Cleaning up after the WMF exploit



OK, I mentioned that I infested a virtual machine with the current WMF 0-day exploit. First I should probably clarify. An exploit is a means of getting in to a system. The payload is the software that is installed. In the case of my experience there was a long list of pests installed. Given that the exploit enables any software to be installed, your experience may be different. That’s the first thing I want to make clear, depending on where and when you were affected you may see vastly different malware.


The second thing I want to make clear is that the best solution for a badly infested system is to clean the hard drive and reinstall. Remote access trojans and keyloggers are many and varied and it’s entirely possible that many (or at least one) will be missed in the cleaning process. That much said, a cleaning of this image is what I did. (Although after I’m done looking at it, it will be replaced with it’s clean copy.)

The next series of articles will deal with the problems I ran into trying to clean the system. I’ll try to keep them in continuous order, but won’t be giving “part x” names for the most part. As we speak the image is booting up with full networking and I’m keeping an eye on it to so if it’s really clean. It appears that the infestation is over, but I don’t trust it yet.

Related Posts

Blog Traffic Exchange Related Posts
  • Windows 98 and the WMF exploit I've seen breathless headlines that say "Windows PCs face 'huge' virus threat; Affects every MICROSOFT OS shipped since 1990..." and really would like to try to clarify (again) what the situation is. Yes, the bug or vulnerability that's currently being exploited exists as far back as Windows 3.0, but as......
  • Update on the Internet Explorer VML vulnerability Just catching up on the days VML vulnerability news from today.... It looks as though... the exploit is now MUCH more widespread this blog has some video of an infection, what's notable is that the first take was VERY UNEVENTFUL, it was used to stealthily install a keylogger. (So that......
  • WMF exploit and Windows 98 Most of the talk on the WMF zero-day has centered on Windows XP, 2000 and 2003. The unofficial patch is available for those three platforms. Microsoft's (eventual) patch will likely be for those as well. Incidents.org had a comment in one of their posts that this would be a "watershed......
Blog Traffic Exchange Related Websites
  • Does The CatGenie Self Cleaning Litter Box Really Work If you are like other cat people you like the idea of a self cleaning, self flushing cat box but you're probably wondering if it really works. No one really enjoys dealing with cat litter, as this is a daily chore when you have a cat, and it's not only......
  • Tips for a Frugal and Eco-Friendly Spring Guest Post Author Bio: This post was written by Les Roberts money saving writer at Moneysupermarket.com. The evenings are getting lighter, the birds are singing and the weather is completely erratic…all of which means that spring time is upon us once more. And with spring time comes spring cleaning, the chance......
  • Proper Care and Maintenance of a Violin If you have just received or purchased a violin, and you are worried that you may damage or break your violin accidentally, then the following set of instructions will help you keep your violin looking and playing well. 1 - First and foremost, you need to make sure that you......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

One Response to “Cleaning up after the WMF exploit”

  1. The PC Doctor Says:


    The effects of the WMF exploit

    Avery J. Parker has spent a great deal of time and energy in detailing how to remove the WMF exploit from a PC.  He’s detailed his work in a series of blog posts that I think are well worth taking the time to read.

    Cleaning up after the …


Switch to our mobile site