Thanks for your comment, we’ll look further into it. But first, if we assume that most users don’t run under limited accounts, and following the discussion that Vista’s UAC prompts excessively, it seems more relevant to focus on commonly used account permissions and the setup that the malware targets (the content in the post).

Btw, there are multiple ways to evade account limitations for spyware. It seems that it’s just not necessary for the malware authors to implement at this point.

A co-worker reported removing this threat from a PC that had been infected via a limited user account. While logged on to the LU account sdra64.exe and associated registry entries were not visible. They were visible and easily removed from the admin account however.