> > This machine is a fully patched XP SP2 box, with > the default security > > settings for IE's Internet Zone. Does anybody know > what method this crap > > could be using to install without any user > interaction?
It's a little hard to tell accurately without taking a look at what you removed; ie, saying that you cleaned things out of the Registry is great, but without knowing what keys you "cleaned", it's hard to tell. However, doing a quick search on Google for "atpartners", some of the info I found points to BHOs... Sorry, wish I could help more, but I'd need more info... ===== ------------------------------------------ Harlan Carvey, CISSP "Windows Forensics and Incident Recovery" http://www.windows-ir.com http://groups.yahoo.com/group/windowsir/ "Meddle not in the affairs of dragons, for you are crunchy, and good with ketchup." "The simplicity of this game amuses me. Bring me your finest meats and cheeses." ------------------------------------------ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
