Windows IT Pro is the authoritative and independent resource for windows nt, windows 2000, windows 2003, windows xp. Features a collection of resources and magazines for windows IT professionals.
  
  
  Advanced Search 


March 2001

VBScript Viruses

From the March 2001 Edition
of Windows IT Pro
Readers
Reader to Reader
InstantDoc #19914
Windows IT Pro
Email this Article
Printer Friendly
Reader Comments
Digg This
Del.icio.us
RSS
Subscribe to Windows IT Pro | See More Antivirus Articles Here | Reprints | Or get the Monthly Online Pass—only $5.95 a month!

Download the Code Here

In 2000, many new viruses emerged as scripts written in VBScript; the most famous was the VBS.LoveLetter virus. Replication of these viruses resulted mostly from unknowing users executing the virus by double-clicking infected files. Most users don't need to run such scripts, so one way to safeguard against viruses is to remove the ability to execute the scripts by eliminating the file association for VBScript (.vbs) files from users' computers. Actually, few users need to run several other executable file types, including VBScript Encoded (.vbe) files, JScript (.js) files, JScript Encoded (.jse) files, and Shell Scrap (.shs) files. However, although removing the file association will prevent double-click execution, users might be confused when they're prompted to select the program they want the system to use to run the file. A better solution is to modify file extensions so that double-clicking results in an explanatory message.

Listing 1 shows a registry file that implements this solution. This script associates .vbs, .vbe, .js, .jse, .and .shs with a file type called PossibleVirus and creates new file extensions: .vbs!, .vbe!, .js!, .jse!, and .shs!. The script associates the new file extensions with the original file types. By default, the PossibleVirus file type causes the system to open Notepad to a text file on the file server (i.e., VirusWarning.txt in Listing 1). Listing 2 shows an example text file. Right-clicking one of the new file types lets users open the file in Notepad or print the file. These options let knowledgeable users and support technicians analyze the file without spreading a virus.

In Listing 1, modify the line that lists VirusWarning.txt; replace Server and Share with the name of the server and share on which you store VirusWarning.txt. Because of the way regedit works, you must leave double backslashes in Listing 1. Save the script as VirExt.Reg, and double-click the file. When prompted about whether you want to add the information to the registry, click Yes. Save Listing 2 as a text file named VirusWarning.txt to the location you specified in Listing 1.

Then, when the Help desk gets a call from a user who received the warning message, the Help desk examines the file. If it's virus-free and the user needs to access it, the Help desk renames the file by adding an exclamation point to the end of the file extension. Then, the user can execute the file by double-clicking it.

—Chris Taylor
ctaylor@nrcan.gc.ca

End of Article

Reader Comments

You must log on before posting a comment.

If you don't have a username & password, please register now.




Top Viewed ArticlesView all articles
PsExec

This freeware utility lets you execute processes on a remote system and redirect output to the local system. ...

Command Prompt Tricks

One reader shares his tip for setting up the command prompt to reflect a remote path. ...

How can I stop and start services from the command line?

...
Windows OSs Whitepapers Why SaaS is the Right Solution for Log Management
Related Events How IE7 & The New Extended Validation SSL Certificates Impact Your Site

Check out our list of Free Email Newsletters!
Windows OSs eBooks Understanding and Leveraging Code Signing Technologies

A Guide to Windows Certification and Public Keys

SQL Server Administration for Oracle DBAs
Related Windows OSs Resources Become a VIP member of the Windows IT Pro community!
Get it all with the VIP CD and VIP access. A $500+ value for only $279!

Subscribe to Windows IT Pro!
Solve your toughest technical problems with our experts and access 10,000 + articles online. 30% off

Monthly Online Pass - Only $5.95!
Get instant access to 10,000+ articles from Windows IT Pro Magazine!

TechNet Virtual Labs
Evaluate and test Microsoft's newest products.



ADS BY GOOGLE

Job Openings in IT SPONSORED LINKS FEATURED LINKS
Register for Orion NPM v9 - Evaluation
Affordable, easy-to-use network performance management with SolarWinds Orion – Free Trial!

Want a Hardware-Independent Image?
Binary Research, the Ghost people, shows you how to clone with 1!

Order Your Fundamentals CD Today!
Register today for your in-depth copy of one of three Fundamental CDs on the following topics – Exchange, SQL, and SharePoint.
Windows IT Pro Home Register FAQ for Windows WinInfo News
Europe Edition About Us Contact Us/Customer Service Media Kit Affiliates / Licensing  
SQL Server Magazine Office & SharePoint Pro Windows Dev Pro IT Job Hound ITTV
IT Library Technology Resource Directory Connected Home Windows Excavator Windows SuperSite 
 
 Windows IT Pro is a Division of Penton Media Inc.
 Copyright © 2008 Penton Media, Inc., All rights reserved. Terms and Use | Privacy Statement | Reprints and Licensing