A REALLY SCARY Attack on Windows - New WMF Exploit Infects Fully Patched Windows XP Users Who Browse Contaminated Web Sites - And a Temporary Fix
RTA Information Technology, Tempe, Arizona
A brand-new, very dangerous, infection has been seen. You can catch this one by simply surfing to a contaminated web site or even viewing a photograph contained in an email. NO other action is required.
I've witnessed a video of a user browsing a "safe" web site and being attacked by a BANNER AD that's coming from an infected site. The malware instantly installs itself, adding numerous desktop links, affecting the screensaver, and lots of other nasties. It makes a MESS!
http://sunbeltblog.blogspot.com/2005/12/new-exploit-blows-by-fully-patched.html
This will infect FULLY PATCHED XP, SP2 computers running Internet Explorer, running antivirus and antispyware software! It can also infect computers running other web browsers under some circumstances.
As always, damage could be limited if the user isn't an Administrator on his PC (either a Local or Domain Administrator). However, about 90% of users still have Administrator rights on their PCs, so this infection proceeds with full Administrator or System rights.
A temporary fix has been published:
From the command prompt, type REGSVR32 /U SHIMGVW.DLL (include the spaces). A reboot is recommended. (It works post reboot as well. It is a permanent workaround).
You can also do this by going to Start, Run and then pasting in the above command.
This disables your ability to view images using the Windows picture and fax viewer. You won't be able to preview images in Explorer, either.
Once the exploit is patched, you can simply type “REGSVR32 SHIMGVW.DLL” to bring back the functionality.
A brand-new, very dangerous, infection has been seen. You can catch this one by simply surfing to a contaminated web site or even viewing a photograph contained in an email. NO other action is required.
I've witnessed a video of a user browsing a "safe" web site and being attacked by a BANNER AD that's coming from an infected site. The malware instantly installs itself, adding numerous desktop links, affecting the screensaver, and lots of other nasties. It makes a MESS!
http://sunbeltblog.blogspot.com/2005/12/new-exploit-blows-by-fully-patched.html
This will infect FULLY PATCHED XP, SP2 computers running Internet Explorer, running antivirus and antispyware software! It can also infect computers running other web browsers under some circumstances.
As always, damage could be limited if the user isn't an Administrator on his PC (either a Local or Domain Administrator). However, about 90% of users still have Administrator rights on their PCs, so this infection proceeds with full Administrator or System rights.
A temporary fix has been published:
From the command prompt, type REGSVR32 /U SHIMGVW.DLL (include the spaces). A reboot is recommended. (It works post reboot as well. It is a permanent workaround).
You can also do this by going to Start, Run and then pasting in the above command.
This disables your ability to view images using the Windows picture and fax viewer. You won't be able to preview images in Explorer, either.
Once the exploit is patched, you can simply type “REGSVR32 SHIMGVW.DLL” to bring back the functionality.
posted by Myron Johnson | 9:22 AM
0 Comments:
Post a Comment
<< Home