This article is four days old, and I meant to post on it right away. All versions of Windows are affeceted, regardless of whether you’re updated with Windows patches.

One of my customers got infected already, and there was nothing I could do to fix it. By the time I got my hands on the computer, I took the hard drive out, stuck it in another machine, and could not even read the Windows directory anymore.

Watch for the large circular RED X in your tray area by the clock. If you have it, it may be too late, but CounterSpy will likely be the first to have a successful removal tool, if they haven’t already.

IMMEDIATELY DO THIS TO PROTECT YOURSELF! –
Logon as a user with full administrative rights.
Click the Windows “Start” button and select “Run…”
Enter the following (copy and paste) into the “Open” field:
regsvr32 -u shimgvw.dll
Click “OK”
and, you will receive a confirmation prompt, and your system is now safe.
* (Note that this WILL temporarily disable the “Thumbnail” view in Windows Explorer and Window’s Image and FAX viewer, because THEY ARE NOT SAFE!)

To eventually re-enable the “SHIMGVW.DLL” component once Microsoft finally patches it…
Logon as a user with full administrative rights.
“Start” button and select “Run…”
Enter the following:
regsvr32 shimgvw.dll

(Note this is the same as the one above, but no “-u” for “uninstall”)
Click “OK” to re-register the .dll file that is being exploited.
((Thanks to http://grc.com/sn/notes-020.htm for this detailed information)

Basically, you know you that should stay out of bad neighborhoods on the web, but this article will really open your eyes. Now you have proof!

Here’s the blog that I first read this news on…
Sunbelt BLOG: New exploit blows by fully patched Windows XP systems

I got an email today from one of my old computer repair customers in Portland that told me I was sending out viruses, and wondering how I could be so careless.

I know darn well I’m innocent, but trying to explain that to people can be a pain in the neck. Now, when someone tells you that you sent them a virus or a phishing scam, you can just send them a link to this blog post.

Basixcally, what’s happening is that spammers are using anydomainname.com to send out their mail messages. when someone goes to reply, it looks to the user like it came from you.

 

However, if they were to view the headers of the email, they would see that is really came from elsewhere.

For a more technical explanation of “spoofing” read this, but you can likely take comfort in knowing that you’re not sending out spam. Unless of course, there’s spyware on your computer?

 

Brad Franklin in Boise Idaho is offering an onsite computer repair visit to clean up spyware on home user PC’s for a flat fee of just $45. That’s a pretty good deal to get clean, and get protected. To reach Brad, email him at brad@pdxtc.com.

Brad used to be the store manager of Cyber Exchange in Gateway, and is now with a large mobile phone provider. However, he still makes office and house calls…

Lots of people saw the spyware show on our local Portland TV Station KGW. I stayed at KGW TV station after the segment aired answering chat questions for nearly two hours. There sure was a lot of interest, and my wrists are still sore!

Here’s a link to the story

And here’s my critique –

1. Someone in the KGW chat night said that the woman at AAA roofing did not seem to have a spyware problem, since she had an SQL error page. At the time I thought the same thing, but in reality, she did. She had what’s called a “redirected home page” or “hijacked home page”, and that page is what was giving an SQL error. The SQL error looked like it was coming from a web host. Winpatrol fixed it, restoring her default homepage, and that was likely spyware.

2. This point was not made well…You often need to use at least two spyware removal programs to insure you are clean.

3. Why would I pick that day to wear socks and sandals? My brand new sandals needed a little breaking in, just wearing them around the house. I forgot I was going to be on TV!

“Phishing” scams are now actually punishable by law in California, Reuters reported Friday. Read the full story here.

That doesn’t mean much to the thousands of people that continue to fall for them on a daily basis, but at least it’s a start. For more information about Phishing, visit AntiPhishing.org.

As this article points out, some estimates of the financial risk posed by Spyware may have been inflated, but that’s not to imply that it’s still not a horrible plague.

The moral of the story? Make sure you’re running Windows Service Pack 2 and all the Windows updates!

In a review of seven antispyware products, PC World gave Counterspy its Best Buy award for delivering the highest spyware detection rate. CounterSpy was found to be the most capable antispyware program, providing an overall scanning efficiency of 85%. You can try it out here…

There ia a new spyware worm called P2Load.A that actually makes a copy of the Google website, and when you try to go to Google, you are redirected to an exact replica of Google, showing search that show only advertising. Pretty clever huh? Read the full story here

The way this program spreads is through file sharing programs, also known as P2P networking. So…don’t steal music & software and don’t use the free file sharing programs and you should be okay!

Doesn’t it make you wonder if the record and movie companies are writing spyware and dumping it on the p2p sharing networks?