namelesstavern.net

[kaharthemad]

http://sunbeltblog.blogspot.com/2005/12/new-exploit-blows-by-fully-patched.html

no shit...this thing is the antichrist. I got hit with it last night. took me 3 hours to fix it. It goes right thru windows.

[Captain Insano]

can you dup plat with it?

[kaharthemad]

no but it will fuxor your system in about 5 minutes

[Ouchyfish]

Thanks for the heads-up!!!!

[Diekan]

We should execute people who write shit like that. Seriously, put them on death row and gas 'em.

[Jesus]

We should execute people who write shit like that. Seriously, put them on death row and gas 'em.

No, we should have standards for software setup so that shit like this can't happen to operating systems.

[Lyion]

Follow up

http://blogs.washingtonpost.com/securit ... lease.html

[Captain Insano]

motherfucking crash override and zero cool were behind this... I know it!

[Myg0t]

rofl i loved that movie when i was a kid

[kaharthemad]

Couple things to fix this bug. First off install AVG(not sure other Anti virus will work) Spybot and adaware. Update fuly then boot to safe mode. in safe mode run both. These two did manage to get rid of MOST this migraine. Also run hijack. Make sure the netsh file is not pulling as well. Also make sure you disable the following driver...in the run box "regsvr32 /u shimgvw.dll". Clean out your temp files on all your logins, clean out all temporary internet files and folders manually .

delete secure.html from your root.

reboot to normal mode and wash and repeat in all logon idents.

NOTE: You will have to go in and manually delete the virus from your windows directories in safe mode!!!!!


This is the best workaround I have developed for it. If you have questions, or need help I will have my AIM on all day. Dont leave this fucker sit...it has a spam program in it and will start sending emails. Ill be more than happy to help anyone out that needs it.

AIM: Kaharthemad

[Captain Insano]

rofl i loved that movie when i was a kid

me too... that movie made me want to hack into angelina's pantys.

[Tadpole]

Fuck I got this.

[kaharthemad]

Fuck I got this.

if you need help AIM me Ill do what I can. Or send me a PM and Ill shoot you my phone number. took me a while to figure out how to fix this

[Captain Insano]

I got that before too... I downloaded a crack for Oracle Financials for a friend. It totally fucked up my computer. 10 minutes later I was back to new after restoring with Norton Ghost.

[Goose_Man]

I was surfing porn the other day and I clicked on a picture of a chick with giant tits getting railed and some script popped up on my intarweb explorer and suddenly I have 12332432343 x 10 pieces of spy ware and Nortans AV is having an aneurism.

I ran spy bot and it told me to suck a fat dick and shut down.

I ended up just moving all my business docs to CD and formatting my comp...

What ever got me was a hooker slut.

[Gaazy]

how does one get this thing? i mean how do you become vulnurable to it?

[Captain Insano]

the thing in this thread BLOWS right by even the best spyware progs and antivirus.

IMO virus is the least dangerous crap out there these days...Spywaredoes way more damage.

[Ouchyfish]

There is an easy as hell prevention method in the interim, though. Just read the linked page above.

[kaharthemad]

how does one get this thing? i mean how do you become vulnurable to it?

thing is a fully patched box can infect. just goto a site that has it. thats all boys


the reg I told you about regsvr32 /u shimgvw.dll if you run that it will block your computer for running wmf files which is basically what starts this.

[kaharthemad]

There is an easy as hell prevention method in the interim, though. Just read the linked page above.

Linked page is informative. I have been spending alot of time working on a actualy bug fix for it. If I can get it done Ill post a link to it.

[Tacks]

Any easy way to get rid of this yet? I think my brother got this on his computer.

[Martrae]

This damn thing changes how it infests your computer dependent on how up-to-date you've kept Windows patched.

So, no, there isn't an easy way to get rid of it. What works on one machine might not on another. What a PITA.

[kaharthemad]

http://www.microsoft.com/presspass/press/2006/jan06/01-05UpdatePR.mspx

Microsoft Releases Security Update to Fix Vulnerability in Windows
Vulnerability in graphics rendering engine could allow remote code execution.

REDMOND, Wash. – Jan. 5, 2006 – On Tuesday, Jan. 3, 2006, Microsoft Corp. announced that it would release a security update to help protect customers from exploitations of a vulnerability in the Windows® Meta File (WMF) area of code in the Windows operating system, in response to malicious and criminal attacks on computer users that were discovered last week.

Microsoft will release the update today, Thursday, Jan. 5, 2006, earlier than planned.

Microsoft originally planned to release the update on Tuesday, Jan. 10, 2006, as part of its regular monthly release of security bulletins, after testing for quality and application compatibility was complete. However, testing has been completed earlier than anticipated and the update is ready for release. In addition, Microsoft is releasing the update early in response to strong customer sentiment that the release should be made available as soon as possible.

Microsoft’s monitoring of attack data continues to indicate that the attacks are limited and are being mitigated both by Microsoft’s efforts to shut down malicious Web sites and by up-to-date signatures from anti-virus companies.

The security update will be available at 2 p.m. PST as MS06-001.

Consumer customers who use Automatic Updates will receive the update automatically and do not need to take any additional actions. Consumers can also manually download and deploy the update by visiting Microsoft Update or Windows Update. Consumers can also get more information at Microsoft's Security At Home Web site. Enterprise customers who are using Windows Server Update Services will receive the update automatically. In addition, the update is supported by Microsoft Baseline Security Analyzer 2.0, Systems Management Server and Software Update Services. Enterprise customers can also manually download the update from the Download Center.

Microsoft will hold a special webcast on Friday, Jan. 6, 2006, to provide technical details about MS06-001 and answer questions. Customers can sign up for the webcast on microsoft.com.

Microsoft will also be releasing additional security updates on Tuesday, Jan. 10, 2006, as part of its regularly scheduled release of security updates.

In addition to deploying MS06-001, users should take care not to visit unfamiliar or untrusted Web sites that could potentially host the malicious code. Consumer customers should follow the guidance on safe browsing. Enterprise customers should review Microsoft’s Security Advisory #912840 for up-to-date guidance on how to prevent attacks through exploitation of the WMF vulnerability.

The intentional use of exploit code, in any form, to cause damage to computer users is a criminal offense. Accordingly, Microsoft continues to assist law enforcement with its investigation of the attacks in this case. Customers who believe they have been attacked should contact their local FBI office or post their complaint on the Internet Fraud Complaint Center Web site. Customers outside the U.S. should contact the national law enforcement agency in their country.

Customers who believe they may have been maliciously attacked by exploitation of the WMF issue can contact Microsoft’s Product Support Services for free assistance by calling the PC Safety line (1-866-PCSAFETY); international customers can use any method detailed at http://support.microsoft.com/security.

Microsoft continues to encourage customers to follow its Protect Your PC guidance by enabling a firewall, getting software updates and installing anti-virus software.

Founded in 1975, Microsoft (Nasdaq “MSFT”) is the worldwide leader in software, services and solutions that help people and businesses realize their full potential.

Microsoft is a registered trademark of Microsoft Corp. in the United States and/or other countries.

The names of actual companies and products mentioned herein may be the trademarks of their respective owners.

Note to editors: If you are interested in viewing additional information on Microsoft, please visit the Microsoft® Web page at http://www.microsoft.com/presspass on Microsoft’s corporate information pages. Web links, telephone numbers and titles were correct at time of publication, but may since have changed. For additional assistance, journalists and analysts may contact Microsoft’s Rapid Response Team or other appropriate contacts listed at http://www.microsoft.com/presspass/contactpr.mspx.

can I get a aaaaaaaaaaaaaaaaaaaaaaaaaamen my brothas and sistas!!!

yeah patch the fucking thing...you dont want this shit. trust me

[kaharthemad]

still thinkit is funny as hell they call the scope limited. Shit i got 12 on my fucking bench out of 20. Not to friggin limited to me. Their definitions and mine on the word limited must be opposite.