Find us on Youtube Find us on Facebook Follow us on Twitter Follow us on Pinterest Sign up for our email newsletter
See inside current issue of Finescale Modeler Magazine
See inside current issue of Finescale Modeler Magazine

THE MAGAZINE

        CONTACT US

          RECENT ARTICLES

          POPULAR TOPICS

          RECENT REVIEWS

          POPULAR TOPICS

            RECENT REVIEWS

            POPULAR TOPICS

              RECENT VIDEOS

              POPULAR TOPICS

                RECENT THREADS

                CATEGORIES

                  NEW PRODUCTS

                  OUR STORE

                    CURRENT ISSUE

                    See inside the current issue of Finescale Modeler Magazine

                        SEARCH FINESCALE.COM

                        Enter keywords or a search phrase below:

                        Search

                        New security warning!

                        1191 views
                        3 replies
                        1 rating 2 rating 3 rating 4 rating 5 rating
                        Bgrigg
                        • Member since
                          May 2005
                        • From: Left forever
                        New security warning!
                        Posted by Bgrigg on Friday, December 30, 2005 10:21 AM
                        This one is bad. It affects all versions of Windows and currently is unpatched. It works by exploiting a Window Meta File (WMF) and is assisted by Google Desktop (note: NOT Toolbar!) which executes the trojan while indexing images on your hard drive. See F-Secure for details. You do not actually have to do anything other than load the offending web page to execute the trojan!

                        There is a workaround listed at F-Secure which requires unregistering the dll file for Windows Picture and Fax Viewer, and also a registry hack found at Smart Company which can be a bit gnarly for non geeks. The unregistering of the specific dll causes Windows to stop displaying thumbnails. The registry hack is the better (and gnarlier) method.

                        NOTE that this will only be a problem if you go to "nasty" websites. I assume you all know what a nasty website is? Tongue [:P]

                        Personally I'm going with the unregistering of the dll. It's easier to do and easier to re-register, and frankly while I have the skills to muck about in the Registry, I try not to do so, lest I discover a previously unknown lack of skill.

                        So long folks!

                        Report Abuse
                        David Voss
                        • Member since
                          December 2002
                        • From: Waukesha, WI
                        Posted by David Voss on Friday, December 30, 2005 12:25 PM
                        If it's not one thing, it's another.

                        Thanks for the heads up.  I received a CERT advisory, but didn't pay much attention to it.  Reading the F-Secure details made me go back to review it.  This one sounds like it has the potential to be big pain.
                        David Voss Senior Web Developer Kalmbach Publishing Co. Join me on the FSM Map
                        Report Abuse
                        grandadjohn
                        • Member since
                          February 2003
                        • From: phoenix
                        Posted by grandadjohn on Friday, December 30, 2005 3:13 PM
                        Anything we can do to protect ourselves yet?
                        Report Abuse
                        Bgrigg
                        • Member since
                          May 2005
                        • From: Left forever
                        Posted by Bgrigg on Friday, December 30, 2005 3:42 PM
                        Yes, you have to unregister the regsvr32.dll which breaks Windows Picture and Fax Viewer and will stop your system from showing thumbnails of pictures on your system. It is reversible.

                        Un-register the Windows Picture and Fax Viewer (Shimgvw.dll)

                         1. Click Start, click Run, type "regsvr32 -u %windir%\system32\shimgvw.dll"
                         (without the quotation marks), and then click OK.

                         2. A dialog box appears to confirm that the un-registration process has succeeded.
                         Click OK to close the dialog box.

                         Impact of Workaround: The Windows Picture and Fax Viewer will no longer be started
                         when users click on a link to an image type that is associated with the Windows Picture and Fax Viewer.

                         To undo this change, re-register Shimgvw.dll by following the above steps.
                         Replace the text in Step 1 with “regsvr32 %windir%\system32\shimgvw.dll” (without the quotation marks).


                        Microsoft is working on a patch but may not release it for a week (Patch Thursday is passed this week!).

                        I strongly suggest that everyone updates and patches on a regular basis. My XP systems are set to auto download and install, and I still go once a week to Windows Update. It is the only time I use IE.


                        So long folks!

                        Report Abuse
                        JOIN OUR COMMUNITY!

                        Our community is FREE to join. To participate you must either login or register for an account.

                        SEARCH FORUMS
                        FREE NEWSLETTER
                        SIGN UP
                        By signing up you may also receive reader surveys and occasional special offers. We do not sell, rent or trade our email lists. View our Privacy Policy.
                          More great sites from Kalmbach Media
                            Terms Of Use | Privacy Policy | Copyright Policy