I shut off my windows scripting host the day I heard about the latest "Microhole enabled" virus (better known as "I love you" virus). Like Melissa, it exploits a hole that Microsoft STILL HASN'T FIXED...it will happen again (already has).

To shutoff the Windows Scripting Host, here's the info from ZDNET: http://www.zdnet.com/zdhelp/stories/main/0,5594,2562032-1,00.html ------ Four, it is strongly recommended that if you do not use Visual Basic scripting in the course of your work day, you should turn this option off. To do so:

click on Settings

click on Add/Remove

click on the Windows Setup tab

click on Accessories to obtain the details

uncheck Windows Scripting Host if it is checked

click "ok" to save any changes

-- FactFinder (FactFinder@bzn.com), May 07, 2000

Answers

cool -- I never loaded it. Thanks FF.

-- (doomerstomper@usa.net), May 07, 2000.

Yup, this is a good idea for the "average user" and it gets my 100% support.

Those of that do use VBS should be smart enough to not run an attachment unless we know what it is. Right... ??? ... ??? ... ???

PS - And I don't care if you do love me, FactFinder...

-- Sysman (y2kboard@yahoo.com), May 07, 2000.

Another thing that most users don't seem to know about it QuickView. If you're using Win 98, you can right click on any attachment and open it with QuickView. This doesn't actually open the file but just gives you a formatted view - nothing can run that could cause a problem. It's an easy way to see if the contents are legit before opening the file.

-- Jim Cooke (JJCooke@yahoo.com), May 08, 2000.

Good point Jim, if you do use Exchange. But keep in mind that this stuff can can hit you even if you don't use Exchange. An "E-mail" virus may take advantage of your address book if you are an Exchange user, but it does it's damage to anybody that downloads it, even if it's from something like Yahoo mail! And you can't QuickView a Yahoo attachment.

The best thing, IMHO, is to not look at an attachment, unless you are expecting it.

While it is true that things like a .JPG or .GIF or .TXT attachment can't yet do any damage, the guy that did ILOVEYOU was a wiseguy. If you looked at the properties of the attachment, it says ILOVEYOU.TXT.vbs . If you didn't look real close at the LOWER- CASE .vbs, and ASSUMED (and we all know how to spell that) it was a .TXT file (in upper case), you were screwed...

Some peoples kids...

<:)=

-- Sysman (y2kboard@yahoo.com), May 08, 2000.

for those who need a visual aid to shut off Windows Scripting Host...

http://www.f-secure.com/virus-info/u-vbs/uninstall-vbs.html

-- Lynn Ratcliffe (mcgrew@ntr.net), May 08, 2000.

Article on supervirus

-- viewer (justp@ssing.by), May 08, 2000.

Sysman:

Good point about things like Yahoo attachments. You don't need to be on Exchange for QuickView though - anyone using the Internet Only version of Outlook or Outlook Express can use it.

Have you seen the latest variation of this worm? Whoever is sending it has modified the filename to be something like LoveLetter.TXT .vbs. By using spaces in the filename, it moves the VBS extension out so far that it looks like a normal text file when viewing the icon in the e-mail message.

Those scamps :^)

-- Jim Cooke (JJCooke@yahoo.com), May 08, 2000.

I have a Mac. Everytime there is a virus, I sing the melody of the song...Get a job,.....and say get a Mac, ta da da da da, da, da da da da da, get a Mac....!

-- ... (...@...com), May 08, 2000.

Thanks for the information. I know that my case of infection is my fault and is my repsonsibility. I was screwing around with a file I was suspicious of instead of deleting it and I got nailed. I was very interested in the issues Mr. Cooke raised in the other thread regading questions to ask systems people about firewall and virus protection. We have not been happy with our vendor and any tips that you post regarding system protection/firewalls would be greatly appreciated. You can skip the tip of not letting morons use the system as I believe I have learned that one.

Thanks again for the post.

-- Monkey Spanker (spanking@way.com), May 08, 2000.

Monkey:

I can't understand how you could have gotten this worm by simply moving the e-mail to another directory. I'm assuming that you you don't have your e-mail set to auto-execute files. The only way for this to infect your computer would be to execute the file.

I don't know what type of e-mail system you're on but most can be set to scan incoming messages for certain file extensions and then delete those files before it ever gets to a user. VBS is a good example of a file type that should never be let through a firewall since there is almost never a reason a nonprogrammer would ever need a Visual Basic Script file. On Exchange systems I've run I usually also whack DLL and VBA files since they aren't likely to be included with legitimate e-mails. Turning off VB scripting was also standard procedure.

-- Jim Cooke (JJCooke@yahoo.com), May 08, 2000.

I reviewed my post and see I left out a critical part. While pondering this e-mail i got inspired to move it into quarintine. During this pondering I had moved my mouse over the attachment icon and when I went move it I spazzed out and clicked on the icon. the rest is history. i told you morons should not be allowed to use these machines.

I have no idea how our e-mail system is set up but i am going to discuss this with our in house computer man. He is not a true systems administrator but he knows more about it than anyone else in the office. i will let him take up some of this stuff with our vendor.

I know this type of thing is irritating to professionals but this virus has hit hard in our town. this is because the e-mail came from our director of the chamber of commerce who has an e-mail database of all members. this is a small town so the members could probably cover every e-mail address in town in their address books. As someone said on another thread it would not be uncommon for most of us to see who the message was from, figure it was a joke or something and there you go. The only reason I even thought about it was I had heard that the chamber had been hit with the happy park? virus before I had been added to their e-mail list.

sorry this response is so long but i wanted to confess my fuck up completely and explain how more casual users fall into this stuff. i may come back tomorrow and request more information. thank you for your response.

oh by the way I checked my settings and turned off the script writing. thanks for that info. the system at work uses windows 95 can you do the same thing there. i will check for a response tomorrow.

-- Monkey Spanker (spanking@way.com), May 08, 2000.

Monkey:

OK, it now makes sense how you became infected. Don't be too hard on yourself - I've opened many a file I meant to move or delete and, so far, I just haven't done this to a "bad" file. That's why the advice is to not even fool with these types of e-mails and to just delete them.

You can turn off VB scripting in Win 95 using the same instructions provided for Win 98. Assuming that you are using either Outlook or Outlook Express for e-mail, don't forget the QuickView option for viewing files before opening. If you get in the habit of using QuickView you'll eliminate some potential problems before they happen.

As a matter of policy, I tell people that I won't accept a file attachment without a separate e-mail telling me the filename and reason for sending the file. This stops the problem of of worms sending e-mails from people you know and you then assuming the file must be OK. If there's no separate e-mail from the same person sending the attachment, the e-mail gets whacked. I've had a few people get annoyed with this but, in 20 years of using computers, I've never had a virus, so I think it's a good policy.

-- Jim Cooke (JJCooke@yahoo.com), May 08, 2000.

Hi Jim,

Sorry about that. I meant to say Outlook, not Exchange. I posted that late last night, after spending many hours doing yard work in the 90+ degree heat here in NJ. I think I had a mild case of heat stroke...

Em-bare-assed grin...

<:)=

-- Sysman (y2kboard@yahoo.com), May 08, 2000.