Cleaning up after the WMF exploit



OK, I mentioned that I infested a virtual machine with the current WMF 0-day exploit. First I should probably clarify. An exploit is a means of getting in to a system. The payload is the software that is installed. In the case of my experience there was a long list of pests installed. Given that the exploit enables any software to be installed, your experience may be different. That’s the first thing I want to make clear, depending on where and when you were affected you may see vastly different malware.


The second thing I want to make clear is that the best solution for a badly infested system is to clean the hard drive and reinstall. Remote access trojans and keyloggers are many and varied and it’s entirely possible that many (or at least one) will be missed in the cleaning process. That much said, a cleaning of this image is what I did. (Although after I’m done looking at it, it will be replaced with it’s clean copy.)

The next series of articles will deal with the problems I ran into trying to clean the system. I’ll try to keep them in continuous order, but won’t be giving “part x” names for the most part. As we speak the image is booting up with full networking and I’m keeping an eye on it to so if it’s really clean. It appears that the infestation is over, but I don’t trust it yet.

Related Posts

Blog Traffic Exchange Related Posts
  • WMF exploit situation summary... Since there's been quite a bit of flux the last couple of days I thought I'd try to "reset" the situation and give a general overview of where we stand now with regards to the recent WMF zero-day exploit. 1st there is a vulnerability in the way Windows renders WMF......
  • Windows 98 and the WMF exploit I've seen breathless headlines that say "Windows PCs face 'huge' virus threat; Affects every MICROSOFT OS shipped since 1990..." and really would like to try to clarify (again) what the situation is. Yes, the bug or vulnerability that's currently being exploited exists as far back as Windows 3.0, but as......
  • Cleaning up after WMF exploit - BHO removal Browser helper objects (BHO's) are listed in the registry and load with explorer when it runs (Internet Explorer/ File explorer are so closely tied it affects both.) I've used BHOdemon in the past to identify and disable BHO's and a tool like that is the preferred method. However, in my......
Blog Traffic Exchange Related Websites
  • How to Learn More about Paper Money Image There are different things that you want to do whenever you are collecting currency. Among the different things that you want to do is to make sure that you are getting the right choices for your collection. The main thing to make sure of is that you are getting exactly......
  • Caring For Your Stamps [/caption]If you are an avid stamp collector well on your way to forming a personalized collection, then check out how to care for your stamps as your collection grows. The first thing you want to do when looking to get involved in stamp collecting is to make sure you have......
  • How To Do Your Window Cleaning Yourself Cleaning the windows of your house is one of the toughest household chores to do.If your house has a lot of windows then it would really be hard.Or if you have an upper floor then it would be also very hard to reach it let alone clean it.But to......
PDF24    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

One Response to “Cleaning up after the WMF exploit”

  1. The PC Doctor Says:


    The effects of the WMF exploit

    Avery J. Parker has spent a great deal of time and energy in detailing how to remove the WMF exploit from a PC.  He’s detailed his work in a series of blog posts that I think are well worth taking the time to read.

    Cleaning up after the …


Switch to our mobile site