you can create a GPO that is an "unauthorized software" list where you actually put in names of EXE files, but I don't think there is in Win2k. We're in Win2k for now. Thanks ~~ This e-mail is confidential, may contain proprietary information of the Cooper Cameron Corporation and its operating Divisions and may be confidential or privileged. This e-mail should be read, copied, disseminated and/or used only by the addressee. If you have received this message in error please delete it, together with any attachments, from your system. ~~
RE: [ActiveDir] GPOs for Spyware
Title: Message Ad - Aware from Lavasoft will remove everything about these spyware/malware apps, but I'm not sure how easy it will be to automate. -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Rimmerman, RussSent: Thursday, January 08, 2004 4:31 PMTo: '[EMAIL PROTECTED]'Subject: [ActiveDir] GPOs for Spyware After purchasing Patchlink 5.0 as a patch management solution for our 5000 desktops, we have become aware after looking at the "software inventory" feature of it, that a very large amount of our desktops have various forms of Spyware installed on them. ClockSync PrecisionTime Date Manager SaveNow FastSeeker EBatesMoMoneyMaker are some examples. Is there an easy way to remotely uninstall applications? I can remotely delete registry keys, kill processes, and delete files, but this might cause various errors since they're not being properly uninstalled. Any easy solutions or ideas? I knowin Win2k3 you can create a GPO that is an "unauthorized software" list where you actually put in names of EXE files, but I don't think there is in Win2k. We're in Win2k for now. Thanks ~~ This e-mail is confidential, may contain proprietary information of the Cooper Cameron Corporation and its operating Divisions and may be confidential or privileged. This e-mail should be read, copied, disseminated and/or used only by the addressee. If you have received this message in error please delete it, together with any attachments, from your system. ~~
RE: [ActiveDir] GPOs for Spyware
Title: Message Spybot has command-line parameters but I havent used them yet From: Kevin Gent [mailto:[EMAIL PROTECTED] Sent: Thursday, January 08, 2004 4:05 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] GPOs for Spyware Ad - Aware from Lavasoft will remove everything about these spyware/malware apps, but I'm not sure how easy it will be to automate. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Rimmerman, Russ Sent: Thursday, January 08, 2004 4:31 PM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] GPOs for Spyware After purchasing Patchlink 5.0 as a patch management solution for our 5000 desktops, we have become aware after looking at the software inventory feature of it, that a very large amount of our desktops have various forms of Spyware installed on them. ClockSync PrecisionTime Date Manager SaveNow FastSeeker EBatesMoMoneyMaker are some examples. Is there an easy way to remotely uninstall applications? I can remotely delete registry keys, kill processes, and delete files, but this might cause various errors since they're not being properly uninstalled. Any easy solutions or ideas? I knowin Win2k3 you can create a GPO that is an unauthorized software list where you actually put in names of EXE files, but I don't think there is in Win2k. We're in Win2k for now. Thanks ~~This e-mail is confidential, may contain proprietary informationof the Cooper Cameron Corporation and its operating Divisionsand may be confidential or privileged.This e-mail should be read, copied, disseminated and/or used onlyby the addressee. If you have received this message in error pleasedelete it, together with any attachments, from your system.~~ ---APPLEBEE'S INTERNATIONAL, INC. CONFIDENTIALITY NOTICE--- PRIVILEGED / CONFIDENTIAL INFORMATION may be contained in this message or any attachments. This information is strictly confidential and may be subject to attorney-client privilege. This message is intended only for the use of the named addressee. If you are not the intended recipient of this message, unauthorized forwarding, printing, copying, distribution, or using such information is strictly prohibited and may be unlawful. If you have received this in error, you should kindly notify the sender by reply e-mail and immediately destroy this message. Unauthorized interception of this e-mail is a violation of federal criminal law. Applebee's International, Inc. reserves the right to monitor and review the content of all messages sent to and from this e-mail address. Messages sent to or from this e-mail address may be stored on the Applebee's International, Inc. e-mail system.
RE: [ActiveDir] GPOs for Spyware
onsent, Licensee may not: (1) modify or create any derivative works of the Product; (2) decompile, disassemble, reverse engineer, or otherwise attempt to derive the source code for the Product (except to the extent applicable laws specifically prohibit such restriction) (3) sell the SpywareGuard software, or this license, in any way (4) remove or alter any trademark, logo, copyright or other proprietary notices, legends, symbols or labels in the Product SpywareGuard is provided as freeware, and as such no guarantee is made that updates will be provided on a consistent basis. By using SpywareGuard and/or by clicking the "Yes" button to install SpywareGuard, you agree to be legally bound by the statements located above and below. SpywareGuard is released as freeware. This means you may make copies of the software for backup purposes, give the software to friends, or mirror it on your own site IF AND ONLY IF ALL FILES REMAIN UNCHANGED AND INTACT, AND NO FILES ARE ADDED. If you do wish to mirror this program, please leave a post in one of the SpywareGuard threads at www.wilderssecurity.com . You may NOT include this program on any compilation mediums where you charge more than the cost of the medium it is included on (i.e. you may not charge for this freeware, but you may recoup the cost of the CD-ROM or other media it is placed on). Again, you must keep all files intact and unchanged, and you must add no files to this distribution. If you are in a position to help the coder of this excellant product I am sure it would be appreciated. I have no affiliation whatsoever with the coder/product. James -Original Message-From: Rich Milburn [mailto:[EMAIL PROTECTED] Sent: Friday, 9 January 2004 8:14 AMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] GPOs for Spyware Spybot has command-line parameters but I haven't used them yet From: Kevin Gent [mailto:[EMAIL PROTECTED] Sent: Thursday, January 08, 2004 4:05 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] GPOs for Spyware Ad - Aware from Lavasoft will remove everything about these spyware/malware apps, but I'm not sure how easy it will be to automate. -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Rimmerman, RussSent: Thursday, January 08, 2004 4:31 PMTo: '[EMAIL PROTECTED]'Subject: [ActiveDir] GPOs for Spyware After purchasing Patchlink 5.0 as a patch management solution for our 5000 desktops, we have become aware after looking at the "software inventory" feature of it, that a very large amount of our desktops have various forms of Spyware installed on them. ClockSync PrecisionTime Date Manager SaveNow FastSeeker EBatesMoMoneyMaker are some examples. Is there an easy way to remotely uninstall applications? I can remotely delete registry keys, kill processes, and delete files, but this might cause various errors since they're not being properly uninstalled. Any easy solutions or ideas? I knowin Win2k3 you can create a GPO that is an "unauthorized software" list where you actually put in names of EXE files, but I don't think there is in Win2k. We're in Win2k for now. Thanks ~~This e-mail is confidential, may contain proprietary informationof the Cooper Cameron Corporation and its operating Divisionsand may be confidential or privileged.This e-mail should be read, copied, disseminated and/or used onlyby the addressee. If you have received this message in error pleasedelete it, together with any attachments, from your system.~~ ---APPLEBEE'S INTERNATIONAL, INC. CONFIDENTIALITY NOTICE--- PRIVILEGED / CONFIDENTIAL INFORMATION may be contained in this message or any attachments. This information is strictly confidential and may be subject to attorney-client privilege. This message is intended only for the use of the named addressee. If you are not the intended recipient of this message, unauthorized forwarding, printing, copying, distribution, or using such information is strictly prohibited and may be unlawful. If you have received this in error, you should kindly notify the sender by reply e-mail and immediately destroy this message. Unauthorized interception of this e-mail is a violation of federal criminal law. Applebee's International, Inc. reserves the right to monitor and review the content of all messages sent to and from this e-mail address. Messages sent to or from this e-mail address may be stored on the Applebee's International, Inc. e-mail system.