Computer Security - "q.vbs" found in Winnt\system32

01-24-2004, 04:27 AM

I found a vbs script that was inserted into my winnt\system32
directory called q.vbs. Apparently this file attempts to download and
launch a trojan. Even though I had NAV it never detected this file
and I only noticed it because my software firewall warned me it was
attempting to go to the attached website.

Apparently this vbs can be created through an html file. My questions
is...is there any way to stop these types of things from downloading
without disabling all of the scripting features in IE? I can't
beleive that this is even allowed to be created in my Winnt\system32
directory!!!

Does anyone have any suggestions on how this could be avoided? Please
no smart @ss answers about not using Windows and switching to Linux.

Thanks,
ZugZug

ZugZug

01-24-2004, 05:58 AM

Do not use IE, Mozilla and Opera are fine browsers and have fewer security
problems.

If you must use IE, set the security and other settings to stop scripts and
set Outlook Express to stop previewing e-mails.

--

************************************************

g-w

"ZugZug" <> wrote in message
news: om...
> I found a vbs script that was inserted into my winnt\system32
> directory called q.vbs. Apparently this file attempts to download and
> launch a trojan. Even though I had NAV it never detected this file
> and I only noticed it because my software firewall warned me it was
> attempting to go to the attached website.
>
> Apparently this vbs can be created through an html file. My questions
> is...is there any way to stop these types of things from downloading
> without disabling all of the scripting features in IE? I can't
> beleive that this is even allowed to be created in my Winnt\system32
> directory!!!
>
> Does anyone have any suggestions on how this could be avoided? Please
> no smart @ss answers about not using Windows and switching to Linux.
>
> Thanks,
> ZugZug

01-24-2004, 07:08 AM

kulm_nd wrote:
> Do not use IE, Mozilla and Opera are fine browsers and have fewer
> security problems.
>
> If you must use IE, set the security and other settings to stop
> scripts and set Outlook Express to stop previewing e-mails.
>
>
> "ZugZug" <> wrote in message
> news: om...
>> I found a vbs script that was inserted into my winnt\system32
>> directory called q.vbs. Apparently this file attempts to download
>> and launch a trojan. Even though I had NAV it never detected this
>> file
>> and I only noticed it because my software firewall warned me it was
>> attempting to go to the attached website.
>>
>> Apparently this vbs can be created through an html file. My
>> questions is...is there any way to stop these types of things from
>> downloading without disabling all of the scripting features in IE?
>> I can't
>> beleive that this is even allowed to be created in my Winnt\system32
>> directory!!!
>>
>> Does anyone have any suggestions on how this could be avoided?
>> Please no smart @ss answers about not using Windows and switching to
>> Linux.
>>
>> Thanks,
>> ZugZug

At the least in OE, set it up to read text only to deny the HTML access.

Q

01-24-2004, 09:56 AM

"ZugZug" <> wrote in message
news: om...
> I found a vbs script that was inserted into my winnt\system32
> directory called q.vbs. Apparently this file attempts to download and
> launch a trojan. Even though I had NAV it never detected this file
> and I only noticed it because my software firewall warned me it was
> attempting to go to the attached website.
>
> Apparently this vbs can be created through an html file. My questions
> is...is there any way to stop these types of things from downloading
> without disabling all of the scripting features in IE? I can't
> beleive that this is even allowed to be created in my Winnt\system32
> directory!!!
>
> Does anyone have any suggestions on how this could be avoided? Please
> no smart @ss answers about not using Windows and switching to Linux.

There are a few things you can do if you're prepared to play with the
configuration. Most likely vector IMHO - if you use it - is Outlook Express.

http://www.codecutters.org/outlook

For how to lock it down; if you regularly browse (ahem) potentially vicious
sites, then use the Zone concept for browsing as well. It's always been
there, but, as usual with things Mickeysoft, most people seem to ignore it.

--

Hairy One Kenobi

Disclaimer: the opinions expressed in this opinion do not necessarily
reflect the opinions of the highly-opinionated person expressing the opinion
in the first place. So there!

01-24-2004, 05:58 AM	#2
kulm_nd Posts: n/a	Re: "q.vbs" found in Winnt\system32 Do not use IE, Mozilla and Opera are fine browsers and have fewer security problems. If you must use IE, set the security and other settings to stop scripts and set Outlook Express to stop previewing e-mails. -- ************************************************ g-w "ZugZug" <> wrote in message news: om... > I found a vbs script that was inserted into my winnt\system32 > directory called q.vbs. Apparently this file attempts to download and > launch a trojan. Even though I had NAV it never detected this file > and I only noticed it because my software firewall warned me it was > attempting to go to the attached website. > > Apparently this vbs can be created through an html file. My questions > is...is there any way to stop these types of things from downloading > without disabling all of the scripting features in IE? I can't > beleive that this is even allowed to be created in my Winnt\system32 > directory!!! > > Does anyone have any suggestions on how this could be avoided? Please > no smart @ss answers about not using Windows and switching to Linux. > > Thanks, > ZugZug

01-24-2004, 07:08 AM	#3
Quaoar Posts: n/a	Re: "q.vbs" found in Winnt\system32 kulm_nd wrote: > Do not use IE, Mozilla and Opera are fine browsers and have fewer > security problems. > > If you must use IE, set the security and other settings to stop > scripts and set Outlook Express to stop previewing e-mails. > > > "ZugZug" <> wrote in message > news: om... >> I found a vbs script that was inserted into my winnt\system32 >> directory called q.vbs. Apparently this file attempts to download >> and launch a trojan. Even though I had NAV it never detected this >> file >> and I only noticed it because my software firewall warned me it was >> attempting to go to the attached website. >> >> Apparently this vbs can be created through an html file. My >> questions is...is there any way to stop these types of things from >> downloading without disabling all of the scripting features in IE? >> I can't >> beleive that this is even allowed to be created in my Winnt\system32 >> directory!!! >> >> Does anyone have any suggestions on how this could be avoided? >> Please no smart @ss answers about not using Windows and switching to >> Linux. >> >> Thanks, >> ZugZug At the least in OE, set it up to read text only to deny the HTML access. Q

01-24-2004, 09:56 AM	#4
Hairy One Kenobi Posts: n/a	Re: "q.vbs" found in Winnt\system32 "ZugZug" <> wrote in message news: om... > I found a vbs script that was inserted into my winnt\system32 > directory called q.vbs. Apparently this file attempts to download and > launch a trojan. Even though I had NAV it never detected this file > and I only noticed it because my software firewall warned me it was > attempting to go to the attached website. > > Apparently this vbs can be created through an html file. My questions > is...is there any way to stop these types of things from downloading > without disabling all of the scripting features in IE? I can't > beleive that this is even allowed to be created in my Winnt\system32 > directory!!! > > Does anyone have any suggestions on how this could be avoided? Please > no smart @ss answers about not using Windows and switching to Linux. There are a few things you can do if you're prepared to play with the configuration. Most likely vector IMHO - if you use it - is Outlook Express. http://www.codecutters.org/outlook For how to lock it down; if you regularly browse (ahem) potentially vicious sites, then use the Zone concept for browsing as well. It's always been there, but, as usual with things Mickeysoft, most people seem to ignore it. -- Hairy One Kenobi Disclaimer: the opinions expressed in this opinion do not necessarily reflect the opinions of the highly-opinionated person expressing the opinion in the first place. So there!

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search

01-24-2004, 04:27 AM	#1
	"q.vbs" found in Winnt\system32 I found a vbs script that was inserted into my winnt\system32 directory called q.vbs. Apparently this file attempts to download and launch a trojan. Even though I had NAV it never detected this file and I only noticed it because my software firewall warned me it was attempting to go to the attached website. Apparently this vbs can be created through an html file. My questions is...is there any way to stop these types of things from downloading without disabling all of the scripting features in IE? I can't beleive that this is even allowed to be created in my Winnt\system32 directory!!! Does anyone have any suggestions on how this could be avoided? Please no smart @ss answers about not using Windows and switching to Linux. Thanks, ZugZug ZugZug