

Poweliks: the persistent malware without a file - miles
https://blog.gdatasoftware.com/blog/article/poweliks-the-persistent-malware-without-a-file.html

======
halfcat
This is exactly why, on a Windows computer, you should:

1\. Never run under an administrator account unless you are performing
administrative duties (i.e. temporarily admin to intentionally install an app,
and not opening Word docs).

2\. Use Software Restriction Policy to only allow executables to run out of
C:\Windows, "C:\Program Files", and "C:\Program Files (x86)".

If I had to pick one or the other for my grandmother - antivirus software or
the non-admin/SRP config - I would choose non-admin/SRP hands down and sleep
easy. It's that effective. Unfortunately almost no one operates in this state
because it's not default when you buy a new Windows PC. Companies selling
antivirus software might go out of business if this were the default
configuration.

