My experience with AV2010 is that once the initial pop-up appears indicating "infection" the only way to avoid installation is to close IE via Task Manager. Clicking anywhere on the pop-up window, even the X to close, allows installation.
Roger Wright ___ Sent from Tampa, FL, United States On Thu, Dec 3, 2009 at 4:00 PM, Murray Freeman <[email protected]> wrote: > Anti virus probe 2010 > > > *MMF * > > > ------------------------------ > *From:* Kennedy, Jim [mailto:[email protected]] > *Sent:* Thursday, December 03, 2009 2:56 PM > > *To:* NT System Admin Issues > *Subject:* RE: VIRUS INSTALLED ON RESTRICTED USER PROFILE > > My bet is it didn’t. It created it using an elevated service maybe. Or > got hit it across the network from another machine……that is exactly how > conflikr works. What virus is it? > > > > > > > > *From:* Murray Freeman [mailto:[email protected]] > *Sent:* Thursday, December 03, 2009 3:55 PM > *To:* NT System Admin Issues > *Subject:* VIRUS INSTALLED ON RESTRICTED USER PROFILE > > > > Yesterday, one of my users got infected with a trojan, and since all our > users are "restricted users", we were trying to figure out if perhaps the > computer's local administrator permissions allowed this to happen. It turns > out that a new profile was created named "XXXX" with administrative > permissions, So, my question is how can a virus/trojan create a user while > logged in as a restricted user? > > > > *Murray * > > > > > > > > > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
