had installed Ilfak Guilfanov's patch v. MS patch

Discussion in 'Computer Security' started by none, Jan 8, 2006.

  1. none

    none Guest

    I installed this Guilfanov
    patch for the WMF vulnerability a
    couple of weeks ago. I'd read on GRC's pages that
    this install would show up in the add/remove section,
    and could be removed from there,
    but didn't check to see. After MS put out the patch
    I considered unistalling Guilfanov's and looked. It
    wasn't listed. I installed MS patch over the top,
    and noted no problem.

    Oddly enough, when I went back to review GRC's pages
    I could not find any information about uninstalling
    Guilfanov's patch!

    With all the paranoia there about CIA, NSA, etc..,
    I'm beginning to wonder if I haven't installed the
    real trojan, which is Guilfanov's!

    Any help on all this?
     
    none, Jan 8, 2006
    #1
    1. Advertising

  2. none

    Donnie Guest

    "none" <> wrote in message
    news:43c196f5$0$1531$...
    > I installed this Guilfanov
    > patch for the WMF vulnerability a
    > couple of weeks ago. I'd read on GRC's pages that
    > this install would show up in the add/remove section,
    > and could be removed from there,
    > but didn't check to see. After MS put out the patch
    > I considered unistalling Guilfanov's and looked. It
    > wasn't listed. I installed MS patch over the top,
    > and noted no problem.
    >
    > Oddly enough, when I went back to review GRC's pages
    > I could not find any information about uninstalling
    > Guilfanov's patch!
    >
    > With all the paranoia there about CIA, NSA, etc..,
    > I'm beginning to wonder if I haven't installed the
    > real trojan, which is Guilfanov's!
    >
    > Any help on all this?

    ##############################################
    http://www.hexblog.com/
    According to Guilfanov, that's the way to uninstall it. Run
    netstat -an to look for any unwanted connections if you think that you
    installed a trojan instead.
    It could be that it never really installed in the first place. See if it's
    in the startup on msconfig and look in the registry
    HKLM
    Software
    Microsoft
    Windows
    Run
    ################################################
     
    Donnie, Jan 9, 2006
    #2
    1. Advertising

  3. none

    Donnie Guest

    Reading a little further, I see that MS says that w2k sp4 is vunerable. Does
    that mean that w2k running any sp other than 4 is NOT vunerable?
    donnie
    ##################################
     
    Donnie, Jan 9, 2006
    #3
  4. none

    none Guest

    Donnie wrote:
    > "none" <> wrote in message
    > news:43c196f5$0$1531$...
    >
    >>I installed this Guilfanov
    >>patch for the WMF vulnerability a
    >>couple of weeks ago. I'd read on GRC's pages that
    >>this install would show up in the add/remove section,
    >>and could be removed from there,
    >>but didn't check to see. After MS put out the patch
    >>I considered unistalling Guilfanov's and looked. It
    >>wasn't listed. I installed MS patch over the top,
    >>and noted no problem.
    >>
    >>Oddly enough, when I went back to review GRC's pages
    >>I could not find any information about uninstalling
    >>Guilfanov's patch!
    >>
    >>With all the paranoia there about CIA, NSA, etc..,
    >>I'm beginning to wonder if I haven't installed the
    >>real trojan, which is Guilfanov's!
    >>
    >>Any help on all this?

    >
    > ##############################################
    > http://www.hexblog.com/
    > According to Guilfanov, that's the way to uninstall it. Run
    > netstat -an to look for any unwanted connections if you think that you
    > installed a trojan instead.
    > It could be that it never really installed in the first place. See if it's
    > in the startup on msconfig and look in the registry
    > HKLM
    > Software
    > Microsoft
    > Windows
    > Run
    > ################################################
    >
    >


    Apparently, from this page:
    http://castlecops.com/a6445-WMF_Exploit_FAQ.html
    The uninstall for this hotfix is inside the following folder;
    #21
    # Can I un-install the hotfix across a network?

    Yes, the un-installer is found here:

    c:\Program Files\WindowMetafile\Fixunins000.exe

    Have yet to reboot and return to Windows update to see if I
    still have their fix, and/or how to remove it and then reinstall it.
     
    none, Jan 9, 2006
    #4
  5. none

    Ant Guest

    "Donnie" wrote:

    > Reading a little further, I see that MS says that w2k sp4 is vunerable.
    > Does that mean that w2k running any sp other than 4 is NOT vunerable?


    I can confirm that W2k SP2 *is* vulnerable.
     
    Ant, Jan 9, 2006
    #5
  6. none

    Jim Watt Guest

    On Mon, 9 Jan 2006 02:28:08 -0000, "Ant" <> wrote:

    >"Donnie" wrote:
    >
    >> Reading a little further, I see that MS says that w2k sp4 is vunerable.
    >> Does that mean that w2k running any sp other than 4 is NOT vunerable?

    >
    >I can confirm that W2k SP2 *is* vulnerable.


    I imagine they say that as its the most recent (last) service pack;

    Yesterday whilst web browsing for hymn sheets, I got instead
    some adult educational material which wanted to send me
    ..wmf files - so the exploit is out there.
    --
    Jim Watt
    http://www.gibnet.com
     
    Jim Watt, Jan 9, 2006
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. lifestylelink
    Replies:
    10
    Views:
    814
    Ponder
    Aug 12, 2006
  2. =?Utf-8?B?bUXFp8OFfCDEpmXDhcSR?=

    Will 32 bit apps I had installed in Windows XP 32bit operate on 64

    =?Utf-8?B?bUXFp8OFfCDEpmXDhcSR?=, Sep 20, 2005, in forum: Windows 64bit
    Replies:
    1
    Views:
    414
    Charlie Russel - MVP
    Sep 20, 2005
  3. =?Utf-8?B?VG9kZA==?=

    WMF Patch Installed do I re register chimgvw.dll's

    =?Utf-8?B?VG9kZA==?=, Jan 6, 2006, in forum: Windows 64bit
    Replies:
    8
    Views:
    433
    Charlie Russel - MVP
    Jan 8, 2006
  4. canixs
    Replies:
    0
    Views:
    423
    canixs
    Mar 2, 2007
  5. rajmhn
    Replies:
    0
    Views:
    1,128
    rajmhn
    Sep 26, 2011
Loading...

Share This Page