• Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Phishing
    • Ransomware
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools

My AntiSpyware

Your Go-To Destination for Scam Awareness, Malware Removal, Antispyware Downloads, and Expert Guidance

Menu
  • Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Phishing
    • Ransomware
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools
Home › Exploits & Vulnerabilities › Tips › Tutorials - HowTo › How to block WMF exploit

How to block WMF exploit

Myantispyware team December 29, 2005     No Comment    

For this WMF exploit: Until Microsoft patches this thing or your AV provider has updated defs, here are some tips

1. Unregister SHIMGVW.DLL.

This is your best workaround for the time being (realizing that nothing is perfect).
From the command prompt, type REGSVR32 /U SHIMGVW.DLL. A reboot is recommended. (It works post reboot as well. It is a permanent workaround).
You can also do this by going to Start, Run and then pasting in the above command.
This effectively disables your ability to view images using the Windows picture and fax viewer via IE.
However, it is not the most elegant fix. You’re probably going to have all kinds of problems viewing images.
But, no biggie: Once the exploit is patched, you can simply type “REGSVR32 SHIMGVW.DLL” to bring back the functionality.
And, it is a preventative measure. If you are already infected, it will not help.
Works for IE, should work fine for Firefox users as well.

2. Change file associations for WMF files.

Note that if a WMF file was spoofed to look like it was a different type of file (like GIF), this fix wouldn’t do anything. So it’s a pretty weak workaround. At any rate, here it is:
a) Go to My documents, Tools, Folder Options, File Types.
b) Change WMF Image to notepad and select Always Open with this.
Your WMF files will open in Notepad. Ugly and not as effective as unregistering SHIMGVW.DLL.

3. Run IESPYAD.

IESpyad is a free tool that puts block lists into IE’s restricted sites zone. It’s managed by Eric Howes, who works as a consultant for Sunbelt. Sunbelt regularly update him with the latest URLs. Click here for read more.

thanks to sunbeltblog

Exploits & Vulnerabilities Tips Tutorials - HowTo

Author: Myantispyware team

Myantispyware is an information security website created in 2004. Our content is written in collaboration with Cyber Security specialists, IT experts, under the direction of Patrik Holder and Valeri Tchmych, founders of Myantispyware.com.

Leave a Reply Cancel reply




New Guides

Wholehugespot.com Press Allow scam
Wholehugespot.com Virus Removal Guide
Bestpenad.com click allow scam
Bestpenad.com Virus Removal Guide
Danafdd.top scam store
Danafdd.top Deals Too Good to Be True? What Shoppers Should Know
CarharttOnlineSale.vip store scam
CarharttOnlineSale.vip Deals Too Good to Be True? What Shoppers Should Know
Cageza.com sofa bed scam
Cageza.com’s Scam: How to Identify Fake Online Deals

Follow Us

Search

Useful Guides

Iphone Calendar virus spam
Iphone Calendar Virus/Spam 2022 (Removal guide)
ads by adware
How to remove Adware from Windows 10 (Virus removal guide)
DNSChanger
How to remove DNSChanger malware virus [Updated Apr. 2018]
Malwarebytes won’t install, run or update – How to fix it
Best free malware removal tools
Best Free Malware Removal Tools 2023

Recent Posts

New exploit blows by fully patched Windows XP systems
Fake MS Messenger 8 beta
EULAlyzer – Analyze license agreements for interesting words and phrases.
How to remove Winhound
The Adblock project

MYANTISPYWARE.COM

  • About Us
  • Contact Us
  • Privacy Policy

NEED A HELP ?

If you're seeing unwanted pop-ups or ads in your web-browser, you might have an adware installed on your computer. Use the following guide to stop pop-up ads and remove malicious software. Or ask for help here.

Links

  • Downloads
  • Instructions
  • Questions and Answers
  • Free Malware Removal Tools
Copyright © 2004 - 2023 MASW - Myantispyware.com.