[Declude.Virus] Another GDI detection tool

[Greg Little]

in addition to the one from MS updates. http://isc.sans.org/gdiscan.php The notes say to Ignore files in directories like Windows\$NtUniinstallKBxxxxx\ and Windows\WinSxS. These are old versions left behind for uninstal purposes. I included the results from my PC. It looks like most (all?) of the Vulnerable version messages are from things that don't normally run. I think the I386 is used for installs (like the old Win 98 *.CABs). So it looks like I'm clear for now. Even though it may try to sneak back in from an uninstall or install. Greg Scanning Drive C:... C:\I386\ASMS\1000\MSFT\WINDOWS\GDIPLUS\GDIPLUS.DLL    Version: 5.1.3097.0 <-- Vulnerable version C:\Program Files\Common Files\Microsoft Shared\Office10\MSO.DLL    Version: 10.0.6714.0 C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSO.DLL    Version: 11.0.6360.0 C:\Program Files\Microsoft Office\OFFICE11\GDIPLUS.DLL    Version: 6.0.3264.0 C:\WINNT\$NtServicePackUninstall$\sxs.dll    Version: 5.1.2600.0 <-- Vulnerable version C:\WINNT\$NtUninstallKB833998$\sxs.dll    Version: 5.1.2600.1106 <-- Vulnerable version C:\WINNT\$NtUninstallKB839645$\sxs.dll    Version: 5.1.2600.1336 <-- Vulnerable version C:\WINNT\LastGood\System32\sxs.dll    Version: 5.1.2600.1106 <-- Vulnerable version C:\WINNT\ServicePackFiles\i386\sxs.dll    Version: 5.1.2600.1106 <-- Vulnerable version C:\WINNT\system32\sxs.dll    Version: 5.1.2600.1515 C:\WINNT\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13\GdiPlus.dll    Version: 5.1.3097.0 <-- Vulnerable version C:\WINNT\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.1_x-ww_8d353f14\GdiPlus.dll    Version: 5.1.3100.0 <-- Vulnerable version C:\WINNT\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.10.0_x-ww_712befd8\GdiPlus.dll    Version: 5.1.3101.0 <-- Vulnerable version C:\WINNT\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.1360_x-ww_24a2ed47\GdiPlus.dll    Version: 5.1.3102.1360 Scan Complete. --- [This E-mail scanned for viruses by Findlay Internet] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.