Jump to content


Gold beta testers
  • Content Count

  • Joined

  • Last visited


About gahbmwM5

  • Rank
  1. Could not have stated this better myself... Especially Dmitry, outstanding explanation with pictures~
  2. Good deal here lucianbara, As I recall our discussion here with Whiz in the KIS_KAV6 Beta Forums some 1 to 2 months ago... Even KL6 Senior Researcher, Mike was brought into the discussion...now I need to find that thread...I think that I 'Tracked it'.........will check later on for sure. But Mike gives some well needed advice_input_explanation on this topic... Ok found the thread and for those with patience who are willing to review this entire 11 page thread: Titled:' build 297h Bug Thread'... (KIS_KAV6 Beta Forums) Pg 2-3: Replies and pics from me and Whizard: Posts #34, #35 http://forum.kaspersky.com/index.php?showtopic=11233&st=20 ______________________________________________________________ Then information from Mike-Senior Researcher KL: Post #205 http://forum.kaspersky.com/index.php?showtopic=11233&st=200
  3. Hey Whiz, Maybe you could get sobko to review this thread (if KL2006 Dev & Virus Specialists) already have not reviewed this entire thread.. (PM Sent) On my MSN Messenger 8.0.0566, I noticed this see 'ss' on 2006.03.25, but I ran a complete Full system scan and nothing turned up... So I just ran a scan on my \MSN Messenger Directory and again nothing turned up, and AFAIK nothing on my laptop is acting usual... Just completed a 'Critical Area scan' which I saw the: c:\Program Files\MSN Messenger directory got scanned again...nothing picked up I routinely do a once a week full system scan ***
  4. If there is any postive aspect from this, this comes from the Microsoft Security Advisory (917077): Note Customers who use the Microsoft Internet Explorer 7 Beta 2 Preview that was released on March 20, 2006 are not affected by the public reported vulnerability. Microsoft Security Advisory (917077) Currently have it installed: IE 7 Beta 2 Preview b7.0.5335.5 ***
  5. Yes indeed as I too receive a warning about 1-3 times a day, with my KIS6.0.0.297b RC C11 build... Galileo was quick to inform about the details, and for 'no worries'... But additional info is good...
  6. Smokey & saso, Ok gents thanks for the advice...I will de-install wmffix 1.1 patch and then install 1.2. As I'm still feeeling the effects on all the libations from last night, this dam paranoid feeling was multiplied...! Here is a link to Peter(6) thread @Mozillazine as it was the BranchBuild for 20051230: The Official Win32 20051230 [branch] build: Mozillazine Official Win32 [branch] build thread And here is the Mozillazine ftp server link: Mozilla ftp servers for 1.5 Branch Builds Where I received the above (hopefully false-positive was): firefox-1.5.en.US.win32.zip 30-Dec-2005 12:34 6.5M Maybe saso (as you are much mor advanced knowledge then me on this, you could possible send a note to NewVirus@KavLabs, as I know that you too are beta testing KAV2006 builds... The above thumbnail ss were with my Sig Testing Kav253 build *** Thanks... Maybe more appropriate action would be if either KL Forums Mods Don P or Gallileo could possibly move these two above replies into the KAV253 Build thread within the KAV_KIS Beta Forums...?
  7. Thanks Smokey for all the updates, as I did install wmffix 1.1hexblog patch about 5 hrs ago... I just used FF1.5 (Nightly) to download manually from the Mozilla ftp servers (all link are given daily on Peter(6) Builds thread @Mozillazine and got this: Any advice on this?? Thanks... P.S. I just put this here on this thread, not knowing if this is indeed related?
  8. Smokey, You have the patience of a 'Saint'... I found it, and edited the thumbnail... Anyways grnic just posted this on the KAV_KIS2006 Beta Forums on a thread there: grnic QUOTE(Sanja @ Dec 30 2005, 08:36 PM) i`m intrested in - will kav / kis 6 any build detect (catch) buffer overflow? caused by this exploit... so is there anything good from this feature? smile.gif or it is just marketing stuff wink.gif * "Yes, KIS/KAV (builds 252+) can detect such exploit (also) by PDM."
  9. lol, Hi Smokey, Maybe I need to give the 'puter a break'... m8, I can only locate this one string: Edit: Sorry been up-too-late kind-of-burnt out:
  10. Hello Smokey, I do appreciate the time & effort you put into investigating this 'somewhat un-clear confusing issue' for me... I am not on a corporate network environment, just my single laptop with wired Belkin NIC and Verizon DSL. I too have spent the last several hrs 'using Google' to see if any solutions_work-arounds came up on the web. Where I am pondering about (at least on my just formatted WinXP SP2 laptop) is if these .reg files are actually being entered into my regedit (even though Rt clicking on them and selecting 'Merge' always produces a 'Success message'.. What comes to mind is this .reg file produced by one of KL2006 Developmental Team: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\AVP6] "TraceConsoleEnable"=dword:00000001 "TraceDebugEnable"=dword:00000001 "TraceFileEnable"=dword:00000001 "TraceConsoleMaxLevel"=dword:0000012c "TraceDebugMaxLevel"=dword:000001f4 "TraceFileMaxLevel"=dword:000001f4 I copied and pasted into my notepad then saved it as a .reg file, then Rt clicked to 'Merge' which it stated was Successfully Merge... However upon system reboot, these entires were not entered...so I then went into Safe-mode, and repeated the entire scenario..Successful Merge. Rebooted again and the entries were not applied-lol ? So I manually went into regedit and changed them, so that I could then have Level-500 Trace Logs to upload to KL ftp servers for analysis... This brings to the WPFV_disable.reg file, it stated that it successfully Merged, but I am still able to open files in WindowsPicture & Fax Viewer...I then manually tried to find the certain regedit entires that the above WPFV_disable.reg file applied but could not locate them, so I guess I'm fine...lol
  11. Hi Smokey, lol, I guess where I'm confused is...Did the above WPFV_disable.reg file which stated successfully 'merged'...which I then rebooted just to make sure all files were cleared... Upon system reboot, WindowsPicture & Fax Viewer is still opening up Explorer thumbnails? And when going to file types: From my understanding, WindowsPicture & Fax Viewer should be now disabled, but any Thumbnails would then open via AxialisIcon Workshop...This question is for our entire collective membership as I do not want to feel like they are being put-on-the-spot...
  12. Thanks for the additional info to both Smokey & Don P... Question, as those of us KAV_KIS2006 Beta testers are all patiently awaiting a response from KL2006 Team if indeed we are currently protected, or...? Until then I have decide to utilize the WPFV.reg files and successfully 'merged': WPFV_disable.reg---->and reviewed this from this link section (as Smokey kindly added) "Note: If you unregister shimgvw.dll, Windows Explorer will not display thumbnails anymore. So the registry tweak is a much better way to disable WPFV. If PhotoEd is installed, it will open picture files after WPFV is disabled." Now after rebooting, (I do have Axialis Icon Workshop 5.1 Corporate Ed installed), I can still view Windows Explorer thumbnails...it open in Windows Pic & Fax Viewer? The way I read the above "If PhotEd is installed, it will open picture files after WPFV is disabled." Meaning my Explorer thumbnails should open in AIW5.1 ? Slightly confused... Thanks This a ss of Windows Picture & Fax Viewer the WPVF_disabled.reg file was successuly merged and I even rebooted to make sure..is this correct...?
  13. Just found this info... http://isc.sans.org/ Quote: Update 23:19 UTC: Not that we didn't have enough "good" news already, but if you are relying on perimeter filters to block files with WMF extension from reaching your browser, you might have a surprise waiting for you. Windows XP will detect and process a WMF file based on its content ("magic bytes") and not rely on the extension alone, which means that a WMF sailing in disguise with a different extension might still be able to get you.
  14. Smokey & Don P., lol...yes I had to look twice to be able to view this in the MS Security Bulletin! Curious too as earlier today before this was all news, I was surfing with FF 1.5 (not down my usual Conservative site path-lol) and out-of-the-blue I received small pop-ups: picture.wfm is ready to be opened in: Windows Picture & Fax Viewer *** Of course, I just canceled it, but now this scenario is starting to come together... Have utilized FF since the days of Pheonix 0.5, and am now using Opera 9 TP1, as I'm not immature enough to get involved_cuaght-up in the browser wars, but just looking for a browser that is fast, safe, and secure...lol Will have to check-out Mozillazine forums to get the latest news..
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.