Advertise on Bikeforums.net



User Tag List

Page 1 of 3 123 LastLast
Results 1 to 25 of 60
  1. #1
    Senior Member mechBgon's Avatar
    Join Date
    Jul 2002
    Posts
    6,957
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    ~ Resolution ~ The official patch is available 5 days ahead of initial schedule! See instructions below.

    1) IF you happen to be such a tech-head that you enabled a Software Restriction Policy, then either set it to not apply to local Administrators, or revert it to Unrestricted.

    2) Uninstall the UNofficial patch if you used it. Then reboot.

    3) Go to http://www.microsoft.com/technet/sec.../ms06-jan.mspx, scroll down to Affected Software and Download Locations and expand it with the + sign. Click the link next to your version of Windows, and go get your patch

    4) Reboot the computer after installing the patch.

    5) After the reboot, if you had unregistered the Windows Picture & Fax Viewer, you can now re-register it with the command regsvr32 %windir%\system32\shimgvw.dll (paste this into Start > Run and click OK).


    (no, there's no patch for Win98, WinME, or Win95 or Win3.11. They're past the end-of-life phase, folks )






    ~ Update 5 ~ This exploit is now being used in Spam emails, Instant Messaging worms, banner advertisements (!) and thousands of malicious websites. An unofficial but reputable patch has been added to the Actions list below, and is said to work for Windows2000 and WindowsXP.

    If your computer displays a maliciously-constructed .WMF image file (in an email, on a web page, etc), this exploit will run itself without you doing anything. So just visiting a website that's displaying one of these pictures is enough to get infected. There are tons of other ways this could be used to infect you, so take precautions or you may end up face-down in a huge pile of nightmare spyware/adware/viruses/Trojans.




    Actions

    If you have WindowsXP or Windows2000, download and run this unofficial patch: get the patch from here. Once the vulnerability has been patched "officially" by Microsoft, you can uninstall this unofficial patch using the Add/Remove Programs in Control Panel, it'll be listed. Disclaimer: I haven't tested this on a Windows2000 computer but the Internet Storm Center says it's ok. This patch is endorsed by F-Secure (antivirus company), the Internet Storm Centre, and by Sunbelt (antispam/antispyware/firewall vendor) as the best single blanket defense.

    If you have WindowsXP, also click Start > Run, paste this into the box and click OK:
    regsvr32 -u %windir%\system32\shimgvw.dll
    This "switches off" the most vulnerable piece of WindowsXP for the moment. Once the vulnerability has been patched, you can switch it back on with this command (same one except no -u in it):
    regsvr32 %windir%\system32\shimgvw.dll

    If you have WindowsXP with Service Pack 2, enable Data Execution Prevention completely Right-click My Computer on your desktop screen or Start menu, and choose Properties. Then do like shown in the picture below. This will only help if your computer's CPU has "hardware DEP" support. If you're curious whether your CPU has hardware DEP capabilities, feel free to ask in the thread




    Update your antivirus software's signatures Checking for updates a couple times a day would not be overkill.

    If your antivirus software is old-version stuff, get a current-generation version of it. If your antivirus software is a version more than a year old, it's time to move on.

    If you have no antivirus software, consider using a basic free one, or install a trial version of a big-name one.
    • I recommend Kaspersky Antivirus Personal 5 if you want to buy one. 30-day trial version. Video clip showing how to configure it for maximum protection: right-click this link and Save Target

    • You can also get trial versions of McAfee's home-user stuff from this page and Symantec/Norton's from this page.

    • The free version of AntiVir is generally regarded as the best freebie antivirus for Windows (from a detection standpoint): http://www.free-av.com You must run the updates manually, and it downloads the whole virus database every time, so it's a bit unwieldy for dial-up users.

    • Don't use more than one antivirus software at a time, because they can clash.


    Visit the Windows Update web site every few days to get a patch for the vulnerability when it's ready I'd guess Microsoft will take swift action on this vulnerability and have a patch ready in a few days.

    Enabling the Automatic Updates feature on WindowsXP or Windows2000 would be another way to get the patch as quickly as practical.


    Look for the Automatic Updates feature in Control Panel

    If you have Microsoft Office2000 or later, check your system at the Office Update site as well. You may need to go back for several rounds of updates if you're way out-of-date.

    If you have Google Desktop installed, check for updates for it frequently and consider disabling it for now, since it has already been documented by F-Secure that Google Desktop will auto-infect systems when a malicious .WMF file arrives. This is why I'm thinking these could easily spread via P2P networks, since the arrival of the file would trigger exploitation on systems with Google Desktop installed.



    Hope that helps someone

    Microsoft's preliminary bulletin, for those who are interested.

  2. #2
    Infamous Member chipcom's Avatar
    Join Date
    Sep 2005
    Location
    Ohio
    My Bikes
    Surly Big Dummy, Fuji World, 80ish Bianchi
    Posts
    24,373
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Don't forget ClamWin, which is open source and free.
    http://www.clamwin.com/
    "Let us hope our weapons are never needed --but do not forget what the common people knew when they demanded the Bill of Rights: An armed citizenry is the first defense, the best defense, and the final defense against tyranny. If guns are outlawed, only the government will have guns. Only the police, the secret police, the military, the hired servants of our rulers. Only the government -- and a few outlaws. I intend to be among the outlaws" - Edward Abbey

  3. #3
    Senior Member mechBgon's Avatar
    Join Date
    Jul 2002
    Posts
    6,957
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by chipcom
    Don't forget ClamWin, which is open source and free.
    http://www.clamwin.com/
    Good one and here's another that's free for home use (although not open-source): Avast This one has automatic updates and doesn't take a long time to update, although its tested detection rates tend to be a little lower. How's the update speed on Clam, are the updates pretty small?

    More security resources and stuff here... firewalls, spyware removal/prevention, etc: Consolidated Security Thread

  4. #4
    member
    Join Date
    Oct 2004
    Location
    San Jose, CA
    My Bikes
    Solid AA
    Posts
    4,751
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    "Windows users: just use Linux" seems like a better thread title.

  5. #5
    Senior Member mechBgon's Avatar
    Join Date
    Jul 2002
    Posts
    6,957
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Beerman
    "Windows users: just use Linux" seems like a better thread title.
    Do you want me to alert everyone to the new Linux worm in this thread, or shall I start another?


  6. #6
    '05 NUEser EJ123's Avatar
    Join Date
    Aug 2005
    Posts
    3,374
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Woah lol. I dont know if this is the same thing, but since I was downloading a ton of songs the last few

    days on my shareware and then all of a sudden 43 internet explorers popped up at the same time. I was

    like shoot. Then i restarted my comp and all the songs were gone ! I did the full destructive system

    recovery for my comp and the next day i open ares click on a paused song that was there when i

    reinstalled Ares and now 53 IE's popped up. And if I click |X|, more pop up .

  7. #7
    la vache fantôme phantomcow2's Avatar
    Join Date
    Aug 2004
    Location
    NH
    Posts
    6,266
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I've got to say, since switching to Fedora Core, not having to worry about a new critical update 1-2x a week is nice
    C://dos
    C://dos.run
    run.dos.run

  8. #8
    Senior Member mechBgon's Avatar
    Join Date
    Jul 2002
    Posts
    6,957
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by EJ123
    Woah lol. I dont know if this is the same thing, but since I was downloading a ton of songs the last few

    days on my shareware and then all of a sudden 43 internet explorers popped up at the same time. I was

    like shoot. Then i restarted my comp and all the songs were gone ! I did the full destructive system

    recovery for my comp and the next day i open ares click on a paused song that was there when i

    reinstalled Ares and now 53 IE's popped up. And if I click |X|, more pop up .
    Can I suggest that you try out that 30-day trial of Kaspersky and configure/update it like my lil' movie shows, then run a full scan? It's good stuff It uninstalls cleanly if you decide not to purchase after the 30 days.

  9. #9
    '05 NUEser EJ123's Avatar
    Join Date
    Aug 2005
    Posts
    3,374
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    i have Nortan antivirus is that ok. But I havent fully installed it.

  10. #10
    so whatcha' want? bigskymacadam's Avatar
    Join Date
    Mar 2005
    Location
    Charlotte, NC
    Posts
    1,709
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    avast is pretty good at catching the exploit. mcafee catches half, but let's an smtp server install. the port blocking however stops traffic, but it's lame that there's still exe's running.

    i'm gonna try that clamwin ... see what that catches.

  11. #11
    Meow! my58vw's Avatar
    Join Date
    Sep 2004
    Location
    Riverside, California
    My Bikes
    Trek 2100 Road Bike, Full DA10, Cervelo P2K TT bike, Full DA10, Giant Boulder Steel Commuter
    Posts
    6,025
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Funny, one of those fiiles just appeared on my desktop on my mac... great to use mac!
    Just your average club rider... :)

  12. #12
    Canon fiend MadMan2k's Avatar
    Join Date
    May 2004
    Location
    San Diego, CA
    My Bikes
    old peugot frankenbike
    Posts
    3,915
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    EJ: I'd recommend using a different browser, and some anti-spyware programs. I use Opera, but Firefox is very good too. For anti-spyware, I recommend Microsoft AntiSpyware.

    And, if you don't have them, Ad-Aware and Spybot are good to run every couple weeks, to check for problems. But if you use programs that are full of spyware, you'll have to uninstall those before you can remove the stuff with any tool...

    Some of these viruses worry me more than a little, but I don't trust antivirus programs much... Norton seems to be good as far as keeping stuff off (not removing it, mind you), but the 2006 version is so bloated it's ********. Not to mention if the install corrupts (which... is gonna happen... a lot...), it's a lot more of a pain in the rear to remove and reinstall than the previous versions were. I thought 2005 was the worst piece of software they ever labeled as an antivirus program until they released 2006.

    I'll stick to my DOS-based McAfee scan with the latest free definitions, but only to be used after the fact
    Of course, that's a bad policy, that's what backups are for.

  13. #13
    Senior Member mechBgon's Avatar
    Join Date
    Jul 2002
    Posts
    6,957
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by EJ123
    i have Nortan antivirus is that ok. But I havent fully installed it.
    Based on what you said about 50 browser windows opening, it seems rather likely that your protection isn't working. You might want to try uninstalling Norton, installing the Kaspersky trialware, configuring it, updating it, and running a full system scan.

    *keeps trying to herd the cats*

  14. #14
    Elite Rep
    Join Date
    Aug 2004
    Location
    Melbourne - Australia
    Posts
    2,097
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks for all of the mechBogn! Just updated anti-virus, i'll check for some windows updates now while i'm at it!

  15. #15
    Elite Rep
    Join Date
    Aug 2004
    Location
    Melbourne - Australia
    Posts
    2,097
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    [rant]Pathetic Microsoft, just been to those update sites. Hopeless, shakes my head with shame at them once more. Yes I hate microsoft and thats why i dont use or try not to use any of their software, but what bugs me...you need to USE internet explorer to visit the site and DOWNLOAD the updates. Sorry no better browsers allowed, pathetic they are, there only way of getting people to actually use the sh5t house program. [/rant]

    Unless of course there is a good explination

  16. #16
    Senior Member mechBgon's Avatar
    Join Date
    Jul 2002
    Posts
    6,957
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by blue_neon
    [rant]Pathetic Microsoft, just been to those update sites. Hopeless, shakes my head with shame at them once more. Yes I hate microsoft and thats why i dont use or try not to use any of their software, but what bugs me...you need to USE internet explorer to visit the site and DOWNLOAD the updates. Sorry no better browsers allowed, pathetic they are, there only way of getting people to actually use the sh5t house program. [/rant]

    Unless of course there is a good explination
    The Windows Update site uses ActiveX to figure out what you need, and Internet Explorer is the browser with ActiveX capabilities. Buuuuut... if you simply enable Automatic Updates in Control Panel, then you don't even need to visit their site at all, the computer will just check daily to see if it's got everything or not. That any help?




    Microsoft now has a preliminary bulletin up regarding this exploit. They said that the exploit only gains the privilege level of the user. That's welcome news.

  17. #17
    Elite Rep
    Join Date
    Aug 2004
    Location
    Melbourne - Australia
    Posts
    2,097
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Oh I see! Thats good to know i didn't know about that Update thing in control panel well I've seen it but never used it. Then again, I havn't updated in a looooong time so its going to take a while to get it all installed and up to date, I still hope it all works since its toture downloading these on dialup .

  18. #18
    Senior Member mechBgon's Avatar
    Join Date
    Jul 2002
    Posts
    6,957
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I'm on dial-up too, it stinks! If you happen to have Windows XP with Service Pack 2 installed, then see the first post for another safeguard that you can switch on (Data Execution Prevention), the big picture shows it.

    If you don't have Service Pack 2 yet, you can order it on a CD-ROM for the cost of shipping too: international ordering page

  19. #19
    Elite Rep
    Join Date
    Aug 2004
    Location
    Melbourne - Australia
    Posts
    2,097
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Nope, no XP for me.

    Great i've done and install of some major service pack and its asking me for the 2000 SR-1 cd...which I dont think I have :S. I have the second one.

  20. #20
    Elite Rep
    Join Date
    Aug 2004
    Location
    Melbourne - Australia
    Posts
    2,097
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Nope can't find it . I discovered an ancient qwindows 95 and windows 97 install but I can't locate the SR-1 disk for Office 2000! What a waste of downloading 11mb on dialup .

    mechBgon...will ANY SR-1 disk do? If I got one off a friend or something it would still work with what is required to install these updates?

  21. #21
    Senior Member mechBgon's Avatar
    Join Date
    Jul 2002
    Posts
    6,957
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by blue_neon
    Nope can't find it . I discovered an ancient qwindows 95 and windows 97 install but I can't locate the SR-1 disk for Office 2000! What a waste of downloading 11mb on dialup .

    mechBgon...will ANY SR-1 disk do? If I got one off a friend or something it would still work with what is required to install these updates?
    I think it would work as long as the disk is 1) the right Service Pack level, 2) the same type (Office2000 Pro/Small-Biz/whatever), and 3) it's the right sort (OEM versus Retail-boxed). As far as I know, Office2000 CDs aren't unique-ified to where it would pout and demand YOUR disc, I think it just wants to use the source files.


    If your original disc is the no-Service-Packs version and you've just got Service Pack 1a downloaded, then brace for this: next up is Service Pack 3, and then about 9 more post-SP3 patches

    *flees from hail of rotten tomatoes*

  22. #22
    Elite Rep
    Join Date
    Aug 2004
    Location
    Melbourne - Australia
    Posts
    2,097
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    *start>programs>internet explorer...update site.......................................check for updates....30% complete......50%.......60%..............70%......90%....99%.........*

    ...hmm I am being asked to download service pack 3...then 6 more smaller updates (sercurity etc.). Pheff.

    If I can't get access to the SR-1 disk, can I like contact Microsoft or someone to get one posted or what?

  23. #23
    Elite Rep
    Join Date
    Aug 2004
    Location
    Melbourne - Australia
    Posts
    2,097
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yay I found the CD, plus i didn't have to download it again! Its now installing them in .

  24. #24
    Senior Member mechBgon's Avatar
    Join Date
    Jul 2002
    Posts
    6,957
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Good to hear you survived that

    I hope people don't underestimate the potential of this threat. This exploit has now been added to rotational banner advertisements, folks.

    See this video clip by Sunbelt's security researchers if you want to see how easily you can get hit: http://www.sunbelt-software.com/ihs/...ecat122905.wmv Don't let this be you.

    ~ heeeeed myyyyyyy warninggggggg

  25. #25
    Senior Member mechBgon's Avatar
    Join Date
    Jul 2002
    Posts
    6,957
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    The original post is updated with another countermeasure.

Page 1 of 3 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •