[Dshield] WMF "wait for us" (Interjection)
dshieldlists at versateam.com
Sat Jan 7 00:12:35 GMT 2006
Bryan Hill wrote:
>I am sorry for introducing another variable into this discussion.
>However, can someone kindly tell me if the patch fixes computers, which
>are already compromised by the WMF file?
>If not, can someone please point me to the right direction for a fix for
>that is already thrashed !!!
The examples I've seen cited all point to the WMF simply downloading and
installing relatively well known malicious packages -- backdoors,
keyloggers, etc. These should be detectable by the usual methods. One of
the online scanning services would be a good start.
On the other hand, unless you can prove that you have removed all of the
bad things (which you probably cannot do), you should be suspicious that
there's something else lurking on the compromised machine. The best way
to fix it is to format the hard drive and reinstall everything from
known good media.
More information about the list