I got infected from that s*** already. Was lookin at some "other" web sites. lol. damn windows viewer came right up, I saw wmf, and closed it asap! still infected me tho :( So ya...its that easy to get infected!

"other" web sites? I notice you didn't indicate whether you were running antivirus or not.

Antivirus won't save you from this. I've cleaned it off systems with updated versions of AVG, Avast and others.

Like Hell it won't... as reported by E-Week and News.com, all major products detect and remove most to all currently known variants of the exploit currently released to the wild.

Last night someone I know got a rogue spyware app that took over their entire system. This computer had an up to date version of AVG installed.

Don't know what to tell you, but AVG doesn't detect Spyware, it only detects viruses. Did you try any antispyware software like Ad-Aware or Spybot, etc? Did you verify that AVG was set to scan all files instead of limited types?

Not arguing your claim, just trying to get more information. Incidentally, here is the article I read on E-week... http://www.eweek.com/art...2/0,1895,1907102,00.asp

I tried Spybot, Ad-Aware, even Microsoft Anti-Virus and none of them could get rid of it. The program was called Spyaxe, and I finally found a batch program called SmitRemfix that was able to remove it while in Safe Mode.

http://www.f-secure.com/sw-desc/spyaxe.shtml

Installed by your friendly neighborhood WMF exploit.

http://blogs.zdnet.com/Spyware/?p=735

SpyAxe has a brand new varient that overwrites several system files, making it close to impossible to remove. My dad got it last night too...I thought I could remove everything but that #$%^! spyaxe is proving me wrong. I know it overwrites explorer.exe and user.exe with "modified" versions, but it does other files too I'm learning. I've also tried 12 other spyware removers, trojanremover, norton online scanner, trendmicro's housecall, xcleaner, panda AV platinum, and even Avast boot CD--cannot remove it. It's like no AV vendor even knows it exists, it's brand new but nobody is telling us...

Thanks fewt, apparently someone knows of it...still cant remove the whole thing. Fùcking Sh!theads. Anyone involved in making Spyaxe deserves to hang from their bowels.

I never write comments with a negative score, sorry betanews editors. But these guys prey on innocent computer users, claiming to fix what it itself has caused. They deserve no mercy.

Amen to that. Virus writers = parasites that should be eliminated by any means necessary.

People, mass panicing sheeps. It isn't really a biggy. Media trying to blow this thing up way too big to hurt Microsoft. It's way too obviouse. Hell, like the average joe the moron already don't have his PC FULL of rootkits because he is running as "Administrator" for his daily PC usage.

Go f*** y**** those who bash Microsoft for nothing. I bet you couldn't issue a small patch to 100 customers.

Yeah it only a critical flaw that affects every version of Windows in existance, and completely takes over your system with garbage like spyaxe. All by simply viewing an image. No biggie.

It's all a media conspiracy to frighten the sheep! Poor Microsoft is being persecuted. Boo hoo...

Despite his limited vocabulary in expressing his opinion, his point is valid... this flaw is no different than, let's say, a phishing scam. You click a link, you view an image, bam. The point is that it requires interaction on your part yet the general regard of this is that it's an issue that is on a scale of Blaster-like proportions. IT'S NOT! No matter how much you want to make it seem that way. Nevermind that none of the major security sites aside from F-Secure even shows these exploits on the "radar" (http:/www.sarc.com/ doesn't even list any above a 1-2 rating) so these exploits aren't causing the pandemic that people want to portray.

Is it a problem? Yes. Will it be fixed? Yes... Tuesday along with whatever other patches they release. Why the delay? Testing and Translating... 23 languages, and countless configurations.

As I've said in the security list thread-- all of you have two choices. You can either continue to whine and cry about it... or you can take action and become part of the solution by using the approved workaround until the patch is released.

It's really not that big of a deal unless you are one of these people that clicks every link you see. As stated below, this is nowhere near blaster proportions as the media would have everyone believe. I'm honestly not too concerned with it myself as my computers do hiccup without me knowing it.

Read my post above concerning spyaxe (if it is still there lol). My dad was doing research for his job, he needed to put a picture of some county jail in Southeast Texas on front of his presentation, and the picture even printed (it looked valid, LOL he used it in his presentation). It was a WMF picture.

This vulnerability is no joke. I thought it was too...I WAS WRONG.

the patch needs to be tested to make sure it doesnt cause any other issues hence the delay in the patch if you have any security software including windows onecare you are being protected now and windows antispyware will find it as well...

I must be missing something here! M$ "needs time to test the fix and prepare it in 23 different languages for all affected versions of Windows." Test in the language and version mostly used in the World, release immediately it has been done and move to the next ... and so on. Get it out to the majority of users asap. Now - that makes sense M$.

Phew! They have a patch!

Sooooo Microsoft developed a patch for a zero day exploit, that effects nearly every version of its operating system, that allows arbitrary code execution, that has 50 some variants of the exploit circulating on the internet.......

and they decide to HOLD the patch for 7 days?!

Phew, good to know that Microsoft has got us covered when it comes to security.... NOT.

OK, so my question is... why even announce that they have a patch if they are not going to release it?

Clint

Thank you for repeating the sentiment of all the other readers who didn't read and/or understand the article.

Dude, I honestly don't mean to be rude, but shut up and quit complaining about every detail. I rather them test something and then release it than release it asap without any proper testing. The fix is coming. I don't think you can do better.

haha sweett!! windowsonecare just gave me pop up notification...i love this!

A security vulnerability in Windows could allow malicious software to infect your computer when opening an infected graphic or a malicious Web site. Microsoft is working on a patch, but Windows OneCare is protecting you now from known viruses using this flaw. As long as your Windows OneCare status remains 'green' or 'yellow' while you're connected to the Internet, Windows OneCare is protecting you. If your status is 'red' (at risk), please either take the requested action or go to the Help Center.

haha sweet! see microsoft is doing something :)

Moderators, I think these should be removed, no?

sp

"Microsoft announced early Tuesday that it had completed a patch for a widely publicized security vulnerability in Windows Media File (WMF) image processing that could lead to a full system compromise. But the fix won' be available until next week"
sp
sp

Figures ! No doubt Microsoft has already patched it's ~own~ machnes.

Why should they be in a hurry about our's ?
sp
sp

The Computer Rodent
sp

I've already had to clean this garbage off of three computers in the last two days.

Ever since I stopped running IE and start using Firefox AND installed MS Antispyware I have never gotten anything. I routinely, out of habbit, install the latest Panda demo, spybot s&s, Adaware and scan my box. Nothing--everytime.

Then again my days of surfing warez, porn and get-rich-quick sites are far behind me. Wonder if that has anything to do with it? ;)

ditto et ditto el ditto. minus MS antispyware

No doubt you have a point... by taking a more umm, respectable, computing approach by avoiding said content, you have increased your own security more than any one of those products alone grants you.

Indeed, I used to be one of those link clickers myself. I forget when it hit but the last thing I caught was the w32blaster.

Wow they have a patch yet we have to wait a week for it!!! How dumb thats just more time to be infected.

Think how many millions of people have these OS's installed. What if the fix opens up a bigger hole or BSD's people? As much as it sucks, I'm glad their testing the patch.

The faster they release something, the bigger chance their is for more problems, think windows 1.0 when they did everything to get it out before Apples first Gui OS. Win 1.0 is the unwanted stepchild of the computer industry.

like yohimbe9 said, its nice to see them putting the effort into testing this.

I generally don't resort to direct attacks, but you, sir, are an idiot... If you read the article, the delay is for "time to test the fix and prepare it in 23 different languages for all affected versions of Windows." Let's see you issue that many translations any faster, or test the millions of configuration scenarios that are created by these fixes.

But that being said, you make a interesting point... more time for people to be infected... Oh wait, that's despite the fact that several sites are reporting that all major antivirus and antimalware vendors are now detecting and removing (if not preventing) most if not all infections.

GoodThings2Life, your attack is uncalled for. It's clear you know a hell of a lot about computers, networking and Windows in general, so why not spend more energy conveying your knowledge to others and politely correcting their erroneous comments? Remember, no one's perfect, as you seem to feel you are. Sure, some of us let our emotions get in the way of pure, boring logic - myself included - but that's no reason to launch unprovoked, venemous attacks on people in this forum. It shows a lack of both character and class.

As for a prompt, effective fix or workaround to the WMF vulnerability, there was one provided yesterday at this link: http://castlecops.com/modules.php?name=Forums Even you have to admit, though i doubt you will, that's a hell of a lot better than MS has done!

There's a lot of work left to be done. "The company says it needs time to test the fix and prepare it in 23 different languages for all affected versions of Windows."

I know I couldn't build patch bundles and test it in 23 different languages in less than umm a week haha.

Actually, your link is an effective method of circumventing the flaw from a 3rd party. F-Secure and the Internet Storm Center have been advertising it. Microsoft, for obvious reasons, discourages this 3rd party patch, and I have to agree with them on general principle. While I do recognize that there are legitimate reasons users may wish to use the patch, and indications seem that it is safe-- I have serious issues with trusting a 3rd party for a security patch. I trust the vendor of the product for security fixes, regardless of product.

As for the attack, I am neither perfect nor believe that I am. I stated plainly that I don't like to spout direct attacks, but I do, however, believe what I said in this case since it is clear that the poster A) didn't bother to read the article, or B) didn't understand the article. Thanks for your concern, however.

probably because if you can't be bothered to read past the first paragraph you deserve whatever name you get. we could all type a long comment explaining the details but he wouldn't read it anyways.

my choice would have been "ignorant idiot" but just plain "idiot" works as well.

You don't know that he didn't read it. Maybe he misunderstood what he read? The point is we're all human beings and are prone to mistakes and misinterpretations, including you. It's just disappointing to see disparraging comments directed toward others in this forum, especially when they are coming from highly knowledgeable people like GoodThings2Life, Wincement and Fewt. It's not their job to educate people in this forum, but politely correcting erroneous comments is the classy thing to do, rather than replying with belittling nouns like "idiot" and "moron". When the latter happens, the thread usually turns into a childish, off-topic mudslinging battle. Personally, I read these forums in hopes of learning something from the three members I mentioned, as well as a few others, but I lose some respect for them when I often see them lower themselves to such an immature level when they launch an attack on someone. Of course it bugs me when any member attacks, but I just expect a lot better from those I've mentioned, because of their very above-average knowledge. They really should strive to maintain a high standard. Besides, it's against the forum rules for anyone to launch attacks on other members. This forum would be far more enjoyable to participate in if everyone strived for higher standards.

My apologies if I portray myself as a choirboy. That's not the case. Just trying to be a positive influence.

GoodThings2Life wrote: "I said in this case since it is clear that the poster A) didn't bother to read the article, or B) didn't understand the article. Thanks for your concern, however."

A communication forum has the potential to serve at least one of two purposes-- to educate, or to entertain... sometimes both. The purpose of any news web site (as is the case with BetaNEWS) is to accomplish education of its readers.

That being said, while I also prefer to promote a positive experience and influence... I prefer to do so through intelligent posting based on fact rather than lazy, unintelligible ranting. I admit I've reach my tolerance level regarding a few of the posters at BetaNews who make it a point to never read and/or understand the articles.

Your point has been noted... twice now. You can step down of your pedistool, because I'm moving on now. Oh and btw, thanks for the compliments to the three of us on our technical merits.

heh

:-)

i have never had a virus..weird huh? none of my rookit/virus/ad-spy-maleware scanners NEVER turn things up...

gee, i guess as long as ur not an idiot u have nothing too worry about..stay updated!!

4years total online ;-)
cheers!

I have come to realize that there are two kinds of people in the world: those that surf the web, and those that USE the web. My parents PC has constantly been infected, because my dad particularly has an interest in "surfing" the web. I, on the other hand, will not even visit a .com site I have not visited before or at least been directed to from a trusted site or what not. I tried Firefox for them but things seemingly got worse.

Restricted their accounts to users, ahh, finally a breath of fresh air. BTW these problems happened on a fully patched system.

WMF aka Windows Metafile is a description of how to rendered, amoung other things. Thing is, the other things in the WMF do not have to relate to images, which is where the problem arises. To add to that, WMF are recognized by a special header, so the extension is not needed. Could be a jpg, rar, zip, html, and it would still attempt to execute the WMF correctly.

At any rate, Anyone that uses IE (which downloads the image without asking), or anyone using FF and who is stupid enough to download random things that pop up are at risk. You are at a higher risk if you also visit questionable websites like sites for warez, porn, hacking, etc.

WMF is a vector image format
vector means lines (shapes) not pixels
(simular to SVG)

WMF is typically clipart
1000s are available thru Microsoft Office and other simular programs or from clipart websites

I dont know of any browser that has the ability to display WMF files - the previews you see on clipart sites are GIF files (pixels, paintings)

So (I think) you would have to download the WMF and open it to be infested

WMF = Windows metafile, as correctly stated later in the article but misprinted as Windows Media File in the first paragraph.