Step 1. Reboot your PC. This will remove any infected images that may remain in your PC's memory.

Step 2. Uninstall the leaked MS06-001 patch, if you installed it. The leaked patch is detected by Windows Update and may interfere with installing the official patch.

Step 3. Run Microsoft Update (or sync your SUS or WSUS server to get the update). Install MS06-001 and any other critical patches you may need. If you haven't yet upgraded from Windows Update (WU) to the newer Microsoft Update (MU), you may use WU. But I recommend that you upgrade to MU when WU suggests you do so. MU updates Microsoft Office and other apps as well as Windows.

Step 4. Re-register Shimgvw.dll, if you deregistered it. Complete information on deregistering this file is contained in Microsoft security bulletin MS06-001, in the Workarounds portion of the Vulnerability Details section. To re-register the file, run the same command but leave out the -u and the space after it.

Step 5. Uninstall the unofficial Guilfanov patch, if you installed it. The developer himself and several other experts have confirmed that his patch does not need to be removed before installing Microsoft's official patch, which rewrites files on disk. After installing MS06-001, there is no need for the Guilfanov patch. It fixes the DLL in memory, which is no longer necessary, and his patch should be removed.

Printing problems were reported with some older Windows programs; these issues appear to be related to the DLL file being deregistered. The problems will probably by cured (but not necessarily) by installing MS06-001 and re-registering the DLL, as explained by the ISC.

Coastalan, Inc. 08 January 2006