The issue of getting infected or not has to do with a few things but hard to believe that you've only seen one in 3 years Glenn. Being logged on as a limited user is certainly very helpful in preventing one but if you have Java on the computer it has system rights and even a limited user hitting a site that can exploit old Java can infect the box. Flash can as well but for the most part they seem to have stopped using that plugin as an attack vector at least as frequently as they used to, Acrobat Reader as well. Then you have a recent exploit of IE that can also allow a remote attacker to gain access (with the same rights as the user, but from that point their are many other tools and methods that can be tried to elevate one's rights)

Also not sure what you're running at the site Glenn but I try to run a tight ship too but there are still programs that come along that require the user to have admin rights and you don't have time to sit down and analyze and reset permissions for these programs all the time either. If time was not limited yes you could track down and make the program work without the user being an admin but in today's economy all you get is more and more work and less and less help to do it. Then you get hit up by the owner telling you to just make it work right now, which doesn't help.


 Quote:
I will have a look at combofix.
Thanks Rob


You need to be very careful of that tool. It's a great tool but it has also deleted the Windows folder before due to minor mistake in the code. As a regular user you don't know when or if there is something wrong with the code because it's only discussed in private forums. Just like KiXtart it has many functions it can be told to do as well but again that is not available to the general public.

Reimage is probably the fastest, safest route if you have the company setup well to do that.