Re: The Million Dollar Solution

[IanM () ADVANTAGEGROUP CO NZ (Ian Morrish)]

It is also possible that cscript.exe is the default open option for .vbs,
.js, .wsc, .vbe, .jse files (all of these extensions can cause the same
amount of damage).
Regards,
Ian
Senior Consultant | MSDN Regional Director
ADV E-Commerce    | Windows Script FAQ
Advantage Group   | http://www.windows-script.com

-----Original Message-----
From: Matthew Harmon [mailto:mharmon () PLAYBACKMEDIA COM]
Sent: Saturday, May 06, 2000 3:34 PM
To: VULN-DEV () SECURITYFOCUS COM
Subject: The Million Dollar Solution

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Everyone has been scrambling east and west, north and south trying to
find the answer to these VBS viruses, the answer is not eMail
filtering, it's not better firewalls, or failing members of the FBI
community.

It is a file called WScript.Exe

A batch (.BAT) file with these two lines will deal with this problem:

ren %SystemRoot%\system32\wscript.exe wscript.sav
ren c:\windows\wscript.exe wscript.sav

If you get rid of this engine, then all Visual Basic Scripts cannot be
run.

More information can be found about this file on the Microsoft
Knowledge Base.

I haven't seen this on BugTraq or Vuln-Dev yet, hope it helps you out!

Sincerely,
The Network Support Team of Playback Media, Inc.
Brent E. Wood, Mark Michini, Brian J. Foley, and Matthew J. Harmon

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.0.2i

iQA/AwUBOROR7mpCi4gyYzRmEQIDVwCgz9UQPypTMBJ37ZH9Qj3ftHR03/wAoLwB
sRoIyqHOIS2zShQfQKTAQun8
=qh2x
-----END PGP SIGNATURE-----