Other | MyAntiSpyware - Part 8

MyAntiSpyware

What antivirus can to detect WMF exploit ?

Myantispyware team January 4, 2006 No Comment Exploits & Vulnerabilities

On today in the Internet have been found 73 variants of the WMF exploit. The following antivirus products successfully picked up all varians: * Alwil Software (Avast) * Softwin (BitDefender) * ClamAV * F-Secure Inc. * Fortinet Inc. * McAfee Inc. * ESET (Nod32) * Panda Software * Sophos Plc * Symantec Corp. * Trend

Read more »
.MSI installer file for WMF patch available

Myantispyware team January 4, 2006 No Comment Critical patch

For all of you corporate folk out there, we now have a .msi installer file available for version 1.4 of Ilfak Guilfanov’s unofficial patch for the Windows .WMF exploit. A very big “thank you” goes out to Evan Anderson of Wellbury Information Services, L.L.C. for his diligent efforts to get this put together. Note: Like

Read more »
Block lists have been updated

Myantispyware team January 2, 2006 No Comment Updates

* IE-SPYAD (original) * IE-SPYAD2 * IE-SPYAD for ZonedOut * AGNIS (for AtGuard/NIS/NPF) * AGNIS for Outpost * AGNIS for AdShield * AGNIS Sites List You can download all of these new versions at: https://netfiles.uiuc.edu/ehowes/www/resource.htm You can download all of these new versions at: https://netfiles.uiuc.edu/ehowes/www/resource.htm Included with the original version of IE-SPYAD/IE-SPYAD2 is an uninstaller

Read more »
New version of unofficial WMF patch

Myantispyware team January 2, 2006 No Comment Critical patch, Tips

An unofficial patch for block WMF expoit was made available by Ilfak Guilfanov the main developer of IDA Pro from DataRescue Download from Suns now: wmffix_hexblog13.exe. List of changes from version 1.1 from Ilfak Guilfanov at Hex Blog: Version 1.2: if the hotfix has already been applied to the system, informs the user at the

Read more »
More info about WMF Exploit

Myantispyware team December 29, 2005 No Comment Exploits & Vulnerabilities

The exploit is currently being used to distribute the following threats: Trojan-Downloader.Win32.Agent.abs Trojan-Dropper.Win32.Small.zp Trojan.Win32.Small.ga Trojan.Win32.Small.ev. Some of these install rogue anti-malware programs. You might want to block these sites while waiting for a Microsoft patch: Crackz [dot] ws unionseek [dot] com www.tfcco [dot] com Iframeurl [dot] biz beehappyy [dot] biz toolbarbiz[dot]biz toolbarsite[dot]biz toolbartraff[dot]biz toolbarurl[dot]biz buytoolbar[dot]biz

Read more »
How to block WMF exploit

Myantispyware team December 29, 2005 No Comment Exploits & Vulnerabilities, Tips, Tutorials - HowTo

For this WMF exploit: Until Microsoft patches this thing or your AV provider has updated defs, here are some tips 1. Unregister SHIMGVW.DLL. This is your best workaround for the time being (realizing that nothing is perfect). From the command prompt, type REGSVR32 /U SHIMGVW.DLL. A reboot is recommended. (It works post reboot as well.

Read more »
New exploit blows by fully patched Windows XP systems

Myantispyware team December 28, 2005 No Comment Exploits & Vulnerabilities, Trojan

SecurityFocus just posted a bulletin on it. Microsoft Windows WMF graphics rendering engine is affected by a remote code execution vulnerability. The problem presents itself when a user views a malicious WMF formatted file, triggering the vulnerability when the engine attempts to parse the file. The issue may be exploited remotely or by a local

Read more »
Symantec AV RAR library vulnerability

Myantispyware team December 21, 2005 No Comment Exploits & Vulnerabilities

Yesterday, Alex Wheeler released details of a vulnerability that appears to span many Symantec A/V products in the routines for decoded RAR compressed files. Symantec is apparently working feverishly on a fix, but for the moment the recommendation is to disable scanning of these files (while use other A/V product). We are not currently aware

Read more »
Trojan masquerading as Microsoft Update

Myantispyware team December 13, 2005 No Comment Exploits & Vulnerabilities, Trojan

Reported in Codefish. We checked out this Trojan and it’s not very friendly. Here is what the email looks like: Microsoft Security Bulletin MS05-039 Vulnerability in Plug and Play Could Allow Remote Code Execution and Elevation of Privilege (899588) Summary: Who should receive this document: Customers who use Microsoft Windows Impact of Vulnerability: Remote Code

Read more »
Antother note about SpyAxe

Myantispyware team December 12, 2005 No Comment Exploits & Vulnerabilities, Rogue Anti Spyware, Tips

Juha-Matti has pointed out an interesting Trojan.Spaxe. The interesting part is that it will display a balloon message, attempting to fake from the Windows Automatic Updates icon on the System Tray, with the following text: Body: Your computer is infected! Windows has detected spyware infection. It is recommended to use special antispyware tools to prevent

Read more »

Previous
1
2
…
7
8
9
10
Next