Cycling and bicycle discussion forums. 
   Click here to join our community Log in to access your Control Panel  


Go Back   > >

Foo Off-Topic chit chat with no general subject.

User Tag List

Reply
 
Thread Tools Search this Thread
Old 12-28-05, 07:38 PM   #1
mechBgon
Senior Member
Thread Starter
 
mechBgon's Avatar
 
Join Date: Jul 2002
Bikes:
Posts: 6,957
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
~ Resolution ~ The official patch is available 5 days ahead of initial schedule! See instructions below.

1) IF you happen to be such a tech-head that you enabled a Software Restriction Policy, then either set it to not apply to local Administrators, or revert it to Unrestricted.

2) Uninstall the UNofficial patch if you used it. Then reboot.

3) Go to http://www.microsoft.com/technet/sec.../ms06-jan.mspx, scroll down to Affected Software and Download Locations and expand it with the + sign. Click the link next to your version of Windows, and go get your patch

4) Reboot the computer after installing the patch.

5) After the reboot, if you had unregistered the Windows Picture & Fax Viewer, you can now re-register it with the command regsvr32 %windir%\system32\shimgvw.dll (paste this into Start > Run and click OK).


(no, there's no patch for Win98, WinME, or Win95 or Win3.11. They're past the end-of-life phase, folks )






~ Update 5 ~ This exploit is now being used in Spam emails, Instant Messaging worms, banner advertisements (!) and thousands of malicious websites. An unofficial but reputable patch has been added to the Actions list below, and is said to work for Windows2000 and WindowsXP.

If your computer displays a maliciously-constructed .WMF image file (in an email, on a web page, etc), this exploit will run itself without you doing anything. So just visiting a website that's displaying one of these pictures is enough to get infected. There are tons of other ways this could be used to infect you, so take precautions or you may end up face-down in a huge pile of nightmare spyware/adware/viruses/Trojans.




Actions

If you have WindowsXP or Windows2000, download and run this unofficial patch: get the patch from here. Once the vulnerability has been patched "officially" by Microsoft, you can uninstall this unofficial patch using the Add/Remove Programs in Control Panel, it'll be listed. Disclaimer: I haven't tested this on a Windows2000 computer but the Internet Storm Center says it's ok. This patch is endorsed by F-Secure (antivirus company), the Internet Storm Centre, and by Sunbelt (antispam/antispyware/firewall vendor) as the best single blanket defense.

If you have WindowsXP, also click Start > Run, paste this into the box and click OK:
regsvr32 -u %windir%\system32\shimgvw.dll
This "switches off" the most vulnerable piece of WindowsXP for the moment. Once the vulnerability has been patched, you can switch it back on with this command (same one except no -u in it):
regsvr32 %windir%\system32\shimgvw.dll

If you have WindowsXP with Service Pack 2, enable Data Execution Prevention completely Right-click My Computer on your desktop screen or Start menu, and choose Properties. Then do like shown in the picture below. This will only help if your computer's CPU has "hardware DEP" support. If you're curious whether your CPU has hardware DEP capabilities, feel free to ask in the thread




Update your antivirus software's signatures Checking for updates a couple times a day would not be overkill.

If your antivirus software is old-version stuff, get a current-generation version of it. If your antivirus software is a version more than a year old, it's time to move on.

If you have no antivirus software, consider using a basic free one, or install a trial version of a big-name one.
  • I recommend Kaspersky Antivirus Personal 5 if you want to buy one. 30-day trial version. Video clip showing how to configure it for maximum protection: right-click this link and Save Target

  • You can also get trial versions of McAfee's home-user stuff from this page and Symantec/Norton's from this page.

  • The free version of AntiVir is generally regarded as the best freebie antivirus for Windows (from a detection standpoint): http://www.free-av.com You must run the updates manually, and it downloads the whole virus database every time, so it's a bit unwieldy for dial-up users.

  • Don't use more than one antivirus software at a time, because they can clash.

Visit the Windows Update web site every few days to get a patch for the vulnerability when it's ready I'd guess Microsoft will take swift action on this vulnerability and have a patch ready in a few days.

Enabling the Automatic Updates feature on WindowsXP or Windows2000 would be another way to get the patch as quickly as practical.


Look for the Automatic Updates feature in Control Panel

If you have Microsoft Office2000 or later, check your system at the Office Update site as well. You may need to go back for several rounds of updates if you're way out-of-date.

If you have Google Desktop installed, check for updates for it frequently and consider disabling it for now, since it has already been documented by F-Secure that Google Desktop will auto-infect systems when a malicious .WMF file arrives. This is why I'm thinking these could easily spread via P2P networks, since the arrival of the file would trigger exploitation on systems with Google Desktop installed.



Hope that helps someone

Microsoft's preliminary bulletin, for those who are interested.

Last edited by mechBgon; 01-07-06 at 03:18 PM.
mechBgon is offline   Reply With Quote
Old 12-28-05, 07:52 PM   #2
chipcom 
Infamous Member
 
chipcom's Avatar
 
Join Date: Sep 2005
Location: Ohio
Bikes: Surly Big Dummy, Fuji World, 80ish Bianchi
Posts: 24,366
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Don't forget ClamWin, which is open source and free.
http://www.clamwin.com/
__________________
"Let us hope our weapons are never needed --but do not forget what the common people knew when they demanded the Bill of Rights: An armed citizenry is the first defense, the best defense, and the final defense against tyranny. If guns are outlawed, only the government will have guns. Only the police, the secret police, the military, the hired servants of our rulers. Only the government -- and a few outlaws. I intend to be among the outlaws" - Edward Abbey
chipcom is offline   Reply With Quote
Old 12-28-05, 07:59 PM   #3
mechBgon
Senior Member
Thread Starter
 
mechBgon's Avatar
 
Join Date: Jul 2002
Bikes:
Posts: 6,957
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Quote:
Originally Posted by chipcom
Don't forget ClamWin, which is open source and free.
http://www.clamwin.com/
Good one and here's another that's free for home use (although not open-source): Avast This one has automatic updates and doesn't take a long time to update, although its tested detection rates tend to be a little lower. How's the update speed on Clam, are the updates pretty small?

More security resources and stuff here... firewalls, spyware removal/prevention, etc: Consolidated Security Thread
mechBgon is offline   Reply With Quote
Old 12-28-05, 08:02 PM   #4
CMcMahon
member
 
Join Date: Oct 2004
Location: San Jose, CA
Bikes: Solid AA
Posts: 4,751
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
"Windows users: just use Linux" seems like a better thread title.
CMcMahon is offline   Reply With Quote
Old 12-28-05, 08:06 PM   #5
mechBgon
Senior Member
Thread Starter
 
mechBgon's Avatar
 
Join Date: Jul 2002
Bikes:
Posts: 6,957
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Quote:
Originally Posted by Beerman
"Windows users: just use Linux" seems like a better thread title.
Do you want me to alert everyone to the new Linux worm in this thread, or shall I start another?

mechBgon is offline   Reply With Quote
Old 12-28-05, 09:21 PM   #6
EJ123
'05 NUEser
 
EJ123's Avatar
 
Join Date: Aug 2005
Bikes:
Posts: 3,370
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Woah lol. I dont know if this is the same thing, but since I was downloading a ton of songs the last few

days on my shareware and then all of a sudden 43 internet explorers popped up at the same time. I was

like shoot. Then i restarted my comp and all the songs were gone ! I did the full destructive system

recovery for my comp and the next day i open ares click on a paused song that was there when i

reinstalled Ares and now 53 IE's popped up. And if I click |X|, more pop up .
EJ123 is offline   Reply With Quote
Old 12-28-05, 09:25 PM   #7
phantomcow2
la vache fantôme
 
phantomcow2's Avatar
 
Join Date: Aug 2004
Location: NH
Bikes:
Posts: 6,266
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
I've got to say, since switching to Fedora Core, not having to worry about a new critical update 1-2x a week is nice
__________________
C://dos
C://dos.run
run.dos.run
phantomcow2 is offline   Reply With Quote
Old 12-28-05, 09:38 PM   #8
mechBgon
Senior Member
Thread Starter
 
mechBgon's Avatar
 
Join Date: Jul 2002
Bikes:
Posts: 6,957
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Quote:
Originally Posted by EJ123
Woah lol. I dont know if this is the same thing, but since I was downloading a ton of songs the last few

days on my shareware and then all of a sudden 43 internet explorers popped up at the same time. I was

like shoot. Then i restarted my comp and all the songs were gone ! I did the full destructive system

recovery for my comp and the next day i open ares click on a paused song that was there when i

reinstalled Ares and now 53 IE's popped up. And if I click |X|, more pop up .
Can I suggest that you try out that 30-day trial of Kaspersky and configure/update it like my lil' movie shows, then run a full scan? It's good stuff It uninstalls cleanly if you decide not to purchase after the 30 days.
mechBgon is offline   Reply With Quote
Old 12-28-05, 09:48 PM   #9
EJ123
'05 NUEser
 
EJ123's Avatar
 
Join Date: Aug 2005
Bikes:
Posts: 3,370
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
i have Nortan antivirus is that ok. But I havent fully installed it.
EJ123 is offline   Reply With Quote
Old 12-28-05, 09:51 PM   #10
bigskymacadam
so whatcha' want?
 
bigskymacadam's Avatar
 
Join Date: Mar 2005
Location: Charlotte, NC
Bikes:
Posts: 1,709
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 1 Post(s)
avast is pretty good at catching the exploit. mcafee catches half, but let's an smtp server install. the port blocking however stops traffic, but it's lame that there's still exe's running.

i'm gonna try that clamwin ... see what that catches.
__________________

Cycling Rocks! | Local Race Photos
bigskymacadam is offline   Reply With Quote
Old 12-28-05, 11:14 PM   #11
my58vw
Meow!
 
my58vw's Avatar
 
Join Date: Sep 2004
Location: Riverside, California
Bikes: Trek 2100 Road Bike, Full DA10, Cervelo P2K TT bike, Full DA10, Giant Boulder Steel Commuter
Posts: 6,025
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Funny, one of those fiiles just appeared on my desktop on my mac... great to use mac!
__________________
Just your average club rider... :)
my58vw is offline   Reply With Quote
Old 12-28-05, 11:48 PM   #12
MadMan2k
Canon fiend
 
MadMan2k's Avatar
 
Join Date: May 2004
Location: San Diego, CA
Bikes: old peugot frankenbike
Posts: 3,914
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
EJ: I'd recommend using a different browser, and some anti-spyware programs. I use Opera, but Firefox is very good too. For anti-spyware, I recommend Microsoft AntiSpyware.

And, if you don't have them, Ad-Aware and Spybot are good to run every couple weeks, to check for problems. But if you use programs that are full of spyware, you'll have to uninstall those before you can remove the stuff with any tool...

Some of these viruses worry me more than a little, but I don't trust antivirus programs much... Norton seems to be good as far as keeping stuff off (not removing it, mind you), but the 2006 version is so bloated it's ********. Not to mention if the install corrupts (which... is gonna happen... a lot...), it's a lot more of a pain in the rear to remove and reinstall than the previous versions were. I thought 2005 was the worst piece of software they ever labeled as an antivirus program until they released 2006.

I'll stick to my DOS-based McAfee scan with the latest free definitions, but only to be used after the fact
Of course, that's a bad policy, that's what backups are for.
__________________
jonbuder.com
MadMan2k is offline   Reply With Quote
Old 12-29-05, 01:21 AM   #13
mechBgon
Senior Member
Thread Starter
 
mechBgon's Avatar
 
Join Date: Jul 2002
Bikes:
Posts: 6,957
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Quote:
Originally Posted by EJ123
i have Nortan antivirus is that ok. But I havent fully installed it.
Based on what you said about 50 browser windows opening, it seems rather likely that your protection isn't working. You might want to try uninstalling Norton, installing the Kaspersky trialware, configuring it, updating it, and running a full system scan.

*keeps trying to herd the cats*
mechBgon is offline   Reply With Quote
Old 12-29-05, 01:31 AM   #14
blue_neon
Elite Rep
 
Join Date: Aug 2004
Location: Melbourne - Australia
Bikes:
Posts: 2,096
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Thanks for all of the mechBogn! Just updated anti-virus, i'll check for some windows updates now while i'm at it!
blue_neon is offline   Reply With Quote
Old 12-29-05, 01:49 AM   #15
blue_neon
Elite Rep
 
Join Date: Aug 2004
Location: Melbourne - Australia
Bikes:
Posts: 2,096
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
[rant]Pathetic Microsoft, just been to those update sites. Hopeless, shakes my head with shame at them once more. Yes I hate microsoft and thats why i dont use or try not to use any of their software, but what bugs me...you need to USE internet explorer to visit the site and DOWNLOAD the updates. Sorry no better browsers allowed, pathetic they are, there only way of getting people to actually use the sh5t house program. [/rant]

Unless of course there is a good explination
blue_neon is offline   Reply With Quote
Old 12-29-05, 02:01 AM   #16
mechBgon
Senior Member
Thread Starter
 
mechBgon's Avatar
 
Join Date: Jul 2002
Bikes:
Posts: 6,957
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Quote:
Originally Posted by blue_neon
[rant]Pathetic Microsoft, just been to those update sites. Hopeless, shakes my head with shame at them once more. Yes I hate microsoft and thats why i dont use or try not to use any of their software, but what bugs me...you need to USE internet explorer to visit the site and DOWNLOAD the updates. Sorry no better browsers allowed, pathetic they are, there only way of getting people to actually use the sh5t house program. [/rant]

Unless of course there is a good explination
The Windows Update site uses ActiveX to figure out what you need, and Internet Explorer is the browser with ActiveX capabilities. Buuuuut... if you simply enable Automatic Updates in Control Panel, then you don't even need to visit their site at all, the computer will just check daily to see if it's got everything or not. That any help?




Microsoft now has a preliminary bulletin up regarding this exploit. They said that the exploit only gains the privilege level of the user. That's welcome news.
mechBgon is offline   Reply With Quote
Old 12-29-05, 02:27 AM   #17
blue_neon
Elite Rep
 
Join Date: Aug 2004
Location: Melbourne - Australia
Bikes:
Posts: 2,096
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Oh I see! Thats good to know i didn't know about that Update thing in control panel well I've seen it but never used it. Then again, I havn't updated in a looooong time so its going to take a while to get it all installed and up to date, I still hope it all works since its toture downloading these on dialup .
blue_neon is offline   Reply With Quote
Old 12-29-05, 02:35 AM   #18
mechBgon
Senior Member
Thread Starter
 
mechBgon's Avatar
 
Join Date: Jul 2002
Bikes:
Posts: 6,957
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
I'm on dial-up too, it stinks! If you happen to have Windows XP with Service Pack 2 installed, then see the first post for another safeguard that you can switch on (Data Execution Prevention), the big picture shows it.

If you don't have Service Pack 2 yet, you can order it on a CD-ROM for the cost of shipping too: international ordering page
mechBgon is offline   Reply With Quote
Old 12-29-05, 03:13 AM   #19
blue_neon
Elite Rep
 
Join Date: Aug 2004
Location: Melbourne - Australia
Bikes:
Posts: 2,096
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Nope, no XP for me.

Great i've done and install of some major service pack and its asking me for the 2000 SR-1 cd...which I dont think I have :S. I have the second one.
blue_neon is offline   Reply With Quote
Old 12-29-05, 03:19 AM   #20
blue_neon
Elite Rep
 
Join Date: Aug 2004
Location: Melbourne - Australia
Bikes:
Posts: 2,096
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Nope can't find it . I discovered an ancient qwindows 95 and windows 97 install but I can't locate the SR-1 disk for Office 2000! What a waste of downloading 11mb on dialup .

mechBgon...will ANY SR-1 disk do? If I got one off a friend or something it would still work with what is required to install these updates?
blue_neon is offline   Reply With Quote
Old 12-29-05, 03:26 AM   #21
mechBgon
Senior Member
Thread Starter
 
mechBgon's Avatar
 
Join Date: Jul 2002
Bikes:
Posts: 6,957
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Quote:
Originally Posted by blue_neon
Nope can't find it . I discovered an ancient qwindows 95 and windows 97 install but I can't locate the SR-1 disk for Office 2000! What a waste of downloading 11mb on dialup .

mechBgon...will ANY SR-1 disk do? If I got one off a friend or something it would still work with what is required to install these updates?
I think it would work as long as the disk is 1) the right Service Pack level, 2) the same type (Office2000 Pro/Small-Biz/whatever), and 3) it's the right sort (OEM versus Retail-boxed). As far as I know, Office2000 CDs aren't unique-ified to where it would pout and demand YOUR disc, I think it just wants to use the source files.


If your original disc is the no-Service-Packs version and you've just got Service Pack 1a downloaded, then brace for this: next up is Service Pack 3, and then about 9 more post-SP3 patches

*flees from hail of rotten tomatoes*
mechBgon is offline   Reply With Quote
Old 12-29-05, 03:35 AM   #22
blue_neon
Elite Rep
 
Join Date: Aug 2004
Location: Melbourne - Australia
Bikes:
Posts: 2,096
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
*start>programs>internet explorer...update site.......................................check for updates....30% complete......50%.......60%..............70%......90%....99%.........*

...hmm I am being asked to download service pack 3...then 6 more smaller updates (sercurity etc.). Pheff.

If I can't get access to the SR-1 disk, can I like contact Microsoft or someone to get one posted or what?
blue_neon is offline   Reply With Quote
Old 12-29-05, 04:01 AM   #23
blue_neon
Elite Rep
 
Join Date: Aug 2004
Location: Melbourne - Australia
Bikes:
Posts: 2,096
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Yay I found the CD, plus i didn't have to download it again! Its now installing them in .
blue_neon is offline   Reply With Quote
Old 12-29-05, 05:25 PM   #24
mechBgon
Senior Member
Thread Starter
 
mechBgon's Avatar
 
Join Date: Jul 2002
Bikes:
Posts: 6,957
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Good to hear you survived that

I hope people don't underestimate the potential of this threat. This exploit has now been added to rotational banner advertisements, folks.

See this video clip by Sunbelt's security researchers if you want to see how easily you can get hit: http://www.sunbelt-software.com/ihs/...ecat122905.wmv Don't let this be you.

~ heeeeed myyyyyyy warninggggggg
mechBgon is offline   Reply With Quote
Old 12-30-05, 05:15 AM   #25
mechBgon
Senior Member
Thread Starter
 
mechBgon's Avatar
 
Join Date: Jul 2002
Bikes:
Posts: 6,957
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
The original post is updated with another countermeasure.
mechBgon is offline   Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



All times are GMT -6. The time now is 11:19 AM.