wmf exploit, what to do???

Discussion in 'Computer Support' started by junkmail, Dec 30, 2005.

  1. junkmail

    junkmail Guest

    there are many notices of this exploit and how to prevent yourself from
    falling victom, but what happens if you have already fallen victom? how do
    you clean your machine?

    there are no written soloutions. (or am i overlooking something?)

    is there a step by step guide on removing the exploits form an already
    infected box?
     
    junkmail, Dec 30, 2005
    #1
    1. Advertising

  2. junkmail

    Trax Guest

    "junkmail" <> wrote:

    |>there are many notices of this exploit and how to prevent yourself from
    |>falling victom, but what happens if you have already fallen victom? how do
    |>you clean your machine?
    |>
    |>there are no written soloutions. (or am i overlooking something?)
    |>
    |>is there a step by step guide on removing the exploits form an already
    |>infected box?

    Disabling Windows Picture and Fax Viewer will prevent it
    http://www.annoyances.org/exec/show/article03-201

    I do this normally as I don't want it running and I use my own Graphic
    program, if you do this tho you will loss things like thumbnails in
    explorer and other perks.

    You can delete the WMF in Explorer, tools. folder options, file types
    but I've heard/read that that it will just reinstall the association.
    What I've done on a friends system is associat WMF to Irfanview.

    Just found this on microsoft.public.windowsxp.general

    Reply-To: "PA Bear" <moc.liamg@PVMraeBAP>
    From: "PA Bear" <>

    X-post to Security, Security.Homeusers, IE6 & WinXP General
    newsgroups.
    Followup-to set for microsoft.public.security.

    The FAQ section of
    http://www.microsoft.com/technet/security/advisory/912840.mspx has
    been updated.

    Fully expand Suggest Actions > Workarounds subsection to see steps you
    can take to "help block known attack vectors".

    Additional Resources:

    Protect Your PC
    http://www.microsoft.com/athome/security/protect/

    Microsoft Security Home Page
    http://www.microsoft.com/security/default.mspx



    --
    http://games.briankass.com/
     
    Trax, Dec 30, 2005
    #2
    1. Advertising

  3. junkmail

    Mitch Guest

    In article <>, Trax
    <> wrote:

    > "junkmail" <> wrote:
    >
    > |>there are many notices of this exploit and how to prevent yourself from
    > |>falling victom, but what happens if you have already fallen victom? how do
    > |>you clean your machine?
    > |>
    > |>there are no written soloutions. (or am i overlooking something?)
    > |>
    > |>is there a step by step guide on removing the exploits form an already
    > |>infected box?
    >
    > Disabling Windows Picture and Fax Viewer will prevent it
    > http://www.annoyances.org/exec/show/article03-201
    >
    > I do this normally as I don't want it running and I use my own Graphic
    > program, if you do this tho you will loss things like thumbnails in
    > explorer and other perks.
    >
    > You can delete the WMF in Explorer, tools. folder options, file types
    > but I've heard/read that that it will just reinstall the association.
    > What I've done on a friends system is associat WMF to Irfanview.
    >
    > Just found this on microsoft.public.windowsxp.general
    >
    > Reply-To: "PA Bear" <moc.liamg@PVMraeBAP>
    > From: "PA Bear" <>
    >
    > X-post to Security, Security.Homeusers, IE6 & WinXP General
    > newsgroups.
    > Followup-to set for microsoft.public.security.
    >
    > The FAQ section of
    > http://www.microsoft.com/technet/security/advisory/912840.mspx has
    > been updated.
    >
    > Fully expand Suggest Actions > Workarounds subsection to see steps you
    > can take to "help block known attack vectors".
    >
    > Additional Resources:
    >
    > Protect Your PC
    > http://www.microsoft.com/athome/security/protect/
    >
    > Microsoft Security Home Page
    > http://www.microsoft.com/security/default.mspx




    Am I missing something?
    I don't see anything at all about what to do AFTER you are hit.
    Lots of the same comments about avoiding it, and almost nothing about
    the kind of damage it does or the respponse for damage.
     
    Mitch, Dec 31, 2005
    #3
  4. junkmail

    techsalong Guest

    What version of windows do you have? XP SP2 is immune to the exploit
    (windows media file buffer overrun) but I don't know if it will stop it
    after you have it. Are you getting some kind of message saying you have
    a problem? What program is telling you that, and exactly what does it
    say? Does it name the file or the malware itself?
     
    techsalong, Dec 31, 2005
    #4
  5. junkmail

    Trax Guest

    Mitch <> wrote:

    |>Am I missing something?
    |>I don't see anything at all about what to do AFTER you are hit.
    |>Lots of the same comments about avoiding it, and almost nothing about
    |>the kind of damage it does or the respponse for damage.

    No, I posted then read, Figured an MVP posting a reply to a warning
    would post a fix. Nothing posted from
    microsoft.public.windowsxp.general was really usable.

    As for fixing a problem due to the exploit, you have to understand the
    exploit. ANYTHING can be sent to you, your going to have to get hit
    first just to see what it is.

    It's really a big deal.

    --
    http://games.briankass.com/
     
    Trax, Dec 31, 2005
    #5
  6. junkmail

    Trax Guest

    Trax <> wrote:

    |> Mitch <> wrote:
    |>
    |>|>Am I missing something?
    |>|>I don't see anything at all about what to do AFTER you are hit.
    |>|>Lots of the same comments about avoiding it, and almost nothing about
    |>|>the kind of damage it does or the respponse for damage.
    |>
    |>No, I posted then read, Figured an MVP posting a reply to a warning
    |>would post a fix. Nothing posted from
    |>microsoft.public.windowsxp.general was really usable.
    |>
    |>As for fixing a problem due to the exploit, you have to understand the
    |>exploit. ANYTHING can be sent to you, your going to have to get hit
    |>first just to see what it is.
    |>
    |>It's really a big deal.

    This link http://isc.sans.org//diary.php?storyid=972
    has a link if you wish to see how the exploit works, this one attempts
    to install Winhound.


    --
    http://games.briankass.com/
     
    Trax, Dec 31, 2005
    #6
  7. junkmail

    Mara Guest

    On Sat, 31 Dec 2005 00:06:38 GMT, Mitch <> wrote:

    <snip>
    >
    >Am I missing something?
    >I don't see anything at all about what to do AFTER you are hit.
    >Lots of the same comments about avoiding it, and almost nothing about
    >the kind of damage it does or the respponse for damage.


    http://www.sophos.com/virusinfo/analyses/expwmfa.html
    http://antivirus.about.com/od/virusdescriptions/a/wmfexploit_2.htm

    --
    If you think technology can solve your security problems, then you
    don't understand the problems and you don't understand the technology.
    -- Bruce Schneider
     
    Mara, Dec 31, 2005
    #7
  8. junkmail

    pcbutts1 Guest

    If you have SpyAxe, PSGuard, Smitfraud, Sinnaka Advertisments or detections
    for Puper or Alemod that can not seem to be removed automatically, please
    try this automated removal tool.

    AntiPuper v1.1 by secured2k
    http://secured2k.home.comcast.net/tools/AntiPuper.exe

    What does this tool do?
    This tool will attempt to delete several known Trojan files. These files are
    modified by the malware authors and encrypted to avoid detection.
    Fortunately, many of these tend to use the exact same file names. If the
    files are in use, locked, protected, etc, this program will schedule Windows
    to remove the files upon restarting.

    This program will also remove some common security policies that are changed
    by viruses and worms. Policies that lock out your desktop changes, windows
    update, Windows Firewall, Explorer Run policies, Registry editing, and more
    are all reset.

    Finally, if you have an infected Alemod WININET.DLL file, this program will
    try to copy a clean version from your Windows File Protection folder and
    replace the bad copy on restart. If a backup copy can not be found, the tool
    will quickly look for McAfee Antivirus files and attempt to clean a copy of
    the file to replace the bad one on reboot. If all of this fails, you will
    need to manually replace/clean your WININET.DLL file.


    --


    The best live web video on the internet http://www.seedsv.com/webdemo.htm
    NEW Embedded system W/Linux. We now sell DVR cards.
    See it all at http://www.seedsv.com/products.htm
    Sharpvision simply the best http://www.seedsv.com



    "junkmail" <> wrote in message
    news:3Qhtf.4311$...
    > there are many notices of this exploit and how to prevent yourself from
    > falling victom, but what happens if you have already fallen victom? how do
    > you clean your machine?
    >
    > there are no written soloutions. (or am i overlooking something?)
    >
    > is there a step by step guide on removing the exploits form an already
    > infected box?
    >
    >
     
    pcbutts1, Dec 31, 2005
    #8
  9. junkmail

    Mitch Guest

    In article <>, Trax
    <> wrote:

    > Mitch <> wrote:
    >
    > |>Am I missing something?
    > |>I don't see anything at all about what to do AFTER you are hit.
    > |>Lots of the same comments about avoiding it, and almost nothing about
    > |>the kind of damage it does or the respponse for damage.
    >
    > No, I posted then read, Figured an MVP posting a reply to a warning
    > would post a fix. Nothing posted from
    > microsoft.public.windowsxp.general was really usable.
    >
    > As for fixing a problem due to the exploit, you have to understand the
    > exploit. ANYTHING can be sent to you, your going to have to get hit
    > first just to see what it is.
    >
    > It's really a big deal.


    Oh, so you're saying the vulnerability makes it open to many things,
    and I guess that implies that you can't really have one specific
    solution.
    That's kind of like the root kit problem again, only more sinister.
     
    Mitch, Dec 31, 2005
    #9
  10. junkmail

    Mitch Guest

    In article <>, Mara
    <> wrote:

    > On Sat, 31 Dec 2005 00:06:38 GMT, Mitch <> wrote:
    >
    > <snip>
    > >
    > >Am I missing something?
    > >I don't see anything at all about what to do AFTER you are hit.
    > >Lots of the same comments about avoiding it, and almost nothing about
    > >the kind of damage it does or the respponse for damage.

    >
    > http://www.sophos.com/virusinfo/analyses/expwmfa.html
    > http://antivirus.about.com/od/virusdescriptions/a/wmfexploit_2.htm


    That second refers to this:
    Though the WMF Image Handling Exploit involves .WMF files, a .WMF
    renamed to a different image extension, i.e. TIF, JPG, ICO, etc., will
    still be recognized by Windows as a WMF file and the exploit will be
    rendered.

    How is that? Does she mean only as long as Microsoft tools are set as
    the default helper app?
    I don't understand how Windows can still run WMP if the file is renamed
    as a JPEG, if the assigned app for JPEGs will try to open it.

    What I'm getting at is that some users might just be able to reassign
    all image-handling tools away from Microsoft products and they may be
    almost safe, if Windows never checks these file types.

    They would have to use non-Microsoft internet apps (no IE, Outlook,
    OE), avoid loading HTML in e-mail and newsgroups, and set all image
    handling to alternatives like Irfanview. But much of that is what we
    are already telling them to do to be safe.
     
    Mitch, Dec 31, 2005
    #10
  11. junkmail

    Mara Guest

    On Sat, 31 Dec 2005 02:22:21 GMT, Mitch <> wrote:

    <snip>
    >What I'm getting at is that some users might just be able to reassign
    >all image-handling tools away from Microsoft products and they may be
    >almost safe, if Windows never checks these file types.


    What you're asking is that Microsoft put security above brain-dead interfaces.
    That's not going to happen. Most people are just going to run whatever's on the
    system they bought, and use the software that comes with it. They don't care
    about security, they don't care about safety, they care about point and click.
    Whatever's easiest. And whatever's free. Whether it actually *works* or not is
    another story.

    That's a fact, from personal experience.

    >They would have to use non-Microsoft internet apps (no IE, Outlook,
    >OE), avoid loading HTML in e-mail and newsgroups, and set all image
    >handling to alternatives like Irfanview. But much of that is what we
    >are already telling them to do to be safe.


    You can tell people, but you can't make them listen if it means they'll have to
    change something, or put more personal effort into running better programs. How
    do I know this? Because I've preached this to many, many people here. Run better
    software. How to keep their systems clean. How to run them safely. And yet I get
    the same systems in again and again, over and over, because it's just too hard
    to learn something new, especially if it isn't free, and besides, they can bring
    it to me and I'll clean it for them, and who cares what they're spewing in the
    meantime?

    It never once occurs to them that they *are* paying for their own carelessness
    when they pay my bill. They'll bitch about the cost, but they won't prevent it
    from happening. C'est la vie. <shrug>

    --
    If you think technology can solve your security problems, then you
    don't understand the problems and you don't understand the technology.
    -- Bruce Schneider
     
    Mara, Dec 31, 2005
    #11
  12. junkmail

    Mitch Guest

    In article <>, Mara
    <> wrote:

    > >What I'm getting at is that some users might just be able to reassign
    > >all image-handling tools away from Microsoft products and they may be
    > >almost safe, if Windows never checks these file types.

    >
    > What you're asking is that Microsoft put security above brain-dead interfaces.
    > That's not going to happen. Most people are just going to run whatever's on
    > the
    > system they bought, and use the software that comes with it. They don't care
    > about security, they don't care about safety, they care about point and click.
    > Whatever's easiest. And whatever's free. Whether it actually *works* or not is
    > another story.
    >
    > That's a fact, from personal experience.
    >
    > >They would have to use non-Microsoft internet apps (no IE, Outlook,
    > >OE), avoid loading HTML in e-mail and newsgroups, and set all image
    > >handling to alternatives like Irfanview. But much of that is what we
    > >are already telling them to do to be safe.

    >
    > You can tell people, but you can't make them listen if it means they'll have
    > to
    > change something, or put more personal effort into running better programs.


    All true. And people want to believe that Microsoft is the best, and
    makes an effort to solve the problems, but many of us don't really
    believe that.
    Yet we get an unusual opportunity in this group; people are more
    motivated to listen. They come here for help, and some will really do
    something about it. At least, as long as some troll or rude sumnavich
    doesn't turn them away first.

    This latest problem looks to be a major one, but it seems so far that a
    lot of what is often common advice might prevent it.

    I have to laugh at Microsoft's inability to solve this one; it seem
    they just need to rewrite the viewer program or that one library so it
    doesn't open any non-image data. It wouldn't seem to be so tough an
    issue; unless they wrote some of the Windows features that actually use
    the viewer's library to operate, which seems weird.
     
    Mitch, Dec 31, 2005
    #12
  13. junkmail

    Mara Guest

    On Sat, 31 Dec 2005 15:13:17 GMT, Mitch <> wrote:

    <snip>
    >All true. And people want to believe that Microsoft is the best, and
    >makes an effort to solve the problems, but many of us don't really
    >believe that.


    It's not a question of belief, but of knowledge. This machine is running XP
    (temporarily.) The other two here in the office, and the machines down in the
    Lair of Evil, are running Linux. I *can* do side-by-side comparisons. And I
    *know* Linux to be the better OS, in terms of safety and security. I can see it
    visually.

    >Yet we get an unusual opportunity in this group; people are more
    >motivated to listen. They come here for help, and some will really do
    >something about it. At least, as long as some troll or rude sumnavich
    >doesn't turn them away first.


    That's usenet. They either need to grow a thicker skin and learn who to ignore,
    do some homework on usenet and killfiles before coming to the groups, or find
    help somewhere else. And they *can* do that - there are *many* sites that have
    the information on them that we (TINW) give here.

    And yet, they don't do that either - part of the reason why some usenet
    newsgroups have become little more than sewers.

    >This latest problem looks to be a major one, but it seems so far that a
    >lot of what is often common advice might prevent it.
    >
    >I have to laugh at Microsoft's inability to solve this one; it seem
    >they just need to rewrite the viewer program or that one library so it
    >doesn't open any non-image data. It wouldn't seem to be so tough an
    >issue; unless they wrote some of the Windows features that actually use
    >the viewer's library to operate, which seems weird.


    Never think that Microsoft isn't able to fix their problems. They're perfectly
    capable of doing so. But they're not going to do anything that might cut into
    their profit margin. So, they do stupid things like build crap into their OSs
    that force their users to upgrade to their New And More Numerous Security
    Breaches OS That Allows Microsoft Themselves to 0wn Your Machine, or run
    something else.

    Just from what I've read in various places online, it seems more and more people
    are choosing the latter. This isn't a bad thing. After all, people are expected
    to take responsibility for their actions. I see no reason why they shouldn't,
    too.

    Now, if I could just convince my employer of that....

    --
    If you think technology can solve your security problems, then you
    don't understand the problems and you don't understand the technology.
    -- Bruce Schneider
     
    Mara, Dec 31, 2005
    #13
  14. junkmail

    C. DelPlato Guest

    Mara wrote:

    > On Sat, 31 Dec 2005 15:13:17 GMT, Mitch <> wrote:


    <snip>

    >> I have to laugh at Microsoft's inability to solve this one; it seem
    >> they just need to rewrite the viewer program or that one library so
    >> it doesn't open any non-image data. It wouldn't seem to be so tough
    >> an issue; unless they wrote some of the Windows features that
    >> actually use the viewer's library to operate, which seems weird.

    >
    > Never think that Microsoft isn't able to fix their problems. They're
    > perfectly capable of doing so. But they're not going to do anything
    > that might cut into their profit margin.


    Does releasing yet another patch, to repair yet another exploit, really
    affect their bottom-line all that much? I wouldn't think so since they do
    it almost constantly. :)

    > So, they do stupid things
    > like build crap into their OSs that force their users to upgrade to
    > their New And More Numerous Security Breaches OS That Allows
    > Microsoft Themselves to 0wn Your Machine, or run something else.
    >
    > Just from what I've read in various places online, it seems more and
    > more people are choosing the latter. This isn't a bad thing. After
    > all, people are expected to take responsibility for their actions. I
    > see no reason why they shouldn't, too.


    If by "choosing the latter" you mean migrating to Linux, I don't know whom
    to believe on that one.

    Every browser/OS statistics website I go to puts Linux users (not servers)
    in the 3 to 5% range, and those percentages seem to have remained fairly
    stable over the past year or so. This is also backed-up by my own website
    logs. Granted, it's just a small personal website and I have no way of
    knowing if the stat sites I've visited have an axe to grind, but I certainly
    don't. I couldn't care less what OS or browser people use. And frankly I
    don't know why so many others do, but that's another thread I guess.

    The real bottom line is, I think people tend to use whatever works easiest,
    and security be damned. That, and I think that most people are like me.
    That is to say, technologically challenged. :) I've read quite a bit about
    all the various distibutions of Linux, and I still can't figure out which
    one would best suit my needs. Nevermind the time I'd waste learning a new
    OS and fiddling with it until I can get IT to do, what I can already do,
    with Windows. I'm not knocking Linux, nor am I advocating Microsoft. Like
    I said, I couldn't care less. You're choice of OS is exactly that. You're
    choice. Nobody can force you to use anything you don't wish to use. But
    quite honestly, I haven't found my fully patched Windows (XP-SP2) to be
    anywhere near the kind of security risk some would have me believe.

    I think one of the major problems with open-source stuff is that any Tom,
    Dick or Harry can come along and modify it any way they want which leads to
    a lot of choices and decisions. And I'm well aware that's a good thing if
    one has the time and the inclination to care about such things, along with
    the cognative ability to REALLY understand such things. But I'll freely
    admit it, I don't. And obviously the vast majority of others don't, either.
    Heck. Most of the people who post to this group can't even form a sentence,
    let alone Google for their answers before posting. So I don't think there's
    much chance they'll be installing Linux anytime soon.

    >
    > Now, if I could just convince my employer of that....


    I heard THAT loud and clear. :)
     
    C. DelPlato, Dec 31, 2005
    #14
  15. junkmail

    junkmail Guest

    ok, still not alot of soloutions lol

    first off im not infected. so im not woried, and i did the workaround
    soloutions for now,.

    but, as i know now, all Versions of windows are affected, and most browsers
    will allow the download of the exploitable file. though some ask your
    permission first. :)

    my original question is still here.
    from what im reading there are well over 52 variants of this exploit, in the
    wild. of them, the anti-virus apps only detect and report them, they say
    nothing about if they can stop them. so,

    in the event someone gets hit by this, and i have to go and clean it, how?

    right now, i do know one varient spams all your e-mail friends after it
    infects your machine. :\

    soon viruses will be injected on to the pc's i sure hope microcrap issues a
    patch to correct this asap.
    "C. DelPlato" <C. > wrote in message
    news:...
    > Mara wrote:
    >
    > > On Sat, 31 Dec 2005 15:13:17 GMT, Mitch <> wrote:

    >
    > <snip>
    >
    > >> I have to laugh at Microsoft's inability to solve this one; it seem
    > >> they just need to rewrite the viewer program or that one library so
    > >> it doesn't open any non-image data. It wouldn't seem to be so tough
    > >> an issue; unless they wrote some of the Windows features that
    > >> actually use the viewer's library to operate, which seems weird.

    > >
    > > Never think that Microsoft isn't able to fix their problems. They're
    > > perfectly capable of doing so. But they're not going to do anything
    > > that might cut into their profit margin.

    >
    > Does releasing yet another patch, to repair yet another exploit, really
    > affect their bottom-line all that much? I wouldn't think so since they do
    > it almost constantly. :)
    >
    > > So, they do stupid things
    > > like build crap into their OSs that force their users to upgrade to
    > > their New And More Numerous Security Breaches OS That Allows
    > > Microsoft Themselves to 0wn Your Machine, or run something else.
    > >
    > > Just from what I've read in various places online, it seems more and
    > > more people are choosing the latter. This isn't a bad thing. After
    > > all, people are expected to take responsibility for their actions. I
    > > see no reason why they shouldn't, too.

    >
    > If by "choosing the latter" you mean migrating to Linux, I don't know whom
    > to believe on that one.
    >
    > Every browser/OS statistics website I go to puts Linux users (not servers)
    > in the 3 to 5% range, and those percentages seem to have remained fairly
    > stable over the past year or so. This is also backed-up by my own website
    > logs. Granted, it's just a small personal website and I have no way of
    > knowing if the stat sites I've visited have an axe to grind, but I

    certainly
    > don't. I couldn't care less what OS or browser people use. And frankly I
    > don't know why so many others do, but that's another thread I guess.
    >
    > The real bottom line is, I think people tend to use whatever works

    easiest,
    > and security be damned. That, and I think that most people are like me.
    > That is to say, technologically challenged. :) I've read quite a bit

    about
    > all the various distibutions of Linux, and I still can't figure out which
    > one would best suit my needs. Nevermind the time I'd waste learning a new
    > OS and fiddling with it until I can get IT to do, what I can already do,
    > with Windows. I'm not knocking Linux, nor am I advocating Microsoft.

    Like
    > I said, I couldn't care less. You're choice of OS is exactly that.

    You're
    > choice. Nobody can force you to use anything you don't wish to use. But
    > quite honestly, I haven't found my fully patched Windows (XP-SP2) to be
    > anywhere near the kind of security risk some would have me believe.
    >
    > I think one of the major problems with open-source stuff is that any Tom,
    > Dick or Harry can come along and modify it any way they want which leads

    to
    > a lot of choices and decisions. And I'm well aware that's a good thing if
    > one has the time and the inclination to care about such things, along with
    > the cognative ability to REALLY understand such things. But I'll freely
    > admit it, I don't. And obviously the vast majority of others don't,

    either.
    > Heck. Most of the people who post to this group can't even form a

    sentence,
    > let alone Google for their answers before posting. So I don't think

    there's
    > much chance they'll be installing Linux anytime soon.
    >
    > >
    > > Now, if I could just convince my employer of that....

    >
    > I heard THAT loud and clear. :)
    >
    >
     
    junkmail, Dec 31, 2005
    #15
  16. junkmail

    Sunny Guest

    "junkmail" <> wrote in message
    news:%4Etf.4666$...
    > ok, still not alot of soloutions lol
    >
    > first off im not infected. so im not woried, and i did the workaround
    > soloutions for now,.
    >
    > but, as i know now, all Versions of windows are affected, and most
    > browsers
    > will allow the download of the exploitable file. though some ask your
    > permission first. :)
    >
    > my original question is still here.
    > from what im reading there are well over 52 variants of this exploit, in
    > the
    > wild. of them, the anti-virus apps only detect and report them, they say
    > nothing about if they can stop them. so,
    >
    > in the event someone gets hit by this, and i have to go and clean it,
    > how?
    >
    > right now, i do know one varient spams all your e-mail friends after it
    > infects your machine. :\
    >
    > soon viruses will be injected on to the pc's i sure hope microcrap issues
    > a
    > patch to correct this asap.


    <snip>
    http://securityresponse.symantec.com/avcenter/venc/data/bloodhound.exploit.56.html
     
    Sunny, Dec 31, 2005
    #16
  17. junkmail

    Trax Guest

    "junkmail" <> wrote:

    |>my original question is still here.
    |>from what im reading there are well over 52 variants of this exploit, in the
    |>wild. of them, the anti-virus apps only detect and report them, they say
    |>nothing about if they can stop them. so,
    |>
    |>in the event someone gets hit by this, and i have to go and clean it, how?

    download and run Process Explorer
    http://www.sysinternals.com/Utilities/ProcessExplorer.html

    Double click on the process(s), reading it's image and command line
    will tell you where to find them. stop the process and delete the
    file/directory.

    Run Regedit and search for the file name(s) deleting them as you find
    them.

    --
    50 Best Firefox Extensions for Power Surfing
    http://tinyurl.com/9usdj
     
    Trax, Dec 31, 2005
    #17
  18. junkmail

    Plato Guest

    junkmail wrote:
    >
    > ok, still not alot of soloutions lol
    >
    > first off im not infected. so im not woried, and i did the workaround
    > soloutions for now,.
    >
    > but, as i know now, all Versions of windows are affected, and most browsers
    > will allow the download of the exploitable file. though some ask your
    > permission first. :)
    >
    > my original question is still here.
    > from what im reading there are well over 52 variants of this exploit, in the


    OK
    First
    But
    My
    I
    I'm
    From
    Though


    --
    http://www.bootdisk.com/
     
    Plato, Dec 31, 2005
    #18
  19. junkmail

    Mara Guest

    On Sat, 31 Dec 2005 23:01:15 GMT, "junkmail" <> wrote:

    >ok, still not alot of soloutions lol
    >
    >first off im not infected. so im not woried, and i did the workaround
    >soloutions for now,.
    >
    >but, as i know now, all Versions of windows are affected, and most browsers
    >will allow the download of the exploitable file. though some ask your
    >permission first. :)
    >
    >my original question is still here.
    >from what im reading there are well over 52 variants of this exploit, in the
    >wild. of them, the anti-virus apps only detect and report them, they say
    >nothing about if they can stop them. so,


    >in the event someone gets hit by this, and i have to go and clean it, how?


    Unregister the SHIMGVW.DLL for some variants. I also found this:

    http://www.f-secure.com/weblog/

    I'm wondering why you didn't find this info.

    <snip>

    --
    If you think technology can solve your security problems, then you
    don't understand the problems and you don't understand the technology.
    -- Bruce Schneider
     
    Mara, Dec 31, 2005
    #19
  20. junkmail

    Mitch Guest

    In article <>, C. DelPlato <
    > wrote:

    > I couldn't care less what OS or browser people use. And frankly I
    > don't know why so many others do, but that's another thread I guess.

    It seems to be a leftover from when publishers produced such different
    HTML code that the browser made a difference.
    Like platform sales percentages: they don't inform you of anything more
    than variety of machines sold for te period. They certainly don't tell
    you how many of each kind are being used, how much each are being used,
    or how professionally or effectively any are being used. It's a useless
    statistic for everyone except retailers, but it's also the easiest
    statistic to acquire.

    > You're choice of OS is exactly that. You're
    > choice. Nobody can force you to use anything you don't wish to use. But

    Sure -- as long as people are accurately and reliably informed that
    they have a choice, and have the ability to compare the various
    options. But how many new buyers know all of that? NONE.

    Plus, there are plenty of situations where you really are forced --
    like at work. So after using just one kind at work, the attitude for
    buying a personal machine changes a lot, and both directions.

    The platform issue is still important. Users need to be reliably
    informed, and there aren't many places to get that. They get hustled
    and cajoled and lied to by people who have strong opinions, need to
    justify their own choices, or are just wrong about the facts.
    The OS _strongly_ affects everything else they will do, how much they
    get out of it and how much they enjoy it.

    > quite honestly, I haven't found my fully patched Windows (XP-SP2) to be
    > anywhere near the kind of security risk some would have me believe.


    Really? So you are running it entirely without any good firewall
    software, without anti-virus, and without anti-spyware?
    I would say that Windows is in desperate need of those protections.
    Anything less requires considerable knowledge and expertise, and that
    would credit the user, not the OS.
     
    Mitch, Jan 2, 2006
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Shawn

    WMF exploit symptom?

    Shawn, Jan 22, 2006, in forum: Computer Information
    Replies:
    0
    Views:
    345
    Shawn
    Jan 22, 2006
  2. Jonny

    WMF Exploit!!!! Install this patch now!

    Jonny, Jan 3, 2006, in forum: Computer Support
    Replies:
    51
    Views:
    1,340
    cquirke (MVP Windows shell/user)
    Jan 6, 2006
  3. Lookout
    Replies:
    1
    Views:
    398
    Beauregard T. Shagnasty
    Jan 7, 2006
  4. Charlie Russel - MVP

    WMF Exploit - Unregestering DLL

    Charlie Russel - MVP, Jan 2, 2006, in forum: Windows 64bit
    Replies:
    23
    Views:
    763
    Charlie Russel - MVP
    Jan 4, 2006
  5. Jud Hendrix

    WMF Exploit: Microsoft Security Advisory updated

    Jud Hendrix, Jan 3, 2006, in forum: Windows 64bit
    Replies:
    0
    Views:
    355
    Jud Hendrix
    Jan 3, 2006
Loading...

Share This Page