when I saw the AVG rating as so poor! Then I thought about it and having just been thru such an attack, it occurred to me that the test might be a little off base.
1) Either you've applied the patch and it's not really a problem now...or
2) You haven't and are subject to whatever malware they want to send thru the patch. Trojans, Viruses etc.
The cure for the resulting problems is the same as any other route: Infection specific!!!
If your AVG defs include all current infections: then AVG will spot the activity of it once it lands and tackle it as it did mine. Mine included both trojans & coolweb goodies. The trojan was caught by AVG & the coolweb goodies were removed by Spybot. Normally it's not an AVs job to notify you that are missing various exploit patches (although some do & may even fix exploit (spybot does a very few).
I would expect AVs (AVG or?) Mail Scanner to spot things coming thru that route.
At the moment, it seems everyone who has any Old or New malware program is recycling it via this new exploit and will continue to do so until most are patched and there's no fun or profit left in it.
My AVG reacted & healed the Virus/trojan loaded file in 5 seconds without my taking action, the other components weren't really in AVGs' domaine.
We'll see more & more of this he*lish cross-breeding as writers get more & more skilled in each others specialty field. 
 | Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years. Thanks, CNET Support |
RE; Current WMF Exploit Detection By AV Scans: I Freaked....
Discussion is locked
I just posted on Donna's Post from yesterday. I use AVG, and it's not let me down for almost 2 years. After reading that article, I uninstalled it and since I have been wanting to try Avast, I downloaded Avast 4.6 going to give it a test drive and see if I like it any better.
AVG is probably OK, however I didn't like the test results, seems they should have been better than that. IMHO
Larry
type thing??? Viruses are chased and listed on a regional area basis both to see where it starts & where it's spread to & how fast. Clearly, it's to the AV companies clients interest to, when there's alot of new bugs rushing out, create the definitions for the ones that are spreading quickest locally. AVGs case: Europe.
I noted that at the early stage, it was mostly North American regional AVs that got them all i.e Norton, McAfee, Comp Assoc, etc. Possibly these exploit bugs spread fastest & firstest(LOL) in North America and somewhat later to Europe. (How do I explain F-Secure being there?). Still... disconcerting! 
do not know if I am doing wrong if so delete my post here is http://www.bleepingcomputer.com/forums/topic39047.html
with all indications for preventing this exploit until microsoft has the patch.
I am allways very afraid of Mr. Proffit but you are allways very gentle
I too laughed at Vera's comment -- Mr. Proffitt's bark is louder than his bite. He is very knowledgeable however.
Julea
"An important Note about A-V signatures: As useful as anti-virus protection is as a first line of defense, new WMF exploits are succeeding at bypassing them. So A-V cannot be relied upon. The only safe measure is to install Ilfak's vulnerability suppression solution until Microsoft has updated the GDI32.DLL file and permanently resolved this problem."
Apparently I haven't been visiting GRC enough!!!
Hi, thanks for the info. you sent earlier in reply to the two viruses I just discovered. I'll read your suggestions carefully again and try to understand what's going on. Anyway, regarding AVG, I don't understand why it never notified me or caught those two viruses. Guess I had a false sense of security since I saw other attachments in the virus vault. AVG automatically updates on a daily basis.
AVG basically scans E-Mails coming in and runs a resident scanner. It's mail scanner doesn't(for example scan web based mail: Hotmail)scan other than Outlook/OE.
It's resident scanner keeps watch for Virus Type Behavior (expl: Activity beyond the normal area the file type is expected to utilize i.e a text file trying you move to applications zone).
It's possible that it has no access to Java Cache area to remove something there (similar to System Restore Volume) only to read(scan). Javas whole idea was to keep everything bottled up to help prevent improper migration so I guess it was doing what it should and.. if nothing got out then it wouldn't attract AVGs attention although it would be found during a scan (read of all files).
Avg also has right click to scan any particular file designed for scanning newly downloaded but un-opened files ( say saved to my docs) but will scan any folder it's aimed at within C (OS drive) or externals like floppy disks, CDs, USB storage drive etc.
Since it found them during scan, it clearly had definitions on hand to recognize the 2 you got.
Note: Good idea to delete files in vault as soon as machine is sen to be operating normally.
These are my best guesses. Enjoy!!
Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic