-
April 22nd, 2003, 09:53 PM
#11
If you got it off of Mirc, it sounds to me like an script that adds features like port scans, cloning, dos attacks, etc. That is why McAfee is picking it up as a malicious script. It may not be harmful to your box, but the things that it does throws up a red flag. I have seen this alot with custom scripts....try to unload it from Mirc...Good luck....
"It is a shame that stupidity is not painful" - Anton LaVey
-
April 22nd, 2003, 10:14 PM
#12
like my good man bballad said
i don't have any .vbs files on my winbox(work)...
i don't run windows at home, and am not too familiar with newer (NT) window's versions...
i take back my statement about deleting the .vbs files (although would work for me) and apologize if any-one followed my advise and deleted something important...
you didn't have to be so mean about it
When you connect to your ISP, you are potentially opening your computer to the world. There are \'naughty people\' out there who enjoy breaking into other people\'s computers. Give some thought to the security of your computer...
http://www.AntiOnline.com/sig.php?imageid=360
-
April 22nd, 2003, 11:10 PM
#13
Originally posted here by bballad
Two points on this.
Your advice would not work for a 9x box
I have used vbscript to automate some administrative tasks..besides the scripts I have writen and some siteserver stuff I have never seen a .vbs file that I couldn't get rid of.
All you have to do for 9x is remove the *.vbs file association from the WSH executable. Problem solved, and that can be done on any winhoes box.
And you're a fool if you think it's ok just to haphazardly delete script files.
o.k. I know a few of you simpletons negged me for my post, with whiney bitch like excuses such as: "im a newbie, give me a break" well thats all fine and good, but what you don't understand is when you talk out of your ass, and spread WRONG information, you do more harm than good. Now kindly go die.
quad=neg, again quad=neg you got it yet?? Plus "now kindly go die" thats not very helpful, you should have specified this post as hidden.
AHAHAHAHAHHAHAAHHA!!!!
you=blow me, again you=stupid ignorant ******* you got it yet?? Plus "You can swallow while you're at it" Is that more helpful, should I have specified this as hidden?
-
April 23rd, 2003, 03:58 AM
#14
I'll try looking around in the regesitry and see if anything looks funny there, and post it. One thing about this that puzzles me is that I can connect to my DSL when the first little box pops up but after I press ok I am not able to connect anymore.
I tried searching around a little bit for the source of the script but couldn't find it. I'll try to post what I find again tomorrow, but its farming season over here and I've been working 12 hour days. Thanks for all the help
-
April 24th, 2003, 01:55 AM
#15
I did what I should of done in the first place. I went to the command prompt and type in dir *.vbs and it found the script file. It was named NAKTT89.VBS. I tried to open it to look at the source, and when I did that Mcaffe then found it and asked me if I wanted to delete, clean etc. So I deleted it. Finally its over. Thanks for the help.
BTW the website I posted I put a instead of cacing-crew-du.ru. its www.cacing-crew.da.ru.
-
April 24th, 2003, 03:06 AM
#16
You know what might help you as well, is using software to deter future VB script attacks as well. I currently have TCMonitor(monitors registry for any changes), TCActive!(All Active processess running on your computer) and ScriptSentry(runs with associated files to check for malicous VB script).
ScriptSentry download here
(under Security Tools)
-and-
The Cleaner, TCActive and TCMonitor download here
Task List Website
this website accompanies TCActive! very well, it lists many running tasks on your computer and what they do and/or if they are essential or not.
The object of war is not to die for your country but to make the other bastard die for his - George Patton
-
April 24th, 2003, 12:12 PM
#17
Junior Member
I use this programme to prevent unwanted vbs scripts
http://home.earthlink.net/~doniteli/index46.htm
Try Spybot. It picks up things Mcafee misses.
www.security.krolla.de.
-
April 24th, 2003, 03:27 PM
#18
Originally posted here by Quad
All you have to do for 9x is remove the *.vbs file association from the WSH executable. Problem solved, and that can be done on any winhoes box.
And you're a fool if you think it's ok just to haphazardly delete script files.
?
humm considering that microsoft recomends turning off scripting unless you are activly hum considering that Microsoft recommends turning off scripting unless you are actively writing your own scripts I doubt there are any scripts on a home system that you can't delete. Note that the only program I have seen that needs some scripts is site server and that is to format log output. Remember a .vbs file is basically a beefed up .bat file, they are not real programs, and basically not needed at all. So yes go delete them unless you are actively using them.
By turning off the script accosiation form the script engin you have basicly deleted them as they are worthless without the scripting engin.
-
April 24th, 2003, 03:30 PM
#19
... If you are not on a big network, and no one else is using you machine- then it's a safe bet you don't need any VisualBasic scripts...
thanks for explaining... bballad
When you connect to your ISP, you are potentially opening your computer to the world. There are \'naughty people\' out there who enjoy breaking into other people\'s computers. Give some thought to the security of your computer...
http://www.AntiOnline.com/sig.php?imageid=360
-
April 24th, 2003, 05:07 PM
#20
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|