had installed Ilfak Guilfanov's patch v. MS patch

Discussion in 'Computer Security' started by none, Jan 8, 2006.

  1. none

    none Guest

    I installed this Guilfanov
    patch for the WMF vulnerability a
    couple of weeks ago. I'd read on GRC's pages that
    this install would show up in the add/remove section,
    and could be removed from there,
    but didn't check to see. After MS put out the patch
    I considered unistalling Guilfanov's and looked. It
    wasn't listed. I installed MS patch over the top,
    and noted no problem.

    Oddly enough, when I went back to review GRC's pages
    I could not find any information about uninstalling
    Guilfanov's patch!

    With all the paranoia there about CIA, NSA, etc..,
    I'm beginning to wonder if I haven't installed the
    real trojan, which is Guilfanov's!

    Any help on all this?
     
    none, Jan 8, 2006
    #1
    1. Advertisements

  2. none

    Donnie Guest

    ##############################################
    http://www.hexblog.com/
    According to Guilfanov, that's the way to uninstall it. Run
    netstat -an to look for any unwanted connections if you think that you
    installed a trojan instead.
    It could be that it never really installed in the first place. See if it's
    in the startup on msconfig and look in the registry
    HKLM
    Software
    Microsoft
    Windows
    Run
    ################################################
     
    Donnie, Jan 9, 2006
    #2
    1. Advertisements

  3. none

    Donnie Guest

    Reading a little further, I see that MS says that w2k sp4 is vunerable. Does
    that mean that w2k running any sp other than 4 is NOT vunerable?
    donnie
    ##################################
     
    Donnie, Jan 9, 2006
    #3
  4. none

    none Guest

    Apparently, from this page:
    http://castlecops.com/a6445-WMF_Exploit_FAQ.html
    The uninstall for this hotfix is inside the following folder;
    #21
    # Can I un-install the hotfix across a network?

    Yes, the un-installer is found here:

    c:\Program Files\WindowMetafile\Fixunins000.exe

    Have yet to reboot and return to Windows update to see if I
    still have their fix, and/or how to remove it and then reinstall it.
     
    none, Jan 9, 2006
    #4
  5. none

    Ant Guest

    I can confirm that W2k SP2 *is* vulnerable.
     
    Ant, Jan 9, 2006
    #5
  6. none

    Jim Watt Guest

    I imagine they say that as its the most recent (last) service pack;

    Yesterday whilst web browsing for hymn sheets, I got instead
    some adult educational material which wanted to send me
    ..wmf files - so the exploit is out there.
     
    Jim Watt, Jan 9, 2006
    #6
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.