Microsoft today released a <strong>patch</strong> for Download.Jet (32 bit edition) which I would highly recommend everyone to install - make sure you select your OS’s language before downloading it. If you don’t want to install the patch and prefer doing it manually then keep reading. I had another <strong>post</strong> a few days ago which talked a little more on this virus, if you care to read.

The issue at heart really is the ADO stream in IE. An ADO stream object represents a file in memory. The stream object contains several methods for reading and writing binary files and text files. When this by-design functionality is combined with known security vulnerabilities in Microsoft Internet Explorer, an Internet Web site could execute script from the Local Machine zone. This behaviour occurs because the ADODB.Stream object permits access to the hard disk when the ADODB.Stream object is hosted in Internet Explorer.

Microsoft has provided two methods that you can use to disable the ADODB.Stream object from Internet Explorer. Only the ADODB.Stream object in Internet Explorer will be affected. No other ADO objects are affected by this change. These methods work by creating the following registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{00000566-0000-0010-8000-00AA006D2EA4}

This registry key has a GUID for the ADODB.Stream object. When Internet Explorer recognises this registry key, Internet Explorer does not permit the component to be started in the browser. The methods to disable the ADODB.Stream object in Internet Explorer are described below:

  1. Click Start, and then click Run.

  2. In the Open box, type Regedit, and then click OK.

  3. In Registry Editor, locate the following registry key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility

  4. Right-click ActiveX Compatibility, point to New, and then click Key.

  5. Type the following name for the key:

    {00000566-0000-0010-8000-00AA006D2EA4}

  6. Right-click the new key, and then click New DWORD Value.

  7. Name the value Compatibility Flags.

  8. In the right pane, right-click Compatibility Flags, and then click Modify.

  9. In the Edit DWORD Value dialog box, make sure that the Hexadecimal option is selected, type 400 in the Value data box, and then click OK.

  10. Close Registry Editor.

When you set the compatibility flag, the ADODB.Stream object cannot access the hard disk of your computer in Internet Explorer. However, the ADODB.Stream object can still access your hard disk outside Internet Explorer.

Links: