For this WMF exploit: Until Microsoft patches this thing or your AV provider has updated defs, here are some tips
1. Unregister SHIMGVW.DLL.
This is your best workaround for the time being (realizing that nothing is perfect).
From the command prompt, type REGSVR32 /U SHIMGVW.DLL. A reboot is recommended. (It works post reboot as well. It is a permanent workaround).
You can also do this by going to Start, Run and then pasting in the above command.
This effectively disables your ability to view images using the Windows picture and fax viewer via IE.
However, it is not the most elegant fix. You’re probably going to have all kinds of problems viewing images.
But, no biggie: Once the exploit is patched, you can simply type “REGSVR32 SHIMGVW.DLL” to bring back the functionality.
And, it is a preventative measure. If you are already infected, it will not help.
Works for IE, should work fine for Firefox users as well.
2. Change file associations for WMF files.
Note that if a WMF file was spoofed to look like it was a different type of file (like GIF), this fix wouldn’t do anything. So it’s a pretty weak workaround. At any rate, here it is:
a) Go to My documents, Tools, Folder Options, File Types.
b) Change WMF Image to notepad and select Always Open with this.
Your WMF files will open in Notepad. Ugly and not as effective as unregistering SHIMGVW.DLL.
3. Run IESPYAD.
IESpyad is a free tool that puts block lists into IE’s restricted sites zone. It’s managed by Eric Howes, who works as a consultant for Sunbelt. Sunbelt regularly update him with the latest URLs. Click here for read more.
thanks to sunbeltblog
