New Windows Virus With No Fix!!!

[chrisdavis]

Copied from another source

There is a very big virus at the moment on the internet using a flaw available in a fully patched Windows XP SP2 system (A flaw? In Windows? ORLY?) that can make a hacker take control of your computer. All you need to do to be infected is to view an infected image on a webpage. Firefox users are only HALF protected, because it will ask you if you want to save it or run it. Internet explorer users will NOT be prompted.

It is believed that people with an AMD Athlon 64 processor MIGHT be protected against that threat (Thanks to the Malicious software protection on the chip, that Windows XP 64bit supports), but that is not proven yet.

Microsoft has yet to provide a patch for this vulnerability.

But here's a temporary workaround for that vulnerability available.
Please note that I am not responsible for any damage done to your computer by this workaround.

Workaround:



---------------------------------------------------------- ----------------------

quote:
------------------------------------------------------------------- -------------

1) Close any Internet Explorer window.
2) Start, Run and write: regsvr32 -u %windir%\system32\shimgvw.dll
This will cause that this DLL that is the problem of this vulnerability will not be registered.
------------------------------------------------------------------- -------------



PLEASE NOTE THOUGH THAT THIS FIX HAS AN IMPACT!

---------------------------------------------------------------- ----------------

quote:
------------------------------------------------------------------- -------------
Impact of Workaround: The Windows Picture and Fax Viewer will no longer be started when users click on a link to an image type that is associated with the Windows Picture and Fax Viewer. To undo this change, re-register Shimgvw.dll by following the above steps. Replace the text in Step 2 with “regsvr32 %windir%/system32/shimgvw.dll” (without the quotation marks).
------------------------------------------------------------------- -------------

[JustinSane110™]

*switches from IE window to Firefox window*

[Deaf Pimp]

Its a hoax.

[ct9a gsr]

There's always a fix for every virus. =]

[Ruiner]

Its a hoax.

Sure?

Thursday, December 29, 2005

WMF, day 2 Posted by Mikko @ 08:30 GMT Microsoft and CERT.ORG have issued bulletins on the Windows Metafile vulnerability:
http://www.microsoft.com/technet/sec...ry/912840.mspx
http://www.kb.cert.org/vuls/id/181038

Microsoft's bulletin confirms that this vulnerability applies to all the main versions of Windows: Windows ME, Windows 2000, Windows XP and Windows 2003.

They also list the REGSVR32 workaround. It's a good idea to use this while waiting for a patch. To quote Microsoft's bulletin:

Un-register the Windows Picture and Fax Viewer (Shimgvw.dll)

1. Click Start, click Run, type "regsvr32 -u %windir%\system32\shimgvw.dll"
(without the quotation marks), and then click OK.

2. A dialog box appears to confirm that the un-registration process has succeeded.
Click OK to close the dialog box.

Impact of Workaround: The Windows Picture and Fax Viewer will no longer be started
when users click on a link to an image type that is associated with the Windows Picture and Fax Viewer.

To undo this change, re-register Shimgvw.dll by following the above steps.
Replace the text in Step 1 with “regsvr32 %windir%\system32\shimgvw.dll” (without the quotation marks).

This workaround is better than just trying to filter files with a WMF extension. There are methods where files with other image extensions (such as BMP, GIF, PNG, JPG, JPEG, JPE, JFIF, DIB, RLE, EMF, TIF, TIFF or ICO) could be used to exploit a vulnerable machine.

We got several questions on our note on Google Desktop yesterday. Bottom line is that if an image file with the exploit ends up to your hard drive, Google Desktop will try to index it and will execute the exploit in the process. There are several ways such a file could end up to the local drive. And this indexing-will-execute problem might happen with other desktop search engines too.

And finally, you might want to start to filter these domains at your corporate firewalls too. Do not visit them.

toolbarbiz[dot]biz
toolbarsite[dot]biz
toolbartraff[dot]biz
toolbarurl[dot]biz
buytoolbar[dot]biz
buytraff[dot]biz
iframebiz[dot]biz
iframecash[dot]biz
iframesite[dot]biz
iframetraff[dot]biz
iframeurl[dot]biz

So far, we've only seen this exploit being used to install spyware or fake antispyware / antivirus software on the affected machines. I'm afraid we'll see real viruses using this soon.

We've seen 57 different versions of malicious WMF files so far. We detect them all as PFV-Exploit.

[5thgcelica]

well..im always on firefox..and i have 64bit. so....

[Nittanys1]

man I JUST had three computers F up last night and spent till 3 am installing XP on two of them...the third one is fried fried fried!!! i saw a green spark...guess I shouldn't have stuck the screw driver in there.....

this is for SP 2 you say? I have SP 1a so should I not be in trouble? ohh and I always run firefox..ever since i had it on my mac!!!

[Ms Dollar]

so what do i need to do? i alwasy use firefox i don't wanna f up my comp

[krindus]

the best prevention: don't go to any unusual websites, stick with the beaten path for now.

[5thgcelica]

[PSINXS]

yea i stick with my beaten ( :jerkit: ) path

[5thgcelica]

yea i stick with my beaten ( :jerkit: ) path

[PSINXS]

thats y u gonna get the virus! lol

[5thgcelica]

thats y u gonna get the virus! lol

well ur mom already has the virus!

[PSINXS]

good one

[BTLFED]

Not really.