A user on my workstation uses Firefox and has visited a site that installed "Win 7 Internet Security 2011" on this machine. I successfully identified and removed the Trojan virus software. The browsers where neutralized by this virus and are inoperable. I created a new user account for this person. This user has been reinfected with the new account.
I want to find out where this user has been to identify where this Trojan virus is coming from. The only way I know how to do this is by reviewing the history log file to see where this person has been. I want to review the history location as the administrator of the machine; not use the infected user account. If there is a better way to do this outside of the infected user account, I am open to suggestions.
The user only uses Firefox. I have version 4.0.1 installed. This user does not like IE.
From Malwarebytes' log the virus was located here the first time here: c:\Users\<user id>b\AppData\Local\sll.exe (Trojan.FakeAlert). I am still not sure how the virus was able to install the first time around since I have this user locked down - not able to install without admin privileges.
The second time here: c:\Users\<user id>\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\IUFEUHVK\info.exe (Trojan.FakeAlertRP.Gen) . This did not get installed.
I try to keep everything current with the latest version.
I still want to review the history logs to record the sites visited. Then try each site one at a time to see if virus appears. I know this is a painful process, but how else do I determine where the virus came from? Back to my original question, how do I reveiw Firefox history log by using the admin account?