|
If these have entries in Control Panel to be removed then you can read
the uninstall string at
HKLM\software\microsoft\windows\currentversion\uninstall.
If you have a machine startup script then it could just run that
uninstall routine; unfortunately few (if any) of the spyware programs uninstall
silently so there would be pop-ups appearing on screen.
I'd guess that most of the programs are actually started by an entry in
the "run" bit of HKLM\sw\ms\windows\cv or HKCU\sw\ms\windows\cv; you could
delete these entries as part of a machine startup/user logon script and then the
programs won't start. Couple this with a brute force delete of the relevant
folders and you've effectively uninstalled them.
Steve From: Rimmerman, Russ [mailto:[EMAIL PROTECTED] Sent: 08 January 2004 21:31 To: '[EMAIL PROTECTED]' Subject: [ActiveDir] GPOs for Spyware After
purchasing Patchlink 5.0 as a patch management solution for our 5000 desktops,
we have become aware after looking at the "software inventory" feature of it,
that a very large amount of our desktops have various forms of Spyware installed
on them.
ClockSync
PrecisionTime
Date
Manager
SaveNow
FastSeeker
EBatesMoMoneyMaker
are some examples. Is there an easy way to
remotely uninstall applications? I can remotely delete registry keys, kill
processes, and delete files, but this might cause various errors since they're
not being properly uninstalled. Any easy solutions or
ideas?
I know in Win2k3 you can create a GPO that is an
"unauthorized software" list where you actually put in names of EXE files, but I
don't think there is in Win2k. We're in Win2k for
now.
Thanks
|
Title: Message
- [ActiveDir] GPOs for Spyware Rimmerman, Russ
- RE: [ActiveDir] GPOs for Spyware Kevin Gent
- RE: [ActiveDir] GPOs for Spyware Rich Milburn
- RE: [ActiveDir] GPOs for Spyware james . blair
- Steve Rochford
