Yup. One can install the third party patch, if one is comfortable with that.
A person with a bit of spare money would be well advised to make sure he is
working with a more up-to-date Intel or AMD CPU that has the no-execute-bit
... and to make sure Windows XP SP2 is installed and DEP enabled so as not to
vulnerable to the exploit nor many other exploits that depend on buffer
overrun.

Dave ,Panda TruPrevent technologies blocked KIX32.exe in your AV-CLS folder
as dangerous operation which tries to modify host files...

Any comments/ according to Panda and ICSA labs ,TruPrevent have 0 % false
positives/...


Panda_man
--
Prevention is always better than cure !
Panda TruPrevent - the most intelligent technology to combat unknown malware
http://www.pandasoftware.com
http://free.hit.bg/fightmalware/homepage_en.htm




"David H. Lipman" wrote:

> From: "Carey Frisch [MVP]" <mrxp2004@nospamyahoo.com>
>
> | Visit the Windows Live Safety Center and use the Complete Scan option
> | to check for and remove malicious software that takes advantage of this
> | vulnerability.
> |
> | Windows Live Safety center
> | http://safety.live.com/site/en-US/default.htm
> |
>
> Carey:
>
> Please /* STOP */ suggesting that web site !
>
> It is a Beta and has the lowest catch rate in the AV industry.
>
> Yesterday I placed three WMF-Exploit file in a folder and scanned the PC. They were
> detected but NOT deleted.
>
> I gave it a Zoo and it had a 22% catch rate. I have been continually testing Windows Live
> Safety and the results are poor to bad. I have been providing feedback to Randy Treit,
> Microsoft, and it was based upon my feedback that the lastest version now allows you to scan
> a particular location and not just all hard disks. However you STILL can't save or capture
> a log of was was performed or found. You can't even copy and paste from the web site.
>
> Just for this post, I tested a Zoo of infectors. 74 EXE only files. I made it *very*
> simple and none were installed into the OS, all are just sitting in a folder and I scanned
> that folder. ALL of these EXE's have been submitted to Microsoft via the submission email
> address prior to this test.
>
> In this test it found oly 43 of the 74 known to be infectors were found.thats only 58% !
> If you are infected with the one of the infectors NOT recognized by the web site you are
> screwed.
>
> I ten took that same zoo of EXE file and scanned with the Kaspersky module in my Multi AV
> Scanning Tool and the Kaspersky web based scanner. The results were 89% of the files were
> deleted ! 8 were left. of those eight that were left, Kaspersky had their infections
> detected BUT the file was not removed for some reason such as...
>
> C:\1\CMDINST.EXE archive: Inno
> C:\1\CMDINST.EXE/data0001 packed: UPX
> C:\1\CMDINST.EXE/data0001 infected: not-a-virus:AdWare.Win32.CommAd.a
> C:\1\CMDINST.EXE/data0001 disinfection failed: not-a-virus:AdWare.Win32.CommAd.a
> C:\1\CMDINST.EXE disinfection failed: not-a-virus:AdWare.Win32.CommAd.a
> C:\1\DH9013.EXE archive: NSIS
> C:\1\DH9013.EXE/data0002 infected: Trojan-Clicker.Win32.Small.jf
> C:\1\DH9013.EXE/data0002 disinfection failed: Trojan-Clicker.Win32.Small.jf
> C:\1\DH9013.EXE disinfection failed: Trojan-Clicker.Win32.Small.jf
> C:\1\MOMSON~1.EXE/bpkhk.dll infected: not-a-virus:Monitor.Win32.Perflogger.g
> C:\1\MOMSON~1.EXE/bpkhk.dll disinfection failed: not-a-virus:Monitor.Win32.Perflogger.g
> C:\1\MOMSON~1.EXE disinfection failed: not-a-virus:Monitor.Win32.Perflogger.g
>
> Scanning the system using the McAfee and Sophos modules in my Multi AV Scanning tool removed
> those remaining 8 files !
>
> I know that you are a MS MVP. That does not mean that you HAVE TO only provide Microsoft
> based solutions. If someone has a problem, and it is security related, please suppl the
> BEST solution and not just a Microsoft solution.
>
> If you are going to give out web sites of online anti virus scanners here is a list of tried
> an true, well exstabled, anti virus vendors..
>
> Kaspersky:
> http://www.kaspersky.com/de/scanforvirus
>
> Trend:
> http://housecall.antivirus.com
> http://housecall.trendmicro.com
>
> Symantec:
> http://security.symantec.com/
>
> F-Secure:
> http://support.f-secure.com/enu/home/ols.shtml
>
> McAfee:
> http://www.mcafee.com/myapps/mfs/default.asp
>
> BitDefender:
> http://www.bitdefender.com/scan/license.php
>
> Freedom Online scanner:
> http://www.freedom.net/viruscenter/index.html
>
> Panda ActiveScan:
> http://http://www.activescan.com/
>
> Computer Associates:
> http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
>
>
>
> Download MULTI_AV.EXE from the URL --
> http://www.ik-cs.com/programs/virtools/Multi_AV.exe
>
> To use this utility, perform the following...
> Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
> Choose; Unzip
> Choose; Close
>
> Execute; C:\AV-CLS\StartMenu.BAT
> { or Double-click on 'Start Menu' in C:\AV-CLS }
>
> NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
> FireWall to allow it to download the needed AV vendor related files.
>
> C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
> This will bring up the initial menu of choices and should be executed in Normal Mode.
> This way all the components can be downloaded from each AV vendor's web site.
> The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.
>
> You can choose to go to each menu item and just download the needed files or you can
> download the files and perform a scan in Normal Mode. Once you have downloaded the files
> needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
> during boot] and re-run the menu again and choose which scanner you want to run in Safe
> Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.
>
> When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
> file. http://www.ik-cs.com/multi-av.htm
>
>
> * * * Please report back your results * * *
>
>
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus

Saucy Lemon wrote:
> Yup. One can install the third party patch, if one is comfortable with that.
> A person with a bit of spare money would be well advised to make sure he is
> working with a more up-to-date Intel or AMD CPU that has the no-execute-bit
> .. and to make sure Windows XP SP2 is installed and DEP enabled so as not to
> vulnerable to the exploit nor many other exploits that depend on buffer
> overrun.
>
>

Microsoft has a patch on their Windows Update web site. It came out today.

--
Alias

Use the Reply to Sender feature of your news reader program to email me.
Utiliza Responder al Remitente para mandarme un mail.

In article <A28C2DB1-0CD9-4CAB-B3EE-2530E757C4B6@microsoft.com>,
Pandaman@discussions.microsoft.com says...
> Dave ,Panda TruPrevent technologies blocked KIX32.exe in your AV-CLS folder
> as dangerous operation which tries to modify host files...
>
> Any comments/ according to Panda and ICSA labs ,TruPrevent have 0 % false
> positives/...
>
>
> Panda_man

I would suggest that you stop using Panda

--

spam999free@rrohio.com
remove 999 in order to email me

From: "Panda_man" <Pandaman@discussions.microsoft.com>

| Dave ,Panda TruPrevent technologies blocked KIX32.exe in your AV-CLS folder
| as dangerous operation which tries to modify host files...
|
| Any comments/ according to Panda and ICSA labs ,TruPrevent have 0 % false
| positives/...
|
| Panda_man

Kix32.exe is the nterpreter. It loads script in the form of .KIX. It will make sure that
the .\etc\hosts file is empty and other things to make sure that malware has not altered the
OS such that that the utility can not go to the respective AV vendors web sites and download
the needed files.

I suggest that Panda is mis-interpreting that activity. Since KiXtart is interpreted code,
it is open source and one can examine the KIX files and see there is NO malicious activity
being performed.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

A remote code execution security issue has been identified
in the Graphics Rendering Engine that could allow an attacker
to remotely compromise your Windows-based system and gain
control over it:

Microsoft Security Bulletin MS06-001
Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution
(912919)
http://www.microsoft.com/technet/sec.../ms06-001.mspx

Security Update for Windows XP (KB912919)
http://www.microsoft.com/downloads/d...displaylang=en

--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User


"doofdaddy@gmail.com" wrote:

> Is there a way to search the PC to see if you have been exploited? I
> use Zone Alarm and my AV is up-to-date. I also use MS Antispy.
>
> How would I know if my PC was breached? Is there a scan or somethign I
> can do to see?
>
> Thanks

>>
I know that you are a MS MVP. That does not mean that you HAVE TO only
provide Microsoft
based solutions. If someone has a problem, and it is security related,
please suppl the
BEST solution and not just a Microsoft solution.
>>

100% agreement on that. On security matters the users PC safety should come
first.

Stephen Howe

Just for your information ,today I renewed my services and bought Panda 2006
for my personal PC so Panda will be protectiong my computer the whole 2006
year.
:-)


Panda_man
--
Prevention is always better than cure !
Panda TruPrevent - the most intelligent technology to combat unknown malware
http://www.pandasoftware.com
http://free.hit.bg/fightmalware/homepage_en.htm




"Leythos" wrote:

> In article <A28C2DB1-0CD9-4CAB-B3EE-2530E757C4B6@microsoft.com>,
> Pandaman@discussions.microsoft.com says...
> > Dave ,Panda TruPrevent technologies blocked KIX32.exe in your AV-CLS folder
> > as dangerous operation which tries to modify host files...
> >
> > Any comments/ according to Panda and ICSA labs ,TruPrevent have 0 % false
> > positives/...
> >
> >
> > Panda_man
>
> I would suggest that you stop using Panda
>
> --
>
> spam999free@rrohio.com
> remove 999 in order to email me
>

Well ,ok.Seems normal.

I sent the file for analyze to Panda as it was suggested by TruPrevent so I
am waiting for a reply from them and will keep you informed ,Dave.


Panda_man
--
Prevention is always better than cure !
Panda TruPrevent - the most intelligent technology to combat unknown malware
http://www.pandasoftware.com
http://free.hit.bg/fightmalware/homepage_en.htm




"David H. Lipman" wrote:

> From: "Panda_man" <Pandaman@discussions.microsoft.com>
>
> | Dave ,Panda TruPrevent technologies blocked KIX32.exe in your AV-CLS folder
> | as dangerous operation which tries to modify host files...
> |
> | Any comments/ according to Panda and ICSA labs ,TruPrevent have 0 % false
> | positives/...
> |
> | Panda_man
>
> Kix32.exe is the nterpreter. It loads script in the form of .KIX. It will make sure that
> the .\etc\hosts file is empty and other things to make sure that malware has not altered the
> OS such that that the utility can not go to the respective AV vendors web sites and download
> the needed files.
>
> I suggest that Panda is mis-interpreting that activity. Since KiXtart is interpreted code,
> it is open source and one can examine the KIX files and see there is NO malicious activity
> being performed.
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>
>

by the way ,I totally agree with you about the part with the Live Scan from
Microsoft



Panda_man
--
Prevention is always better than cure !
Panda TruPrevent - the most intelligent technology to combat unknown malware
http://www.pandasoftware.com
http://free.hit.bg/fightmalware/homepage_en.htm


"David H. Lipman" wrote:

> From: "Panda_man" <Pandaman@discussions.microsoft.com>
>
> | Dave ,Panda TruPrevent technologies blocked KIX32.exe in your AV-CLS folder
> | as dangerous operation which tries to modify host files...
> |
> | Any comments/ according to Panda and ICSA labs ,TruPrevent have 0 % false
> | positives/...
> |
> | Panda_man
>
> Kix32.exe is the nterpreter. It loads script in the form of .KIX. It will make sure that
> the .\etc\hosts file is empty and other things to make sure that malware has not altered the
> OS such that that the utility can not go to the respective AV vendors web sites and download
> the needed files.
>
> I suggest that Panda is mis-interpreting that activity. Since KiXtart is interpreted code,
> it is open source and one can examine the KIX files and see there is NO malicious activity
> being performed.
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>
>