On Thursday, Microsoft released the patch to remove the “SETABORTPROC” functionality from WMF image processing. The patch is on Windows update as # MS06-001, and should be installed on all systems running Windows 2000 and above. Anyone who previously installed the unofficial patch should first install the Microsoft patch, and then uninstall the unofficial patch.

Anyone who disabled the Windows fax viewer can restore it like this:

To re-register Shimgvw.dll, follow these steps:
1. Click Start, click Run, type “regsvr32 %windir%\system32\shimgvw.dll” (without the quotation marks), and then click OK.
2. A dialog box appears to confirm that the registration process has succeeded. Click OK to close the dialog box.

The WMF abort process security hole doesn’t affect Windows 98. Microsoft has stated that it is a ‘non-critical’ problem in Windows Me, but has not released a patch. In other words: to be continued…

Another day, another cleanup. This morning’s cleanup was described by a new customer like this: “It’s broken. We can’t run our customer database program. The night staff keeps surfing the internet, and loading spyware, so that’s probably it.”

What I found was a computer that, on first look, had shortcuts to software on a drive “y:\” but had no mapped drives, and that was a member of a network named “MSHOME”, which is the default name for new peer-to-peer networks under the Windows XP “run me and I’ll change all your settings back to defaults” network wizard. There was no apparent connection to the network. “System Idle Process” was at 96 to 98%. There was clearly some spyware there, and a peer-to-peer music program, but they didn’t appear to be taking many cycles in Task Manager.

OK, next, ran HijackThis==the log is three pages long; it should be half a page. The customer created their own doorstop. There were four anti-spyware programs running–all trial versions, and an anti-virus program which included anti-spyware features. The anti-virus software was the product installed by Dell at the factory, and long past the 90-day trial. Overall, the anti-spyware had stopped the spyware from running, and from connecting to the network, in much the same way that a very large boulder, when strategically placed on the roof of a car, will act as a parking brake.

After over an hour, I’d chiseled and uninstalled and ripped out junk in Safe Mode until the task list was down to the absolute basics. Replaced the antivirus software, added parental control software to restrict internet access by password, did a scan, and the new Mcaffee antivirus (freeware, if you’re a Comcast customer) reported that it had found two pups. Right–it no longer searches for malware, but for pups. That’s “Potentially Unwanted Programs.” Mustn’t insult the spyware by putting a negative label on it–this is more software written by lawyers.

At some point, consumers are going to have to learn about autoplays and startupware. When they do, if you are a software author whose products autostart without a very good reason, it’s not going to stay installed past a very short trial. And if it does, I’ll personally rip it out as non-essential during the next spyware/virus/generic doorstop service call, because over and over, I’ve seen this pattern of multiple tools to do the same task all running as startupware and adding to the problem. And I’m not alone; every field tech I’ve spoken to does the same. Software must only run when asked to, it should self-repair if needed, and maybe, just maybe, customers won’t blame it when they’ve turned their computers into doorstops.