Cleaning up after the WMF exploit



OK, I mentioned that I infested a virtual machine with the current WMF 0-day exploit. First I should probably clarify. An exploit is a means of getting in to a system. The payload is the software that is installed. In the case of my experience there was a long list of pests installed. Given that the exploit enables any software to be installed, your experience may be different. That’s the first thing I want to make clear, depending on where and when you were affected you may see vastly different malware.


The second thing I want to make clear is that the best solution for a badly infested system is to clean the hard drive and reinstall. Remote access trojans and keyloggers are many and varied and it’s entirely possible that many (or at least one) will be missed in the cleaning process. That much said, a cleaning of this image is what I did. (Although after I’m done looking at it, it will be replaced with it’s clean copy.)

The next series of articles will deal with the problems I ran into trying to clean the system. I’ll try to keep them in continuous order, but won’t be giving “part x” names for the most part. As we speak the image is booting up with full networking and I’m keeping an eye on it to so if it’s really clean. It appears that the infestation is over, but I don’t trust it yet.

Related Posts

Blog Traffic Exchange Related Posts
  • Windows 98 and ME in final days of support (6 by my count) July 11th will mark the end of Microsoft's support for Windows 98 and ME. Which means that there will be no further security updates for those systems after that date. In SOME ways, those systems may find comfort in the security through obscurity approach as much malware MAY not run......
  • Opengroupware install on Ubuntu 6.06 Dapper Drake One recent task was install opengroupware on a dapper drake 6.06 install in a virtual machine. I followed the instructions found here and ran into a slight problem. The default install from Ubuntu does not have apache in the enabled repositories. (Apache2)... following the intsructions given I first added opengroupware's......
  • Microsoft working to ensure Windows Validation works with Firefox I've got to say, I'm impressed that this is happening. From the IEblog... The core of my team’s job is to make IE7 and Windows Vista so compelling so that people choose our products. The people who work on Windows want you to have a good experience, whether you use......
Blog Traffic Exchange Related Websites
  • Teaching Teen Moneymakers Not to Spend it All at Once Guiding money-making teens down the path to financial stability is much easier if they have had some experience with handling money in their early teen years, but even if they have had absolutely no responsibilities up to this point all is not lost. If your teen has not previously been......
  • 3 Steps to Safely Clean and Preserve Your Rare Silver Coins The value of a coin is something which is affected by the appearance of the coin itself. There are a few different times when you might not want to clean a silver coin. When the coin is extremely old, you might actually cause the silver to weaken and deteriorate by......
  • Learn How to Repair a Flooded Home After a flood, it may seem as if your home and your possessions are beyond hope, but many of those belongings can likely be repaired. With the right process, you can clean up, dry out, rebuild and reoccupy your home much sooner than you may have previously imagined. First and......
PDF24    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

One Response to “Cleaning up after the WMF exploit”

  1. The PC Doctor Says:


    The effects of the WMF exploit

    Avery J. Parker has spent a great deal of time and energy in detailing how to remove the WMF exploit from a PC.  He’s detailed his work in a series of blog posts that I think are well worth taking the time to read.

    Cleaning up after the …


Switch to our mobile site