well well MEME infection it was bound to happen, the idea that you can stop a Virus Infection by unregister your DLL dude, sounds very like one of those

as to the Mutant Test box :-P
No comment
milligansghost | 12.30.05 - 5:24 pm | #

I tried the exploit in a Microsoft Virtual Server 2005 VM and it worked--that is, the system became infected. Windows indicated that DEP was "Turn on DEP for essential Windows programs and services only" which is the first radio-button selection. As far as I know that's the XP default, and what's shown in Alex's blog. Then I started clean and used the "Turn on DEP for all programs" setting. Same thing, infection city.

Perhaps DEP doesn't work in a VM. I don't have a real sacrificial steel system that supports DEP, so I can't test that.
Dave | Homepage | 12.30.05 - 5:26 pm | #

DEP for all programs didn't work for every version of the WMF out there. (yeah it does work on the ones it caught, in virtual pc 2004)
redxii | 12.30.05 - 10:24 pm | #

I tried 2 nites to get infected by this thing and no luck. First nite, I had the faxpic viewer popup and begin DLing for preview, but I closed the boxes out, so, no infection.

Tried again last nite(Dec.30) and got no infections of any sort installed, and I went to just about each of the sites first listed. No hosts file, no IE-SPYADS, default IE settings, av and firewall. It is possible that AntiVir blocked it, but no way of knowing. I also know SpySweeper blocked access to several of those sites, but once I disabled it, they loaded, but still no infection for me.

So how is it I'm TRYING to get infected, and yet I can't?
TeMerc | Homepage | 01.01.06 - 8:13 am | #

The storm is a coming,PG can you update your blogg to show current info
http://sunbeltblog.blogspot.com/

Ps unregisterting the DLL is ineffective
fcukdat | 01.02.06 - 12:37 pm | #