Dan
-
Content Count
742 -
Joined
-
Last visited
Content Type
Profiles
Forums
Calendar
Posts posted by Dan
-
-
I'd wait for a ps3
The xbox is too expensive for me, and isn't worth it
ATM, PS2 has a bigger game range, and its smaller then the xbox....
Danny
-
Hi,
Do you know what this program is? EZ-DUB.exe?
Now, Please go HERE to run Panda's ActiveScan
- Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on My Computer to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report
Danny
- Once you are on the Panda site click the Scan your PC button
-
Hi,
Please take a look at this post here: http://www.besttechie.net/forums/index.php?showtopic=5672
Post me a HJT log please
Sorry, Just saw it!
I'm getting a responce ready
-
Interesting..
-
Great news!!!
A WMF Patch has been released!
http://www.microsoft.com/athome/security/u...200601_WMF.mspx
Danny
-
What about Ilfak's patch? I think that unregistring the dll and running that patch are still the best things to do /for now/...
MSPaint and Lotus Notes can still be exploited even with this DLL unregistered. I think we haven't heard the end of this one yet and there may be many more applications vulnerable to this exploit but the combination of hardware-enforced DEP and unregistering the shimgvw.dll file seems to be very effective for now.
-
Hexblog is down because of too much trafic... :x
The patch is hosted here: http://handlers.sans.org/tliston/wmffix_hexblog14.exe
And CCops is going to host a board for Ilfak....
-
Hexblog is down because of too much trafic... :x
The patch is hosted here: http://handlers.sans.org/tliston/wmffix_hexblog14.exe
And CCops is going to host a board for Ilfak....
-
Sony BMG has struck a deal with the plaintiffs in a class action lawsuit over copy-restriction software it used in music CDs, according to a settlement document filed at a New York court Wednesday.
The record label has agreed to compensate buyers of CDs that contained the XCP and MediaMax DRM programs and to provide software utilities to allow consumers to uninstall both types of software from their computer.
The furor over Sony's DRM software began at the end of October when a U.S. programmer discovered that XCP software on a Sony music CD had installed copy-restriction software on his computer that was hidden using a rootkit. Antivirus companies later discovered Trojan horses that exploited this software to avoid detection and found that another type of Sony DRM, MediaMax, also posed a security risk.
During November a number of individuals filed cases against Sony at courts across America. These cases were granted class action status Dec. 1.
Sony BMG met lawyers from the firm handling the class action suit in early December and engaged in "virtual round-the-clock settlement negotiations", according to the settlement filing, which has been posted on the Sunbelt Software Web site.
In the settlement filing, Sony states that it will immediately recall all XCP CDs and replace them with non-content-protected CDs. It has also agreed to offer incentives to U.S. customers to "ensure that XCP CDs are promptly removed from the market." Sony first released details about its CD recall scheme in late November.
Customers who exchange their XCP CD can either download three albums from a list of over 200 titles, or claim a cash payment of $7.50 and a free download of one album. To claim this compensation, customers must return their XCP CDs to Sony or provide the company with a receipt showing they returned or exchanged the CD at a retailer after Nov. 14.
Read more: http://news.com.com/Sony+settles+rootkit+c...html?tag=cd.top
Danny
-
The link doesn't work Pete..
http://blogs.technet.com/jesper_johansson/.../02/416762.aspx
^Theres the link
I see your point. I'm still going to use the patch, but I think it'll be better for users to unregister the dll.....
Danny
-
Hey everyone,
Here is some backround information about the WMF Exploit:
It exploits a little-known function in Windows Meta Files (WMF). Those files are used for, well, I don't know really. I think they are mostly used for clipart in Office. In any case, the exploit involves a file with special commands in it, which would be rendered by shimgvw.dll acting on behalf of the user. The exploit requires user interaction, such as surfing to a web site hosting an image that exploits the problem, viewing an e-mail with an embedded such image in an e-mail program that shows those images (Outlook 2003 does not do so automatically), or opening an image as a file attachment. Of course, the usual "security researchers" are publishing canned versions, metasploit versions, and all other manner of sample exploits to make it possible for even criminals who barely know how to use a computer to exploit this issue.There are many different exploits of this by now. They are currently in active use to install spyware, according to SANS.
From here: http://blogs.technet.com/jesper_johansson/.../02/416762.aspx
The most basic way to stop this is to just unregister the dll. To do this, you just need to click "Start --> Run" and type this:
regsvr32 /u %windir%\system32\shimgvw.dll
This will unregister the dll, but you have to be an administrator.
A few days ago, and stumbled apon this:
http://www.hexblog.com/2005/12/wmf_vuln.html#more
This is a temporary patch which is approved by SANS. This is a needed thing, but is only temporary! I recommend you read the post under this about what Pete said.
When Microsoft Issues a patch, please use that one!
Here are the technical details:
this is a DLL which gets injected to all processes loading user32.dll.It patches the Escape() function in gdi32.dll. The result of the patch is that the SETABORT escape sequence is not accepted anymore.
I can imagine situations when this sequence is useful. My patch completely disables this escape sequence, so please be careful. However, with the fix installed, I can browse files, print them and do other things.
If for some reason the patch does not work for you, please uninstall it. It will be in the list of installed programs as "Windows WMF Metafile Vulnerability HotFix". I'd like to know what programs are crippled by the fix, please tell me.
Also, take a look at this post over at Computer Trouble forums. It has a bunch of information, and is really helpful
Danny
-
Hey everyone,
I was reading a few days ago, and stumbled apon this:
http://www.hexblog.com/2005/12/wmf_vuln.html#more
This is a temporary patch which is approved by SANS. This is a needed thing, but is only temporary!
When Microsoft Issues a patch, please use that one!
Here are the technical details:
this is a DLL which gets injected to all processes loading user32.dll.It patches the Escape() function in gdi32.dll. The result of the patch is that the SETABORT escape sequence is not accepted anymore.
I can imagine situations when this sequence is useful. My patch completely disables this escape sequence, so please be careful. However, with the fix installed, I can browse files, print them and do other things.
If for some reason the patch does not work for you, please uninstall it. It will be in the list of installed programs as "Windows WMF Metafile Vulnerability HotFix". I'd like to know what programs are crippled by the fix, please tell me.
Also, take a look at this post over at Computer Trouble forums. It has a bunch of information, and is really helpful
I believe that all of the sites that have HOSTS files are updating them so that the wmf exploit gets blocked.
Danny
-
Hi,
Sorry for the delay
You have a CoolWebSearch infection.
Download CWShredder here to its own folder.
Update CWShredder
* Open CWShredder and click I AGREE
* Click Check For Update
* Close CWShredder
Boot into Safe Mode:
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.
Now run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about. Reboot your computer into normal windows.
Open HijackThis, click the "Scan" button, and check the following items:
O2 - BHO: C:\WINNT\adsldpbf.dll - {EEE7178C-BBC3-4153-9DDE-CD0E9AB1B5B6} - C:\WINNT\adsldpbf.dll (file missing)
O3 - Toolbar: (no name) - {C1D794EE-8B19-44EF-B8D5-6A7F34D235B8} - (no file)
O4 - HKCU\..\Run: [AlexaToolbar] C:\WINNT\alt.exe
O20 - Winlogon Notify: browsela - C:\WINNT\system32\browsela.dll
O20 - Winlogon Notify: msupdate - msupdate32.dll (file missing)
Close all windows except HijackThis and click the "Fix Checked" button. Close HijackThis.
Locate the following file, and delete it (If Present):
C:\WINNT\alt.exe << This File
Please go HERE to run Panda's ActiveScan
- Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on My Computer to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report in your next reply.
Reboot and post a new HijackThis log as well as the ActiveScan log.
Danny
- Once you are on the Panda site click the Scan your PC button
-
Hi,
Whle you reading this what is this ?O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
That's a toolbar entry which isn't there anymore. You can check those. (Only with the BHOs and Toolbars).
The MCRG is legit. I don't know what it is related too, but yes it is legit.
Ok..Open HJT Click the Scan button and check the following items:
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
Close all windows except HJT and click the Fix Checked button.
Reboot and post a new log.
Danny
-
Hi,
Please click "Start --> Find" and search for the file "MCRG.*".
If it finds anything, right-click on it and choose "Properties", then click on the "Version" tab at the top.
Click on "Comments", "Company", "File Version", and "Internal Name" and please post whatever the text in the box immediately to the right says for each.
dk
-
Cookies!?!!!?!
I want some!!!!
/me takes all of the cookies from mac and eats them
-
Wow..I haven't been in this thread for a while, and this is what it comes to...
Talking about our pet rocks and smurfs..but as long as mac is here, who knows what to expect!!!!
BTW, Merry Xmas!
Danny
-
Backstreet Boys!
-
Merry Xmas everyone!
I got a copy of Spysweeper from my mom. I also got $145, and an Ipod
Danny
-
I can't wait untill the Nintendo Revolution comes out!
I'm a big nintendo fan, so yeah.
Danny
-
Hi,
Please take a look at this post: http://www.besttechie.net/forums/index.php?showtopic=5672
And post a HijackThis log. An expert will look at it shortly.
Danny
-
You know what I want to request Jeff?
Some Broadband so I can listen
But great Idea Jeff
Get your mic hooked up like the last time you had it up
Danny
-
:o :o
GET WELL SOON MARTY!!!
-
BE CAREFUL EVERYONE!
This is a really bad virus!!!!!!
(Thanks Matt for getting this:)
From Sophos:W32/Sunk-A is a worm for the Windows platform.
The worm will display the following fake error message:
"An unexpected error has occurred on the execution of this file"
W32/Sunk-A will attempt to replace every file on the infected computer that has the extension EXE with a copy of itself. The worm will also copy itself to folders known to be used by popular Peer-To-Peer programs using various names.
W32/Sunk-A will send messages to AIM users with one of the following messages and a link to a url that contains an executable:
Aim Hacker 1.3 FREE!
Best Aim Password Cracker written by ZeX.
Better then limewire and kazaa put together!
Check my Pics Out!
Check out my music!
Check out my webcam.
Click to join! Better then myspace and xanga!
Cool hacking programs!
Download Aim Optimized 4.9!
Download Dead Aim (5.9+)- NEW!
Download my mp3 i made.
Download My Profile.
Email Hacker Pro 1.5 This is awsome!
Free Aim Password Cracker. Use it to hack your friends.
Funniest Clip Ever!
Game Hacker program download here.
Get X-im Chat! Better then AIM!
Hack Webcams and Aim accounts with O-Hax! This is the last day it will be out
for free!
Have you see this!
INFINITE FREE PICS OF ASIAN HOTTIES!
Join this free music site!
LMAO OMG THIS IS HILARIOUS!
LOL Check these Pics out.
Lol OMG! Someone posted your picture here!
LOL Watch this clip!
LOLOL WTF IS THIS?!
Make your own Profile!
My Xanga!
OMG LOOK IT'S YOU!
Play the new Aim Online game!
See my Beach pictures!!
Take my Quiz!
THE KEY TO HAPPINESS IS LAUGHTER!
This game is badass! Play now!
View My BuddyProfile
Wanna See My Profile!
W32/Sunk-A will copy itself to the following locations:
C:\skunk.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Skunk.exe
C:\WINDOWS\system32\Skunk.exe
C:\WINNT\system32\Skunk.exe
A:\Skunk.exe
W32/Sunk-A will change a large number of registry entries under:
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies
So BE CAREFUL in IMs...I have had this on a VM and it is not pretty. At the moment, there is no fix, and requires a format!
Danny
24
in Open Chat
Posted
Wow! Great premere! I've been hooked since about a month ago..
It was hard watching seasons 1 - 4 in a month
But the stupid tivo left out the last 10 min, so I didn't get to see it, but got a recap today
Danny