people, posting yesterday is not a hoax! YOU MUST DISABLE ICONS in Windows.

false. The *.LNK processor within Explorer is misfunctioning.

NTFS knows hardlinks and softlinks.

You can embedd Code inside the *.LNK, has nothing to do with where it leads to or from. The code is inside the icon.

Since Vista and 7 also virtual links to virtual folders and virtual registry hives ( virtualized User Profiles / User Account Control ) . If this *LNKs are manipulated,it can redirect to real folders and the real registry.

If you dont understand how the mechanism is working, read again Microsofts Advisory. YOu are know the third one I told so.

thanks for the insight OP. The fix is quick and painless. I appreciate it.

I was on my little netbook yesterday for awhile...I used it again this morning and it was running very slow, thought I'd degragment, when degraging started a warning popped up saying I had malware, I quarentined it, then I had to re-start the computer, after that it ran fine again...not sure if this was related??? I'm not an expert.

This vulnerability is most likely to be exploited through removable drives. For systems that have dont_use_this disabled, customers would need to manually browse to the affected folder of the removable disk in order for the vulnerability to be exploited.

I don't use removable drives, so no problem.

Quit exaggerating what it really is!

Feeling comfy in your chair knowing that it doesn't affect you...

YET?

Keep on top of things because there are no victims, only the pwned.

how foolish you are to read only "removable drives" ?

A networked folder somewhere, a usb drive, a extrenal disk, a ftp folder in icon view, hell even "online storage" uses all what exactly ?

Answer : ICONS.

At the bottom of your screen should be the "taskbar".
Look for the word "Start" on the taskbar.
Click on that, and the Start Menu should appear.

Simple Fix... Delete WinBlows, and install Ubuntu Linux

Everything has (or is) code attached to it.

Viruses are code.

There you are..

For the love of god, just switch to ubuntu or mint.

Thanks for the update.

If anyone bothered to read the OP's reference one would
discover the OS's affected:

Windows XP Service Pack 3

Windows XP Professional x64 Edition Service Pack 2

Windows Server 2003 Service Pack 2

Windows Server 2003 x64 Edition Service Pack 2

Windows Server 2003 with SP2 for Itanium-based Systems

Windows Vista Service Pack 1 and Windows Vista Service Pack 2

Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2

Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2

Windows 7 for 32-bit Systems

Windows 7 for x64-based Systems

Windows Server 2008 R2 for x64-based Systems

Windows Server 2008 R2 for Itanium-based Systems

See? It's not all MS systems.

I never updated to XP SP3 because of unresolved questions
as to what it fixed.

Long ago I disabled a number of services that had no use
for a personal computer situation.

I tried versions of Linux many years ago but the applications available didn't accomplish what I needed; and
there are still no apps for what I do under Windows, or it
is that the apps involve commandline switches that boggle
the mind.

In over 20 years I've had only one infection that was fixed
by reinstalling the OS, updates and a few programs: one day
lost.

I now run xp sp2 with a third party firewall, an html filter
and a physical firewall/router.

Get with it people.

Sheesh.

Well, you'll find XP SP2 and SP1, SP0 (no SP) all have the same problem. Sticking with SP2 won't help you. This is because Micro$oft only list supported OS's in their reports.

For those that still need some "English" clarification on what's going on:

Windows uses an internal routine (program if you like) to display the icons associated with .lnk files.

The bug that's been found allows hackers to create an icon .lnk file in such a way, that when the internal routine goes to display that icon, it runs the hackers program instead, thus infecting your computer.

This routine has always had this bug, only now, the hackers know about it and are making use of it.

Not just removable drives but anywhere a .lnk is being accessed/displayed. This can USB drive, Network share, internet explorer shortcut, any other program the uses the routine to display an .lnk file.


Something someone needs to check, I don't use windows here so can't. Can someone (after switching off the .lnk files) check to see if internet explorers webpage icons (the alien on GLP for example) are still displayed in the title bar and tabs or wherever they are meant to be.
If these icons are normal, that's ok, if they are also blank icons (like the ones now in your start menu) then there is a possible infection route simply by going to a website (via IE) with an infected icon. Can someone check these type of icon and post for all here please.

I think this is fake.

You think what you like!
[link to www.microsoft.com]

THIS god pinned, OMG.

Sorry, there's nothing called "IconHandler" present in my registry.

Either Microsoft doesn't know how to instruct people properly on their own operating systems, or this is just plain ol' bullshit.

because m$ told me, i will do it. it will do. suck off.

I agree....I don't understand SHIT here, i am not a nerds...

This doesn't make sense, it does sound like a hoax from MS, something not right here

If this is serious, how come MSM haven't report this, they alwasy report serious virus


I smell bullshit, a icon? give me a break

We get 1 million new virus everyday, you can't beat them all the time.

what about GLP icons?

could this attack you?

Perhaps the key is in a different spot on some windows versions, micky$oft are sill at (ALL) times.

Oh, I'm sure they could beat them all if they really wished - it's just more profitable to not beat them is all.

eh I use a live cd and if and when something does happen ill just use kill disk and reinstall the os from a freshly known uncontaminated backup iso

sill = silly, keyboard ran out of y's for a moment.

It looks like Sophos have a fix. In the demo they use the example of a USB stick, remember it could just as well be a network drive with a bad icon.

[link to www.youtube.com]

2 words..

Fuck off


yes the wonderful y2k of computing.. im calling BS, you sound like a bunch of scared schoolgirls having just walked out of sex education 101 and learned about all teh nasty STDs in the world.. everyone's a professional huh.. I say again fuck off


I use the computer as a tool, it doesn't control my life
nothings actually on the bloody thing that I couldnt afford to lose

I dont give a shit,
more people shouldnt too

but noooooo scramble around like ants on a hotplate, install teh linuxorz omgz and all that, here comes the rush of linux fanboys I can hear them thundering down the hallway now

let the bullshit commence
I predict mass suicides

I couldn't find the HKEY_CLASSES_ROOT\lnkfile\shellex\IconHandler
line in my registry either.
Microsoft does have a workaround patch you can download and use.

Longer version

[link to www.youtube.com]

that's why you should buy a mac.

Lookup a 1994 game Operation Innerspace its great :)

You collect icons and destroy infected icons.. its a 2d space shooter. but the things you collect and destroy are actually Icons from your computers directory

Reminds me of this, in a good way