• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Nasty virus out there. I've only received seven copies, today.

H

Harvey

Administrator<br>Elite Member
You don't have to open any attachment to get this one. If you're not protected, looking at the e-mail is enough to bite you. This sucker is mean. It changes subject line with every transmission, and it grabs other names from the sender''s address book and places that name as the sender, so it does not appear to be from the same source.

This appears to be a VBS virus. Beyond keeping your AV software up to date, there is one other thing you can do -- Uninstall Windows Scripting Host.

The other name for Windows Scripting Host is Visual Basic Scripthosting -- VBS. Around 95% of all Windoze users will never encounter a need for it. Uninstalling it is easy, and it removes the mechanism these viruses use to do their dirty deed. This means, you can't get a VBS virus, even if the latest update for your AV software has not yet figured it out.

Here's a url with step-by-step instructions for doing it. This will take you to a selector for Win 95, 98, 2K and NT. For other versions, the slightly more techie way is to find the file, WSCRIPT.EXE, and delete it, or just rename it.

This is totally non-destructive. If you ever do need it, all that will happen is, you'll get an error message saying the system can't find it. If so, you have two options -- re-install it, which is just as easy as the uninstall, or find another application that does the same thing without Windows Scripting Host. The latter is obviously the preferred solution.

Good luck. 🙂

< Update >

Thx for the fix, Pulse8 😀
 
Thank you very much, Harvey. I never knew that the scripting host could be safely disabled.

Hope you were not too badly damaged by those seven copies.
 
Thanks for the heads up Harvey. I unistalled WSH a long time ago to save myself some possible grief. Funny you should link to F-Secure - I've been using their AV for years now.
 
GingerSynapse -- Thx. No, I wasn't damaged. I uninstalled Windoze Scripting Host a long time ago. It's just a pain in the ass to get a lot of them at once.

Five of the seven came from one of my clients, but I know at least one other company that does business with them who got it. As I said, they did not say they came from him, but the e-mail addy for a specific machine on his net appeared in the complete header, and looking at the source, I found the same block of code.

I have one other safety trick. I use Netscape mail, instead of Outlook. That also helps. 🙂

BTW, nice nick. 😀

franguinho -- Yes, it is. As I said, the worst that can happen is, you'll get an error message. It takes only a couple of seconds to do it and test as many of your programs as you think you need to, and get on with your life.
 
I think the easiest method would be to rename wscript.exe to wscript.old or something. If you ever need WSH again, just rename the file back to wscript.exe. Very easy.
 


<< Can you forward it to me? I would like to look at the code.
>>




yakko <---- hardcore???? crazy???? 😀

whatchu lookin' for?
 
Here in the South, VBS stands for "Vacation Bible School."

My kid got a virus there last year. No place is safe. 😀
 


<< Here in the South, VBS stands for "Vacation Bible School."

My kid got a virus there last year. No place is safe. 😀 >>



ROFL!!!! It's so true, too... VBS is a breeding ground for all sorts of nasty bacterium and viri... darn diseases.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top