There have been some 'changes' in the virus world since this was posted on the 2000/11/04, namely the virus(es) have become a whole lot nastier.
Here are a couple links which explain the virus(es), and provide the *best* means to avoid this virus and those like it.
ICSA.net - virus tracking system.
Setup Outlook & Outlook Express to run more securely.
The first site will give you information about what the "new" VBS virus is - "NewLove" - and the second site explains how to set up *any* version of Outlook and/or Outlook Express to defend against the exploit used. This fix is *safe* and will simply not allow viral activity in your email. Even if the "active content" that is becoming disabled via this resolution is *not* a virus, it opens up a great deal of privacy issues.
This *is* a big deal. The latest virus changes it's name, the subject line, the message body, and the actual effect of the virus itself while propogating - and *will* erase the contents of *every* *file* on your computer.
My resolution outlined below is still recommended - it will protect your computer from executing a VBS virus which has managed to get onto your computer by other avenues, such as downloading as part of a zip file, direct execution from your browser, or running it from within your IE cache.
With the recent advent of VBScript virii consuming the internet email space, many are plagued with little in the way of solutions. Anti-virus companies will continue to add certain heuristics to their updates, and the virus will continue to change their activities to avoid these changes.
As long as certain capabilities exist within Windows, you will be targeted as a Windows user. There have been many "solutions" to the VBScript attachment threat, from disabling Windows Scripting Host (Start > Settings > Control Panel > Add/Remove Programs > Windows Setup > (look for Windows Scripting Host) - not available on all Windows releases) to not accepting attachments of any kind within Outlook/Outlook Express. Most of these methods are *extreme* to be so far as unreasonable within the internet community. Others are difficult to implement, and could cause other applications to stop operating as they should (many typical Windows applications utilize Windows Scripting Host nowadays).
The current updates & patches from Windows Update provide some security, but only related to Outlook (not Outlook Express) and they do not provide security against files that have other means of finding themselves to your hard drive.
If you use an antivirus program, the update and more information can be found here.
My proposed solution is actually rather simple: change the default application action for VBS files to 'Edit' instead of 'Run'. This may not work for every system, but it is a reasonable attempt to try for resolution. It also handles *every* VBS file on your computer and treats them the same, placing the user in control - if you want to Run a VBS file, you need to indicate that by right clicking on the file and selecting "Run". Otherwise it will default to "Edit" mode, which is far less dangerous.
There is absolutely *no warranty*, express or implied for any content on this site. Any files you download or any actions you perform after reading any of this site are *At Your Own Risk* and neither I (Shawn K. Hall) nor any site, business, or individual associated with me will be held responsible if it does not work as described or otherwise does not suit your needs.
Below is the content of the file you can download. If you do not follow the directions to do this outlined below it will not work. This is an attempt to convince you to *read* what I'm explaining to you.
(If you'd like this registry info in a textbox instead (to more easily cut and paste) click here)
You may perform this fix by either of the following two methods:
If it opens notepad instead of adding the registry entries to the registry (you should have been prompted by a dialog box) then chances are it's not "really" a REG file. To fix that, open it up in notepad (probably by just doubleclicking on it) and do File > Save As...
Within the SaveAs window type the name again WITH QUOTES AROUND IT (ex: "VBS2Edit.reg"). The quotes will ensure that the file does not have Windows automatically assuming you were trying to edit a "TXT" file. Try double-clicking on the new file from Windows explorer. It should work correctly now.
Questions may be directed to me at Virus@RA. Please put "[VBSFix]" in the subject line so I know to what you are referring. I will attempt to address all email I receive, however I will not guarantee that you will receive an individual response.
To test this fix, click here for a simple message box VBScript file sample. If a message appears telling you that you are unsecure, then the fix has not worked for you. *Even if* you choose "Run from Current Location" it should open notepad to "edit" the file instead of actually running the file as an executeable!