Exactly. And thats what I'm starting to pull-together. I'm really fed up with this nonsense.
-- Espi On Wed, Jul 13, 2011 at 11:08 AM, Erik Goldoff <[email protected]> wrote: > What I would like to see from the OS is something like a trimmed down > version of UAC *just for the malware load points* !!! > A permission / integrity monitor that prompts and/or logs whever a RUN key > is altered, whenever a scheduled task is created, whenever a link is added > to the STARTUP group, etc ... > > and it would be great if all the antimalware vendors' software could read > these load points, parse out the potentially infectious files ( exe, dll, > etc ) and quick scan just those. > > On Wed, Jul 13, 2011 at 1:12 PM, Micheal Espinola Jr < > [email protected]> wrote: > >> Maybe I'm nuts. Maybe I'm sick of dealing with malware. But I have some >> very simple questions about things I almost ALWAYS see on infected systems. >> Perhaps someone here can clarify something for me that I have yet to see >> Microsoft and any antivirus vender directly address. I'm gonna start this >> with one point, and then how the conversation goes: >> >> I almost always see malware injection points in the allusers\appdata >> folder. In these instances I *always* see a reference in one of the "run" >> registry keys. >> >> As far as I know; this top level appdata filer should NOT contain files at >> all. I repeat: NO FILES AT F'ING ALL. >> >> Can someone confirm this? Can someone with contacts at Microsoft or other >> AV providers confirm why this is completely overlooked when scanning? This >> is were 0-day malware live very commonly. This is very easy to check! >> >> Thank you for your time and any vender reach-outs you can provide. >> >> I'm currently working on a set of scripts to check what I consider very >> foolish things like this. If anyone wants to team-up, please do. >> >> -- >> Espi >> >> >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to [email protected] >> with the body: unsubscribe ntsysadmin >> > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
