Computer Tips -Tech Info

There’s a bit of controversy over the suggestion that Hardware DEP seemed to protect against the WMF zero day exploit. Sunbeltblog has responded to the controversy. George Ou in the first link above claims that there’s a lot of bad advice out about this exploit and that hardware DEP (Data execution prevention) doesn’t work to […]

This is really the same zero-day wmf vulnerability, but there is a twist. It’s been found that Lotus Notes v. 6.x and up are vulnerable to the Windows Meta File (WMF) exploit that’s making the rounds. Probably not surprising given that there are reports of many vectors of attack, not JUST the web browser. What […]

I notice that the Sunbelt Blog has some instructions up for blocking the zero-day Windows Meta File (WMF) exploit with their newly acquired kerio firewall. (Free or full version.) Either version can use an add-on rule from bleeding-edge snort (intrusion detection signatures…) Instructions in the link above on how to implement the rule addition.    […]

Sorry, but to get into the guts of what I found in the wake of the WMF exploit, I did leave out another important step in the cleanup process. IF you are trying to clean up an infested machine one of the first real goals has to be disabling system restore. (start, (settings,) control panel, […]

I haven’t checked to see if these are already on other block lists for the WMF exploit, but the following addresses are advised to be blocked (from f-secure)…. toolbarbiz[dot]biz toolbarsite[dot]biz toolbartraff[dot]biz toolbarurl[dot]biz buytoolbar[dot]biz buytraff[dot]biz iframebiz[dot]biz iframecash[dot]biz iframesite[dot]biz iframetraff[dot]biz iframeurl[dot]biz    Send article as PDF   

One other note from the previous series on WMF exploit infestation cleanup. Among the multiple popups that came when launching internet explorer, most were directed at the site http://60.topnssearch.com –    Send article as PDF   

Can I say enough times that after a bad trojan infestation you should format and reinstall? I’ve cleaned up the infested image that I “sacrificed” to the WMF exploit and as I’ve said you’re pestware install will likely be somewhat different. An exploit is just the road, the spyware and viruses are the cars. Once […]

Browser helper objects (BHO’s) are listed in the registry and load with explorer when it runs (Internet Explorer/ File explorer are so closely tied it affects both.) I’ve used BHOdemon in the past to identify and disable BHO’s and a tool like that is the preferred method. However, in my case, this is a disposable […]

So, I’ve got most of the baddies cleaned out and I’m not getting popups anymore. No nags on boot, the boot process is quicker, but is it really clean? I found a few files (winlogon.exe, alg.exe in particular) that could be legitimate windows file names. Am I running the good one, or the trojan? That […]

On the next boot I was greeted with the above message C:\windows\system32\kernels64.exe not found please make sure the path……correct…. blah blah blah. Back to msconfig. Everything there now looks clean. I check the running processes, again everything there looks clean I don’t see anything that I’ve been fighting. So, I start the registry editor (start, […]