A bit late to the party, but it might prove useful ! My recommdations to help prevent this, & what i've had in place for Years Use a Script blocker/prompter to intercept scripts. Disable WScript.exe & CScript.exe Use an AntiEXE to block/prompt regsvr32.exe & regedit32.exe & cmd.exe