I am dealing with a machine that had the Win 7 Home Security 2011 malware come in and trash the machine.
I am confused however - all users that had access to the machine had restricted accounts (no admin level) and had an updated AV (Symantec Endpoint) yet it still managed to infect the whole machine and drop rogue files into the c:\windows\system32\config\systemprofile folder.
Does anyone know which exploit this malware uses, and what I should do to lock it down further?
I am confused however - all users that had access to the machine had restricted accounts (no admin level) and had an updated AV (Symantec Endpoint) yet it still managed to infect the whole machine and drop rogue files into the c:\windows\system32\config\systemprofile folder.
Does anyone know which exploit this malware uses, and what I should do to lock it down further?