Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions


This is the place for general discussions - we are a family site - no bad language, no flames.
A Moderators word is final.


Unread postby TheGuardian » January 5th, 2006, 2:06 pm

I don't know if anyone has heard anything about this Microsoft exploit (WMF exploit) but i figured i would let anyone who didn't know about it know and also share this information about a new virus that uses the exploit. This information was received from Panda (Anti virus Company):

WMFMaker is a program for creating WMF (Windows MetaFile) images that exploit a critical vulnerability in Graphics Rendering Engine. This vulnerability lies in how Windows 2003/XP/2000/Me/98 handles WMF (Windows Meta File), and therefore, all applications that handles this type of file are affected, such as Internet Explorer and Microsoft Outlook. WMFMaker can be used to create images that run any type of malicious code -Trojans, worms or any other type of malware- in the computer affected by this security flaw.

WMFMaker is designed to be used from the commandline, by including the full path of the tool and of the executable file that will be included in the WMF and run if the vulnerability is exploited. By doing this, a file with a .wmf extension is generated under a name that varies between "evil.wmf" and the name of the executable file included inside it.

Malicious WMF images created by WMFMaker can be distributed through different means, such as housing it in a web page and persuading users to visit it. If the victim uses Internet Explorer, when accessing the malicious web page arbitrary code can be run automatically. However, if a different browser is used, the user will be warned that the file will be downloaded.

Until Microsoft releases the patch to fix this vulnerability, as well as ensuring that anti-malware solutions capable of blocking code that exploits this flaw are installed, users are advised to adopt a series of other security measures including the following:

- Read email messages in Plain Text.

- Don't click on links received via email or instant messaging from unknown senders.

- If you have Windows XP installed, enable DEP (Data Execution Prevention).

Hope this information is found helpful.

TheGuardian :idea:
User avatar
Regular Member
Posts: 36
Joined: September 30th, 2005, 4:07 pm
Register to Remove

Unread postby ChrisRLG » January 8th, 2006, 6:15 pm

Bump reply - to remove from the zero reply topics list.
Administrator Emeritus
Posts: 17759
Joined: December 16th, 2004, 10:04 am
Location: Southend, Essex, UK

Return to General Discussions

Who is online

Users browsing this forum: No registered users and 4 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware