Well, in the last weeks I've faced a lot of new vÃrus that were not detected by an antivirus, so I had to figure out how they have entered in the computer. I've installed this neat action to check logged in user internet history, and it also works for files accessed:
1. get this great nirsoft utility http://www.nirsoft.net/utils/iehv.html
2. add this action:
\\server\share$\Lansweeper\iehv.exe -folder "\\{computer}\c$\Documents and Settings\{username}\Local Settings\History"
That's it, you get the history and you can easilly know where that vÃrus come from, many of them are from google searches and they only install when clicking on the search result, if you click directly on the link it does nothing. I will not post examples since I could be helping to spread those vÃrus - they offer themselfs to the user as being an antivirus sofware,