Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

JPEG Virus spreading through AOL Instant Messenger


  • Please log in to reply
6 replies to this topic

#1 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,593 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:23 PM

Posted 01 October 2004 - 02:13 PM



Experts at SysAdmin Audit Network Security, or SANS, have been receiving reports of a new virus using the GDI+ JPEG Exploite spreading via AOL Instant Messenger


As of right now there are two reported messages that people are receiving:
  • Check out my profile, click GET INFO!
  • hi you. Look at my new profile. click on GET INFO!
When a user clicks on the links in the message it will attempt to infect you with the virus. It is very important that you make sure you have all your Windows Updates. I also recommend that you read my tutorial on using GDIScan in order to remove this vulnerability from your computer. A link for that tutorial can be found below.



BC AdBot (Login to Remove)

 


#2 georgia

georgia

  • Members
  • 567 posts
  • OFFLINE
  •  
  • Local time:09:23 PM

Posted 06 October 2004 - 02:55 PM

I have followed all of the steps above reviewed the MS04-28 and the MS04-27 (M$ Office) and followed all the instructions ...applied patches and downloaded updates. I used my Office CD when required. Performed a SANS scan after and still had the same vulnerabilities show up. I had a tech check the work that I did and he said it was fine. I am not the only one there are 3 others in my group that have this same dilemma.
i look forward to comments as the tech said it is very unclear as to whether the computer is secure from the vulnerability or not.
If the SANS still says it is still there he said he would believe it still is.
Comments please.
Talent is a flame. Genius is a fire.

#3 Grinler

Grinler

    Lawrence Abrams

  • Topic Starter

  • Admin
  • 43,593 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:23 PM

Posted 06 October 2004 - 04:15 PM

Post a log and I will see if I can give you some advice.

Have you read this tutorial?

http://www.bleepingcomputer.com/forums/t/3077/gdi-scan-tutorial/

#4 georgia

georgia

  • Members
  • 567 posts
  • OFFLINE
  •  
  • Local time:09:23 PM

Posted 07 October 2004 - 02:54 PM

Yes I did read this and used it as a base to do the tasks required to get rid of the vulnerability.
Now the problem is that I am such a novice I do not know how to create a log and then get it to the posting stage :thumbsup: ....you probably find this foolish.
I tried google and could not find the process and so I thought I should submit this post.
I am new to forums and thus don't really understand how to correctly go about resolving this issue by tools that are used by members in order that they may help.
For this I apologize and ask for your patience.
. I document new information that I learn in a journal so that I won't foolishly have to ask the question again.
Thankyou
Talent is a flame. Genius is a fire.

#5 Jacee

Jacee

    Bleeping around


  • Malware Response Team
  • 3,716 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:23 PM

Posted 07 October 2004 - 03:15 PM

Hi georgia :thumbsup:
Follow this tutorial...it's how to use HijackThis! And it tells you how to save a log and post it:
http://www.bleepingcomputer.com/forums/ind...torial=42#intro

Make a permanent folder for HijackThis!

Click My Computer, then C:\
In the menu bar, File->New->Folder.
That will create a folder named New Folder, which you can rename to "HJT" or "HijackThis". Now you have C:\HJT\ folder. Put your HijackThis.exe there, and double click to run it.

MS_MVP.gif
MS MVP Windows-Security 2006-2016
Member of UNITE, the Unified Network of Instructors and Trusted Eliminators

Admin PC Pitstop


#6 Grinler

Grinler

    Lawrence Abrams

  • Topic Starter

  • Admin
  • 43,593 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:23 PM

Posted 07 October 2004 - 04:20 PM

Hi jacee...i think Georgia wants to post the gdiscan.exe log.

Georgia...run the gdiscan.exe program and then click on the clipboard button.

Then make a reply to this post, and right click in the message area where you normally type, and right click and click on paste.

That should put your gdiscan.exe log into a reply here

#7 Jacee

Jacee

    Bleeping around


  • Malware Response Team
  • 3,716 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:23 PM

Posted 07 October 2004 - 06:46 PM

Ahh, it looks like I've missed my comprehensive reading class :thumbsup:

MS_MVP.gif
MS MVP Windows-Security 2006-2016
Member of UNITE, the Unified Network of Instructors and Trusted Eliminators

Admin PC Pitstop





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users