Windows Meta Files, or those ending in .wmf...Watch out ...

Help and Discussion

Moderator: The Mod Squad

tonycarr
Black Belt 2nd Degree
Black Belt 2nd Degree
Posts: 2218
Joined: Fri Dec 28, 2001 12:00 am
Location: SouthEastern , USA

Windows Meta Files, or those ending in .wmf...Watch out ...

Post by tonycarr »

Be aware , some sort of FAKE anti virus screen claiming to clean your rig can infect you , even on AV protected winXP sp2 machines . Link to story below ...


http://blogs.washingtonpost.com/securit ... lease.html
[color=red]E Pluribus[/color] [color=blue] Unum[/color]
User avatar
evasive
Mobo-fu Master
Mobo-fu Master
Posts: 37629
Joined: Sun May 06, 2001 12:01 am
Location: Netherlands
Contact:

Post by evasive »

8O

made this into a sticky...
Last edited by evasive on Wed Dec 28, 2005 10:55 pm, edited 1 time in total.
We hate rut, but we fear change.
********************************
System error, strike any user to continue...
User avatar
DAVE1
Mobo-fu Master
Mobo-fu Master
Posts: 7699
Joined: Sat May 14, 2005 11:49 am
Contact:

Post by DAVE1 »

I wonder what it acutally looks like

are there any pictures of it yet ?
Join team 33258 today!!
tonycarr
Black Belt 2nd Degree
Black Belt 2nd Degree
Posts: 2218
Joined: Fri Dec 28, 2001 12:00 am
Location: SouthEastern , USA

Post by tonycarr »

DAVE185 wrote:I wonder what it acutally looks like

are there any pictures of it yet ?
Link below to a typical look but the article reads it can change ...

http://www.websensesecuritylabs.com/ale ... lertID=385
[color=red]E Pluribus[/color] [color=blue] Unum[/color]
User avatar
DAVE1
Mobo-fu Master
Mobo-fu Master
Posts: 7699
Joined: Sat May 14, 2005 11:49 am
Contact:

Post by DAVE1 »

i doubt I would believe one of those but now I can tell other people about it
Join team 33258 today!!
kltsin
Black Belt 2nd Degree
Black Belt 2nd Degree
Posts: 2792
Joined: Tue Jun 29, 2004 9:05 am
Location: St. Augustine, Fl
Contact:

Post by kltsin »

This exploit is currently billed as the worst infection in history. It can hide rootkits, it can even hide itself.

Heres a temporary fix for this exploit until MS gets one

Info and download link can be found here
After installing a restart is in order.

Here is a checker to see if your still vulnerable
http://castlecops.com/a6438-Hot_off_the ... ecker.html
User avatar
evasive
Mobo-fu Master
Mobo-fu Master
Posts: 37629
Joined: Sun May 06, 2001 12:01 am
Location: Netherlands
Contact:

Post by evasive »

Official patch is released before the monthly batch:
http://www.microsoft.com/downloads/deta ... layLang=en
We hate rut, but we fear change.
********************************
System error, strike any user to continue...
tonycarr
Black Belt 2nd Degree
Black Belt 2nd Degree
Posts: 2218
Joined: Fri Dec 28, 2001 12:00 am
Location: SouthEastern , USA

...it's not even Tuesday yet ...

Post by tonycarr »

I wonder if ms made a patch for win98 ,me & 2000 ? on this one as well ? as xp ? From what I read of it , it affected the other ms os's too.
[color=red]E Pluribus[/color] [color=blue] Unum[/color]
mitsubishi
Green Belt
Green Belt
Posts: 171
Joined: Mon Sep 13, 2004 6:08 am
Location: UK

Re: ...it's not even Tuesday yet ...

Post by mitsubishi »

tonycarr wrote:I wonder if ms made a patch for win98 ,me & 2000 ? on this one as well ? as xp ? From what I read of it , it affected the other ms os's too.
No: http://news.com.com/2061-10789_3-6020645.html
Well not for 98 and me anyway. There's no proof they are vunerable anyway, the exploits known don't appear to work.
EmilyB

Re: ...it's not even Tuesday yet ...

Post by EmilyB »

tonycarr wrote:I wonder if ms made a patch for win98 ,me & 2000 ? on this one as well ? as xp ? From what I read of it , it affected the other ms os's too.
http://www.microsoft.com/technet/securi ... 6-001.mspx
Are Windows 98, Windows 98 Second Edition, or Windows Millennium Edition critically affected by one or more of the vulnerabilities that are addressed in this security bulletin?No. Although Windows 98, Windows 98 Second Edition, and Windows Millennium Edition do contain the affected component, the vulnerability is not critical because an exploitable attack vector has not been identified that would yield a Critical severity rating for these versions. For more information about severity ratings, visit the following Web site.
Post Reply