This has blown up big time in the last 3 days: http://www.f-secure.com/weblog/

Yeap.. This Wmf so far is not patched, and probably impossible to patch. I've read somewhere detailed before..

Here's the link
http://www.updatexp.com/wmf-exploit.html

hmm .. i think i ever find it 1 weeks ago. i think this is normal virus or trojan. but it hard to be cleaned.


from this information i know it is wmf exploit.

i will to give you solution i ever do if your computer is infected

1.update all of your antivirus definitions
2.try to find ad-aware personal ( www.lavasoft.com ) and update definitions too
1 recomended personal because this is free for private use
3.after you download the definition and the software in your pc ,reboot your pc and start ing it in SAFE MODE

4. run all scan using your anti virus and ad-aware personal ( you can try other spyware remover) after virus found you can remove it.

5. restart your pc after you scan it

6. just waiting for 5 minutes for make your pc clean


this is for XP user.

you can me other suggestion if you have other best solution ...

thank you

No it's not. Did you even read the link?

I've already had an encounter with the .wmf file, it downloaded and installed several spywares and fake anti-virus programs onto my computer. A little pop-up that looked like a windows update button appeared on my task bar, and it said something about my computer being infected, and that it needs to install the newest up-to-date anti malware program. I tried to X it out, but missed, and it installed "SpyAxe 3.0" on my computer.. and I had great difficulty removing it.

If you get exploited by the WMF file, I suggest looking at the processes running, and looking for abnormal ones and researching them. If you find them to be spyware, etc, then search google.com for ways to remove them.

The process running on my computer was mssearchnet.exe, and I searched and found a way to do it. If you need any help removing your spyware, PM me, or post in this topic for more help .

I've encountered the .wmf file also. It was downloaded into my temp directory, it managed to open a windows fax viewer window but was blocked at that point by my anti-virus.

Some .wmf files indeed contain virus inside their bytecodes. But the exploit in .wmf format is more than just capable of storing viruses inside them. It's an exploit that cannot be fixed. So virus writers now know of this exploit, and certainly uses them to intrude your data. If that's the case, and since this exploit cannot be solved, it will be undetectable by firewalls and antivirus softwares. Probably that ones that you had encountered were indeed natural virus files that were not based on that exploit. It will be even more damaging with its based on the exploit.

The guy who posted his own patch in the first link I gave has had so much traffic to his site that his ISP shut his site down.

sorry friend i mean at the first sight i think this is only normal spyware.but after 3 days i can't clean that pc .. so i think this is serious ..