Removign spyware from multiple user account in Windows

[Nocturnal]

Say someone has Windows XP and they have like five user accounts. Do you have to go into each account and run a spyware scan or does doing it from safe mode scan for each user?

 

[redbeard1]

I have not found a cleaner that will scan across user accounts. While alot of stuff is removed scanning from one account, I still have to scan all of the accounts on the system to get everything.

Hopefully some day they will figure out how to do it.

 

[EagleKeeper]

What happens if one starts the scan as Administrator?

 

[mechBgon]

I was de-spywaring my boss's friend's son's computer recently, and created a new account named Visitors on it. Lo and behold, I log on as Visitors for the first time, and Microsoft AntiSpyware warns that CoolWebSearch is trying to install Keep in mind, this account didn't exist until a few minutes before, and I had already run MS AntiSpyware, McAfee and Kaspersky antivirus scans, Spybot S&D and BHODemon.

I would like to learn more about where this stuff hides too. The Windows\Java, Windows\Prefetch, and Windows\Downloaded Program Files directories are three more places I emptied out, and then I also ran Webroot's 30-day trialware of Spysweeper on it and it found a few more items to get rid of. End result, it seems to be clean now, and creating another new account didn't bring on any further malware.

Anymore, an ounce of prevention seems to be worth about 20 pounds of cure in the worst cases

 

[Zugzwang152]

Originally posted by: mechBgon
I was de-spywaring my boss's friend's son's computer recently, and created a new account named Visitors on it. Lo and behold, I log on as Visitors for the first time, and Microsoft AntiSpyware warns that CoolWebSearch is trying to install Keep in mind, this account didn't exist until a few minutes before, and I had already run MS AntiSpyware, McAfee and Kaspersky antivirus scans, Spybot S&D and BHODemon.

I would like to learn more about where this stuff hides too. The Windows\Java, Windows\Prefetch, and Windows\Downloaded Program Files directories are three more places I emptied out, and then I also ran Webroot's 30-day trialware of Spysweeper on it and it found a few more items to get rid of. End result, it seems to be clean now, and creating another new account didn't bring on any further malware.

Anymore, an ounce of prevention seems to be worth about 20 pounds of cure in the worst cases

stuff in HKLM\software\microsoft\windows\currentversion\run+runonce runs at startup no matter what user is logged in IIRC. thats a good place to look. also check services to see if theres something in there thats set to automatic start.

 

[mechBgon]

Originally posted by: Zugzwang152

Originally posted by: mechBgon
I was de-spywaring my boss's friend's son's computer recently, and created a new account named Visitors on it. Lo and behold, I log on as Visitors for the first time, and Microsoft AntiSpyware warns that CoolWebSearch is trying to install Keep in mind, this account didn't exist until a few minutes before, and I had already run MS AntiSpyware, McAfee and Kaspersky antivirus scans, Spybot S&D and BHODemon.

I would like to learn more about where this stuff hides too. The Windows\Java, Windows\Prefetch, and Windows\Downloaded Program Files directories are three more places I emptied out, and then I also ran Webroot's 30-day trialware of Spysweeper on it and it found a few more items to get rid of. End result, it seems to be clean now, and creating another new account didn't bring on any further malware.

Anymore, an ounce of prevention seems to be worth about 20 pounds of cure in the worst cases

stuff in HKLM\software\microsoft\windows\currentversion\run+runonce runs at startup no matter what user is logged in IIRC. thats a good place to look. also check services to see if theres something in there thats set to automatic start.

Thanks for the tips!

 

[tooltime]

i have noticed adaware scans all user accounts if you do a full scan

 

[Zugzwang152]

Originally posted by: tooltime
i have noticed adaware scans all user accounts if you do a full scan

Indeed, most programs do scan the full registry, and all user accounts, however not all are good at determining what is bad and what isn't.