Sunbeltblog comments
Hey Alex, when you said "Go to the Control Panel, choose Advanced..." -- perhaps you meant "Right-click 'My Computer' in the Start bar or Desktop and choose 'Properties,' Advanced..."
Just curious, because Control Panel on my version of XP doesn't have the tab, but System Properties via the taskbar does.
I have clarified it and fixed one erorr. Hope that helps!
do you have any idea to turn-off the software DEP,
i just thought, since it doesn't do its work, might as well turn it off, saving resource...
is it possible?
dtg -- see
http://www.microsoft.com/technet...n/
sp2mempr.mspx for all the details on DEP.
I've seen a few machines that show the symptoms described and visible in the movie shown here
http://www.websensesecuritylabs....s/wmf-
movie.wmv
It appears to be another delivery tool of an unpleasant bit of malware called smitfraud. So far the best, easiest, and only way we've been able to remove it is with a program available here.
http://noahdfear.geekstogo.com/
Though I'm not QUITE brave enough to infect my machine and test...
Alex,
What happens on the software only box if you set it to "Turn on DEP for all programs and services except those I select"?
Thanks,
Jace
Discussion on DEP here:
http://www.zdnet.com/5208-10600-...24040&start=-
29
Alex,
Do NOT give this kind of advice without doing more thorough research. DEP is good but it only protects against buffer overflows and not this type of arbitrary code execution. DEP DOES NOT WORK!
I tested some of those nasty links you provided in an earlier blog in VMWare with hardware DEP on. When I went to dailyfreepics-DOT-us, I got NUKED! I tried to remove all the junk and rebooted and I was in perpetual BSOD!
I’ll be blogging about this here:
http://blogs.zdnet.com/Ou
Well that's pretty intersting George, seeing as how you posted a registry fix on your blog that didn't actually work :P
George,
I personally tested dailyfreepics-DOT-us yesterday before we posted the blog and hardware DEP does indeed block this attach. I tested it again 2 mins ago and it still blocks this attach.
Maybe you only have software DEP, you should read the blog post again.
Cheers,
Eric Sites
VP of Research & Development
Jace -- our experience (and it's limited) is that software-only simply doesn't do it, even if you set the switches to full protection. But it's still evolving and preliminary research.
George, everyone else is calling this a buffer overflow. That's what leads to the arbitrary execution!
http://www.kb.cert.org/vuls/id/181038
"Microsoft Windows Metafile handler buffer overflow"
Software DEP should PREVENT this as well if it is set to "All programs and services"
Hardware DEP may be DEFENSELESS against this if it is set to "Turn on DEP for essential Windows programs and services only"
Alex, thanks for the reply.
According to Suzi at zdnet, some Microsoft MVP's are reporting that software DEP is protecting against this when it is set to "all programs and services"
It would be nice if the real Microsoft would please stand up and set things straight.
Yes, an affirmative word from Microsoft would be really useful...
I've pretty much told everyone I know family and friends how to un-register shimgvw.dll. There are too many sites out there using it and
"regsvr32 /u shimgvw.dll" is the best fix.
I've also posted a tip for AOL users if you know any at http://billpstudios.blogspot.com...mf-
exploit.html
I have noticed Blogspot is barfing a little today because of all the traffic.
MS advisory now says the DEP is not an effective defense.
Commenting by HaloScan
