"q.vbs" found in Winnt\system32

Discussion in 'Computer Security' started by ZugZug, Jan 24, 2004.

  1. ZugZug

    ZugZug Guest

    I found a vbs script that was inserted into my winnt\system32
    directory called q.vbs. Apparently this file attempts to download and
    launch a trojan. Even though I had NAV it never detected this file
    and I only noticed it because my software firewall warned me it was
    attempting to go to the attached website.

    Apparently this vbs can be created through an html file. My questions
    is...is there any way to stop these types of things from downloading
    without disabling all of the scripting features in IE? I can't
    beleive that this is even allowed to be created in my Winnt\system32
    directory!!!

    Does anyone have any suggestions on how this could be avoided? Please
    no smart @ss answers about not using Windows and switching to Linux.

    Thanks,
    ZugZug
     
    ZugZug, Jan 24, 2004
    #1
    1. Advertising

  2. ZugZug

    kulm_nd Guest

    Do not use IE, Mozilla and Opera are fine browsers and have fewer security
    problems.

    If you must use IE, set the security and other settings to stop scripts and
    set Outlook Express to stop previewing e-mails.

    --

    ************************************************

    g-w


    "ZugZug" <> wrote in message
    news:...
    > I found a vbs script that was inserted into my winnt\system32
    > directory called q.vbs. Apparently this file attempts to download and
    > launch a trojan. Even though I had NAV it never detected this file
    > and I only noticed it because my software firewall warned me it was
    > attempting to go to the attached website.
    >
    > Apparently this vbs can be created through an html file. My questions
    > is...is there any way to stop these types of things from downloading
    > without disabling all of the scripting features in IE? I can't
    > beleive that this is even allowed to be created in my Winnt\system32
    > directory!!!
    >
    > Does anyone have any suggestions on how this could be avoided? Please
    > no smart @ss answers about not using Windows and switching to Linux.
    >
    > Thanks,
    > ZugZug
     
    kulm_nd, Jan 24, 2004
    #2
    1. Advertising

  3. ZugZug

    Quaoar Guest

    kulm_nd wrote:
    > Do not use IE, Mozilla and Opera are fine browsers and have fewer
    > security problems.
    >
    > If you must use IE, set the security and other settings to stop
    > scripts and set Outlook Express to stop previewing e-mails.
    >
    >
    > "ZugZug" <> wrote in message
    > news:...
    >> I found a vbs script that was inserted into my winnt\system32
    >> directory called q.vbs. Apparently this file attempts to download
    >> and launch a trojan. Even though I had NAV it never detected this
    >> file
    >> and I only noticed it because my software firewall warned me it was
    >> attempting to go to the attached website.
    >>
    >> Apparently this vbs can be created through an html file. My
    >> questions is...is there any way to stop these types of things from
    >> downloading without disabling all of the scripting features in IE?
    >> I can't
    >> beleive that this is even allowed to be created in my Winnt\system32
    >> directory!!!
    >>
    >> Does anyone have any suggestions on how this could be avoided?
    >> Please no smart @ss answers about not using Windows and switching to
    >> Linux.
    >>
    >> Thanks,
    >> ZugZug


    At the least in OE, set it up to read text only to deny the HTML access.

    Q
     
    Quaoar, Jan 24, 2004
    #3
  4. "ZugZug" <> wrote in message
    news:...
    > I found a vbs script that was inserted into my winnt\system32
    > directory called q.vbs. Apparently this file attempts to download and
    > launch a trojan. Even though I had NAV it never detected this file
    > and I only noticed it because my software firewall warned me it was
    > attempting to go to the attached website.
    >
    > Apparently this vbs can be created through an html file. My questions
    > is...is there any way to stop these types of things from downloading
    > without disabling all of the scripting features in IE? I can't
    > beleive that this is even allowed to be created in my Winnt\system32
    > directory!!!
    >
    > Does anyone have any suggestions on how this could be avoided? Please
    > no smart @ss answers about not using Windows and switching to Linux.


    There are a few things you can do if you're prepared to play with the
    configuration. Most likely vector IMHO - if you use it - is Outlook Express.

    http://www.codecutters.org/outlook

    For how to lock it down; if you regularly browse (ahem) potentially vicious
    sites, then use the Zone concept for browsing as well. It's always been
    there, but, as usual with things Mickeysoft, most people seem to ignore it.

    --

    Hairy One Kenobi

    Disclaimer: the opinions expressed in this opinion do not necessarily
    reflect the opinions of the highly-opinionated person expressing the opinion
    in the first place. So there!
     
    Hairy One Kenobi, Jan 24, 2004
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Replies:
    1
    Views:
    14,078
    garethb
    Dec 11, 2005
  2. John H. Guillory

    VBS.Illen maybe

    John H. Guillory, Dec 3, 2003, in forum: Computer Support
    Replies:
    1
    Views:
    762
    °Mike°
    Dec 3, 2003
  3. Alasdair Baxter

    C:\WINNT\System32

    Alasdair Baxter, Nov 7, 2004, in forum: Computer Support
    Replies:
    11
    Views:
    4,736
  4. dleve50
    Replies:
    0
    Views:
    505
    dleve50
    Apr 29, 2005
  5. VBS script to backup Cisco configs

    , Dec 1, 2005, in forum: Computer Support
    Replies:
    3
    Views:
    1,529
    garethb
    Dec 11, 2005
Loading...

Share This Page