Script Defender problem

Discussion in 'other security issues & news' started by Rasheed187, Jul 19, 2004.

Thread Status:
Not open for further replies.
  1. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,038
    Location:
    The Netherlands
    About the scriptdefender app, I removed the monitoring of files and then removed the app, but now I can't open any vbs files anymore! What do I need to delete to remove the protection? TIA!
     
  2. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,038
    Location:
    The Netherlands
    No one with a solution?! Please, I need help AnalogX isn't helping me either! The problem is that the protection from executing certain file extensions hasn't been removed, there has to be way to do this. So now I can't open vbs (and other) files anymore.

    This is what I get to see when I try to open a vbs file, seems like the extensions are still being associated with Script Defender even though I removed protection and the app! :(

    http://img50.exs.cx/img50/9700/ScreenShot067.gif
     
  3. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,773
    Location:
    Texas

    Did you reinstall Script Defender? That's what I would try until I could figure out how to restore my file associations.
     
  4. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,350
    Location:
    The Netherlands
    Tell me what operating system you are running, and I'll post a regfile that will restore the default file associations for vbs files.
     
  5. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,038
    Location:
    The Netherlands
    Yes I did reinstall the app and agian removed the protection, but it didn't work! I'm sorry to say but this Script Defender app sure is a peace of crap! The reason I checked it out is because HTAStop doesn't give any feedback if it is working or not.

    TonyKlein, can you perhaps tell me where to look at in the registry to solve this problem, I should know these things. Strange thing is that vbs files are still being associated with Scriptrap according to my OS. Anyone knows about another app which blocks these scriptfiles, but doesn't work as crappy as SD?

    And if you make the regfile make sure it covers the following files please: VBS,.VBE,.JS,.JSE,.HTA,.WSF,.WSH,.SHS,.SHB, I use Windows 98 SE, see my signature. ;)
     
  6. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,350
    Location:
    The Netherlands
    Copy the text inside the quote box to Notepad, and save in a location of your choice as vbs.reg (make sure you save as type: 'all files')

    Doubleclick Vbs.reg, and answer yes when prompted to add its contents to the Registry.




    Reboot, and test your system
     
  7. Robyn

    Robyn Registered Member

    Joined:
    Feb 1, 2004
    Posts:
    1,189
    Script Defender caused me more problems too (XP). I could not even access the services or add to IESpyad! I managed to get the access back with a mixture of reinstall and a roll back of my computer but I know I will not be installing this when I re-format. Even when you think you have uninstalled I wonder if it does leave the registry back as it was. I still do not know if it has mixed anything else up.
     
  8. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    spybot and adaware pick these up when SD is installed on my computer,i think you need to put them in ignore

    Possible extension hijack: Default batch file handler (Registry change, nothing done)
    HKEY_CLASSES_ROOT\batfile\shell\open\command\!="%1" %*

    Possible extension hijack: Default command file handler (Registry change, nothing done)
    HKEY_CLASSES_ROOT\cmdfile\shell\open\command\!="%1" %*

    Possible extension hijack: Default old executable handler (Registry change, nothing done)
    HKEY_CLASSES_ROOT\comfile\shell\open\command\!="%1" %*
     
  9. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,350
    Location:
    The Netherlands
    Or not, as the case may be; it could be that default values of those particular registry keys have been modified by a trojan or worm.

    However, if you'd like someone to help you troubleshoot, it would be best to start a new topic of your own; this one is cluttered enough as it is at present....
     
  10. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    sorry :'( .what i ment was right after i installed SD,i checked,and those values were added for me.this always happens each time i have installed SD(about 3 times) id love your help if i needed it,but i dont.thank you TK :D
     
  11. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,038
    Location:
    The Netherlands
    Tony Klein, you da man! It worked, and I deleted the Script Defender app right away. But did this registry entry also remove protection from the other filetypes? Not that it really mathers since I only use one vbs file to quickly toggle "show/hide hidden and system files".

    I'm now going to check out Script Sentry, it looks much more advanced to me, with more options. HTAStop could use a nicer interface, I think. ;)
     
  12. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,350
    Location:
    The Netherlands
    Good to hear that did the trick. :)

    About HTA-Stop's interface, who needs one? It's just a little freebie that allows you to toggle hta ability on and off. It's not as if you'll be using it all day long....
     
  13. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,038
    Location:
    The Netherlands
    Yes I know, but it would be cool if HTA Stop would at least show whether the protection is on or off, sometimes details are important, at least to me they are. ;)
     
Loading...
Thread Status:
Not open for further replies.