1  |   Order by index

Jan 6, 2006, 12:28am

Worth posting here;

There is a MAJOR MAJOR MAJOR update available for MS windows; fixing the WMF
vunerability that has been causing utter chaos on the internet; MS has had
people working on this 24/7 for thousands of man hours.

If you don't have this patch, you are as good as doomed (Should be installed
even if you have the 3rd party User32 Escape() memory patch from IDA)

Forwarded from news://microsoft.public.security

XP
http://www.microsoft.com/downloads/details.aspx?familyid=0c1b4c96-57ae-499e-b89b-215b7bb4d8e9

Server 2003
http://www.microsoft.com/downloads/details.aspx?FamilyID=1584aae0-51ce-47d6-9a03-db5b9077f1f2

2000
http://www.microsoft.com/downloads/details.aspx?FamilyID=aa9e27bd-cb9a-4ef1-92a3-00ffe7b2ac74


XP x64
http://www.microsoft.com/downloads/details.aspx?familyid=3a1166e6-5e9e-4e73-bcd4-28eca6ece877

Windows Server x64
http://www.microsoft.com/downloads/details.aspx?familyid=a8f4dcba-5d28-4d9d-a6a4-3b71108cfe2d


--
- Mark Randall
http://www.temporal-solutions.co.uk
http://zetech.swehli.com

"Those people that think they know everything are a great annoyance to those
of us who do"
Isaac Asimov

Jan 6, 2006, 12:33am

Note: You can uninstall the 3rd party patch once you have covered yourself
with the official one.

--
- Mark Randall
http://www.temporal-solutions.co.uk
http://zetech.swehli.com

"Those people that think they know everything are a great annoyance to those
of us who do"
Isaac Asimov

Jan 6, 2006, 2:39am

Yes, for those of you who don't know the importance of this patch, I will
try and tell you what I know about it. A wmf file is called a Windows Meta
File that is made using Windows Office as a picture and web browsers and
email clients can view this photo on web pages or emails. This file could
contain malicious code to attack your computer and add a harmful virus on it
when all you did was view the photo online. The vulnerability was found very
recently but they say this might be the worse thing to ever come on the web
if hackers decide to make it this way. So PLEASE use those website addresses
Strike Rapier posted to update your computer with the official Microsoft
patch.

-Kenneth



[View Quote]

Jan 6, 2006, 3:19am

I forgot to mention that this Windows Update will most likely be in the next
automatic update if you have them turned on. For more information about
this, go here:
http://www.microsoft.com/athome/security/update/bulletins/200601_WMF.mspx

-Kenneth



[View Quote]

Jan 6, 2006, 3:59am

Now im awake again;

Just for a bit of scary news; you dont even have to open or even view the
image to get infected.

--
- Mark Randall
http://www.temporal-solutions.co.uk
http://zetech.swehli.com

"Those people that think they know everything are a great annoyance to those
of us who do"
Isaac Asimov

[View Quote]

Jan 6, 2006, 5:27am

a few days ago, while surfing (and avoiding sex sites LOL) I clicked on one
of the search addy's. Immediately on the page opening my computer went
haywire. I was not loading a picture or any form of file. I just opened the
address. BAM notices started flying.....a download flashed by.....alarms
went off.... I had a trojan (or 2 as it turned out)

Norton advised me that I was infected. They also advised me that they could
not fix the file as access was denied.

Safemode did not help when I tried scans. It found nothing. Windows
malicious software removal tool found nothing also.

The wallpaper I usually have disappeared to be replaced by a blue screen
with a large notice sayng YOU ARE INFECTED. When I went to control panel to
get rid of it using Display, I noticed that all the choices of wallpapers
were blued out, no access, the 'infected' wallpaper had to stay.

Immediately following a notice from windows appeared, saying I was infected,
click here for updated antispyware. I was advised not to click even though
that message looked real. A friend happened to recognize the symptom of the
wallpaper and yelled DON'T CLICK ANYTHING. I was lucky, who knows what else
I would have gotten

when I tried to X out programs a banner would appear, saying I was infected,
click here, popping down from top of monitor and covering the X for my open
windows. I almost hit that but missed when I saw it appear.

Well done fake windows messages continued to appear, SpySheriff had been
installed. Nasty. Ad-Aware took care of the missing wallpaper, but it could
not take care of the banner or the fake windows messages. It said that it
could not delete the trojans as they were running. Safemode they were not
found at all. On restart it would all start up again.

It has taken me 2 days and much help from people here at AW to clean this
whole mess up, and the last 24 hours has been good. Thanks people : )

If you see anything with the name SpySheriff....or your wallpaper goes
screwey....get ready for a fight.

I loaded 3 programs recommended by Microsoft....free programs....to scan for
trojan. Surprise though although they find them, they want your money in
order to remove them. Uninstalled.

This one is a bitch as it gets in without you doing anything wrong. Into a
fully protected computer, past antivirus, past firewalls. Only a pay program
can remove it. Or screwing with your registry (heh yeah good for some)....

anyway that's the story....SpySheriff....evil

sweets

Jan 6, 2006, 5:37am

[View Quote] Meet me and the MVPs.

news://msnews.microsoft.com/microsoft.public.security
news://msnews.microsoft.com/microsoft.public.security.homeusers

Get SpySherrif victims everrry day.

--
- Mark Randall
http://www.temporal-solutions.co.uk
http://zetech.swehli.com

"Those people that think they know everything are a great annoyance to those
of us who do"
Isaac Asimov

Jan 6, 2006, 6:42am

I went to microsoft yesterday and no updates available....saw your notice so
went back today and there it was....not exactly sure what it is or what it
does but after this week am definately not taking chances....its done
thanks : )
sweets

[View Quote]

1  |   Order by index