Reliable Answers - News and Commentary

Visual Basic Scripting "Fix"

For Virus Fear


UPDATE:

Hello everyone,

There have been some 'changes' in the virus world since this was posted on the 2000/11/04, namely the virus(es) have become a whole lot nastier.

Here are a couple links which explain the virus(es), and provide the *best* means to avoid this virus and those like it.

ICSA.net - virus tracking system.

Setup Outlook & Outlook Express to run more securely.

The first site will give you information about what the "new" VBS virus is - "NewLove" - and the second site explains how to set up *any* version of Outlook and/or Outlook Express to defend against the exploit used. This fix is *safe* and will simply not allow viral activity in your email. Even if the "active content" that is becoming disabled via this resolution is *not* a virus, it opens up a great deal of privacy issues.

This *is* a big deal. The latest virus changes it's name, the subject line, the message body, and the actual effect of the virus itself while propogating - and *will* erase the contents of *every* *file* on your computer.

My resolution outlined below is still recommended - it will protect your computer from executing a VBS virus which has managed to get onto your computer by other avenues, such as downloading as part of a zip file, direct execution from your browser, or running it from within your IE cache.

Regards,

Shawn


With the recent advent of VBScript virii consuming the internet email space, many are plagued with little in the way of solutions. Anti-virus companies will continue to add certain heuristics to their updates, and the virus will continue to change their activities to avoid these changes.

As long as certain capabilities exist within Windows, you will be targeted as a Windows user. There have been many "solutions" to the VBScript attachment threat, from disabling Windows Scripting Host (Start > Settings > Control Panel > Add/Remove Programs > Windows Setup > (look for Windows Scripting Host) - not available on all Windows releases) to not accepting attachments of any kind within Outlook/Outlook Express. Most of these methods are *extreme* to be so far as unreasonable within the internet community. Others are difficult to implement, and could cause other applications to stop operating as they should (many typical Windows applications utilize Windows Scripting Host nowadays).

The current updates & patches from Windows Update provide some security, but only related to Outlook (not Outlook Express) and they do not provide security against files that have other means of finding themselves to your hard drive.

If you use an antivirus program, the update and more information can be found here.

My proposed solution is actually rather simple: change the default application action for VBS files to 'Edit' instead of 'Run'. This may not work for every system, but it is a reasonable attempt to try for resolution. It also handles *every* VBS file on your computer and treats them the same, placing the user in control - if you want to Run a VBS file, you need to indicate that by right clicking on the file and selecting "Run". Otherwise it will default to "Edit" mode, which is far less dangerous.


There is absolutely *no warranty*, express or implied for any content on this site. Any files you download or any actions you perform after reading any of this site are *At Your Own Risk* and neither I (Shawn K. Hall) nor any site, business, or individual associated with me will be held responsible if it does not work as described or otherwise does not suit your needs.

Below is the content of the file you can download. If you do not follow the directions to do this outlined below it will not work. This is an attempt to convince you to *read* what I'm explaining to you.


The Fix:

(If you'd like this registry info in a textbox instead (to more easily cut and paste) click here)

REGEDIT4

[HKEY_CLASSES_ROOT\.VBS]
@="VBSFile"

[HKEY_CLASSES_ROOT\VBSFile]
@="VBScript File"
"EditFlags"=hex:00,00,00,00

[HKEY_CLASSES_ROOT\VBSFile\Shell]
@="Edit"

[HKEY_CLASSES_ROOT\VBSFile\Shell\Edit]
@="&Edit"

[HKEY_CLASSES_ROOT\VBSFile\Shell\Edit\Command]
@="Notepad.exe %1"
[HKEY_CLASSES_ROOT\.VBE]
@="VBEFile"

[HKEY_CLASSES_ROOT\VBEFile]
@="VBScript Encoded File"
"EditFlags"=hex:00,00,00,00

[HKEY_CLASSES_ROOT\VBEFile\Shell]
@="Edit"

[HKEY_CLASSES_ROOT\VBEFile\Shell\Edit]
@="&Edit"

[HKEY_CLASSES_ROOT\VBEFile\Shell\Edit\Command]
@="Notepad.exe %1"



You may perform this fix by either of the following two methods:


Download:
  1. Click the following link: VBS2Edit.reg.txt (If it opens up in your browser you may need to right click on the link and use "Save As")
  2. The file will probably be downloaded somewhere to your computer. If it prompts you what to do with the file, select "Save File" and find a place on your computer to put it.
  3. Before you can *run* it you have to rename it to "VBS2Edit.reg". (If you don't know how to rename a file, you should find someone who does to perform this fix. I don't want anyone to do *anything* - *ever* - just because a website told them to.)
  4. Now you can double-click on it to add the changes to the registry.
  5. It is not necessary to reboot your computer.

Copy And Paste:
  1. Open Notepad ( Start > Programs > Accessories > Notepad )
  2. Copy the contents above in the yellow box and paste into the notepad window.
  3. Save the file with a REG extension.
  4. Now you can double-click on it to add the changes to the registry.
  5. It is not necessary to reboot your computer.

If it doesn't work:


If it opens notepad instead of adding the registry entries to the registry (you should have been prompted by a dialog box) then chances are it's not "really" a REG file. To fix that, open it up in notepad (probably by just doubleclicking on it) and do File > Save As...

Within the SaveAs window type the name again WITH QUOTES AROUND IT (ex: "VBS2Edit.reg"). The quotes will ensure that the file does not have Windows automatically assuming you were trying to edit a "TXT" file. Try double-clicking on the new file from Windows explorer. It should work correctly now.

Questions may be directed to me at Virus@RA. Please put "[VBSFix]" in the subject line so I know to what you are referring. I will attempt to address all email I receive, however I will not guarantee that you will receive an individual response.


To test this fix, click here for a simple message box VBScript file sample. If a message appears telling you that you are unsecure, then the fix has not worked for you. *Even if* you choose "Run from Current Location" it should open notepad to "edit" the file instead of actually running the file as an executeable!

Carschooling by Diane Flynn Keith
Carschooling

Take me to the top

Reliable Answers.com does not endorse any Google advertisers, these ads are managed by Google. They are here to pay for hosting expenses. If you notice an inappropriate ad, please contact Shawn with the domain of the offensive advertiser.


Take me to the top

We invite you
to visit:

Professional Web Hosting and Design Services: 12 Point Design Local Homeschool provides the most up-to-date support group listings in a geographical and searchable index Budget Homeschool Kidjacked -- To seize control of a child, by use of force SaferPC dispels security misunderstandings and provides you with a solid understanding of viruses and computer security Reliable Answers - developer information, current news, human interest and legislative news Twain Harte Times - Twain Harte, CA - The closest you can get to Heaven on Earth Cranial Laser & Neurolymphatic Release Techniques (CLNRT) - Experience dramatic pain reduction At Summit Chiropractic our mission is to improve your quality of life - We know that health is much more than just not feeling pain Visit UniveralPreschool.com to learn about your preschool options.
Reliable Answers.com/virus/vbs.asp
Google