 Gdi Scan Tutorial, How to fix the GDI+ JPEG Vulnerability |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site. How to use the self-help guides
This forum contains self-help guides on removing common malware and viruses. These guides can be advanced so please use them at your own risk.
If after following the self-help guide, or you can not find an appropriate guide, then you can receive step-by-step instructions directly from one of our experts by following the instructions in this topic: Preparation Guide For Use Before Posting A Hijackthis Log
  |
 Oct 12 2004, 11:06 AM
Post
#31
|
|
 Bleep Bleep!  Group: Admin Posts: 31,509 Joined: 24-January 04 From: USA Member No.: 3  |
QUOTE 1. Can you expand a bit on the C:\ I36 directory? I have also the ASMS folder within with a bunch of numbered subfolders. Many manufactures or computer vendors copy the entire i386 directory from the microsoft cd to your computer so that if you need to access those files later, to install drivers etc, you can copy the files directly off your hard drive instead of the cdrom. QUOTE 2. I did DL from MS the gdiplus.dll they offer- it is version 3102.1360. Yey my system shows a .dll version # 3102.2180. A newer version than the one they are giving me? Just wondering. Is the one that shows 3102.2180 being seen as vulnerable or possibly vulnerable? QUOTE 3. I realize that after replacing the vulnerable dll with the new one I should scan again. But, how do I check to see that the dll is doing its thing--irrespective of vulnerability? Just test the applications that seem to use the possibly vulnerable dll. If they work fine then you are ok. As always make a backup in case you discover problems in the future. -------------------- |
 |
 
|
|
Oct 12 2004, 11:43 AM
Post
#32
|
|
 Forum Regular Group: Members Posts: 208 Joined: 13-July 04 Member No.: 1,385 |
Thanks for the response-I've already replaced the vulnerable-version in the 1386 Dir on one machine--but it's doubtful that I will ever be able to test/evalute it because I don't think its being used--I will check to see later.
Your question--the newer file is in SYSTEM32\gdiplus--version 5.12600.2180 and is not shown as vulnerable--I am presuming that this dll will be the one used if I do anything with JEPGs.--I will check this also. I would like to know more about the" side by side" stuff-- I will read furiously--TKS 
-------------------- EDBEE from NMUSA- RENOWNED MALWARE FIGHTER AND SWORN ENEMY OF ALL INTERNET HIJACKERS
|
|
|
|
|
Oct 12 2004, 11:58 AM
Post
#33
|
|
|
Bleep Bleep! Group: Admin Posts: 31,509 Joined: 24-January 04 From: USA Member No.: 3 |
I would leave the system32\gdiplus alone. Only replace if its an older version and showing as vulnerable
-------------------- |
|
|
|
|
Oct 12 2004, 04:36 PM
Post
#34
|
|
|
New Member Group: Members Posts: 3 Joined: 7-October 04 Member No.: 3,411 |
I still have one gdiplus.dll left after replacing with the downloaded dll. It only shows up when I do a scan. Please advise.
C:\Program Files\MSN\MSNCoreFiles.BAK.FEC69D39-ADBA-4928-98F0-3571AA97ABDF\gdiplus.dll Version: 5.1.3102.1316 <-- Vulnerable version |
|
|
|
|
Oct 12 2004, 04:52 PM
Post
#35
|
|
|
Bleep Bleep! Group: Admin Posts: 31,509 Joined: 24-January 04 From: USA Member No.: 3 |
In the tutorial it tells you of a downloadable redistributable from microsoft. Please follow the instruction on downloading and replacing the one that you are aseeing as fvulnerable. I am inferring from the pathname that it is a backup file and you are probably not using it, but it is safer to replace it anyway
-------------------- |
|
|
|
|
Oct 12 2004, 05:27 PM
Post
#36
|
|
|
New Member Group: Members Posts: 3 Joined: 7-October 04 Member No.: 3,411 |
I don't want to be a bother, but I am not able to locate that file. Is there some trick to finding it. It doesn't show when I check show hidden files.
Thanks for your quick response. |
|
|
|
|
Oct 12 2004, 07:25 PM
Post
#37
|
|
|
Bleep Bleep! Group: Admin Posts: 31,509 Joined: 24-January 04 From: USA Member No.: 3 |
Click on start, then run, and paste in the following into the field:
C:\Program Files\MSN\MSNCoreFiles.BAK.FEC69D39-ADBA-4928-98F0-3571AA97ABDF\ And press the ok button. That should open the directory if it exists -------------------- |
|
|
|
|
Oct 12 2004, 07:42 PM
Post
#38
|
|
|
New Member Group: Members Posts: 3 Joined: 7-October 04 Member No.: 3,411 |
I guess it doesn't exist.
Thank you for your help. I guess I will have to live with the situation and hope I don't use it. |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 8th November 2009 - 06:58 AM |
© 2003-2009 All Rights Reserved Bleeping Computer LLC.