Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > "q.vbs" found in Winnt\system32

Reply
Thread Tools

"q.vbs" found in Winnt\system32

 
 
ZugZug
Guest
Posts: n/a
 
      01-24-2004
I found a vbs script that was inserted into my winnt\system32
directory called q.vbs. Apparently this file attempts to download and
launch a trojan. Even though I had NAV it never detected this file
and I only noticed it because my software firewall warned me it was
attempting to go to the attached website.

Apparently this vbs can be created through an html file. My questions
is...is there any way to stop these types of things from downloading
without disabling all of the scripting features in IE? I can't
beleive that this is even allowed to be created in my Winnt\system32
directory!!!

Does anyone have any suggestions on how this could be avoided? Please
no smart @ss answers about not using Windows and switching to Linux.

Thanks,
ZugZug
 
Reply With Quote
 
 
 
 
kulm_nd
Guest
Posts: n/a
 
      01-24-2004
Do not use IE, Mozilla and Opera are fine browsers and have fewer security
problems.

If you must use IE, set the security and other settings to stop scripts and
set Outlook Express to stop previewing e-mails.

--

************************************************

g-w


"ZugZug" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) om...
> I found a vbs script that was inserted into my winnt\system32
> directory called q.vbs. Apparently this file attempts to download and
> launch a trojan. Even though I had NAV it never detected this file
> and I only noticed it because my software firewall warned me it was
> attempting to go to the attached website.
>
> Apparently this vbs can be created through an html file. My questions
> is...is there any way to stop these types of things from downloading
> without disabling all of the scripting features in IE? I can't
> beleive that this is even allowed to be created in my Winnt\system32
> directory!!!
>
> Does anyone have any suggestions on how this could be avoided? Please
> no smart @ss answers about not using Windows and switching to Linux.
>
> Thanks,
> ZugZug



 
Reply With Quote
 
 
 
 
Quaoar
Guest
Posts: n/a
 
      01-24-2004
kulm_nd wrote:
> Do not use IE, Mozilla and Opera are fine browsers and have fewer
> security problems.
>
> If you must use IE, set the security and other settings to stop
> scripts and set Outlook Express to stop previewing e-mails.
>
>
> "ZugZug" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed) om...
>> I found a vbs script that was inserted into my winnt\system32
>> directory called q.vbs. Apparently this file attempts to download
>> and launch a trojan. Even though I had NAV it never detected this
>> file
>> and I only noticed it because my software firewall warned me it was
>> attempting to go to the attached website.
>>
>> Apparently this vbs can be created through an html file. My
>> questions is...is there any way to stop these types of things from
>> downloading without disabling all of the scripting features in IE?
>> I can't
>> beleive that this is even allowed to be created in my Winnt\system32
>> directory!!!
>>
>> Does anyone have any suggestions on how this could be avoided?
>> Please no smart @ss answers about not using Windows and switching to
>> Linux.
>>
>> Thanks,
>> ZugZug


At the least in OE, set it up to read text only to deny the HTML access.

Q


 
Reply With Quote
 
Hairy One Kenobi
Guest
Posts: n/a
 
      01-24-2004
"ZugZug" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) om...
> I found a vbs script that was inserted into my winnt\system32
> directory called q.vbs. Apparently this file attempts to download and
> launch a trojan. Even though I had NAV it never detected this file
> and I only noticed it because my software firewall warned me it was
> attempting to go to the attached website.
>
> Apparently this vbs can be created through an html file. My questions
> is...is there any way to stop these types of things from downloading
> without disabling all of the scripting features in IE? I can't
> beleive that this is even allowed to be created in my Winnt\system32
> directory!!!
>
> Does anyone have any suggestions on how this could be avoided? Please
> no smart @ss answers about not using Windows and switching to Linux.


There are a few things you can do if you're prepared to play with the
configuration. Most likely vector IMHO - if you use it - is Outlook Express.

http://www.codecutters.org/outlook

For how to lock it down; if you regularly browse (ahem) potentially vicious
sites, then use the Zone concept for browsing as well. It's always been
there, but, as usual with things Mickeysoft, most people seem to ignore it.

--

Hairy One Kenobi

Disclaimer: the opinions expressed in this opinion do not necessarily
reflect the opinions of the highly-opinionated person expressing the opinion
in the first place. So there!


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Re: Module not found in script that was found incommand-line interpreter. Possible Path issue? Trent Mick Python 0 04-03-2008 05:54 PM
One File Found, the other Not Found ?!?!?! mcampo84@gmail.com Java 3 08-07-2006 09:49 PM
Re: Found.0001.CHK to Found.014.CHK folders pcbutts1 Computer Support 2 07-24-2005 01:13 PM
Re: Found.0001.CHK to Found.014.CHK folders pcbutts1 Computer Support 0 07-24-2005 12:08 PM
Namespace not found in aspx but IS found in code behind William Parker ASP .Net 1 06-27-2004 06:13 AM



Advertisments