Script Defender?

Discussion in 'other anti-malware software' started by ErikAlbert, Oct 4, 2007.

Thread Status:
Not open for further replies.
  1. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Script Defender failed to uninstall itself properly.
    One of my extensions was MSC, so each time when I started Event Viewer, SD asked to continue or not. That was OK.
    After uninstalling SD, I had no access to Event Viewer anymore. Didn't know how to fix it either.
    Is this a personal problem or a general problem ?
    Is there an alternative with the same simplicity as SD ?
     
  2. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    3,741
    Location:
    New York City
    Last edited: Oct 4, 2007
  3. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I did remove the Intercepts first and then uninstalled it.
    I remembered "removing intercepts" very well, because that was my first bad remark on SD, because this could have been avoided with a smarter programming.

    Thanks for the link. :cool:
     
  4. Cerxes

    Cerxes Registered Member

    Joined:
    Sep 6, 2005
    Posts:
    581
    Location:
    Northern Europe
    Well I´m using SD myself, and have until now no complaints about the program. But since you Erik annonced about this problem, I wanted to check that everything was o.k. even with that detail. So I removed the intercepts and then uninstalled SD...and you´re right, it blocks the consols...
    I then tried to get everything back to normal again without SD but it was "impossible" without reinstalling SD again. I have had SD for a longer time so I´m afraid I don´t have any Registry backups before installing SD for the first time. Anyone, any ideas how to solve this problem?

    /C.

    Edit: O.k. it seems that this is going to be a real pain to resolve since you need to know what the executable is to reset the file associations...

    Here is some help:

    [HKEY_CURRENT_USER\Software\AnalogX\Script Defender\Associations]

    ".BAT"="\"%1\" %*"
    ".CHM"="\"C:\\WINDOWS\\hh.exe\" %1"
    ".CMD"="\"%1\" %*"
    ".COM"="\"%1\" %*"
    ".CRT"="rundll32.exe cryptext.dll,CryptExtOpenCER %1"
    ".DOC"=""
    ".EML"="\"%ProgramFiles%\\Outlook Express\\msimn.exe\" /eml:%1"
    ".HTA"="C:\\WINDOWS\\system32\\mshta.exe \"%1\" %*"
    ".HTM"=""
    ".HTML"="C:\\Program\\Script Defender\\sdefend.exe %1 %*"
    ".INF"="%SystemRoot%\\System32\\NOTEPAD.EXE %1"
    ".INS"=""
    ".ISP"="C:\\Program\\Script Defender\\sdefend.exe %1 %*"
    ".JS"="%SystemRoot%\\System32\\WScript.exe \"%1\" %*"
    ".JSE"="%SystemRoot%\\System32\\WScript.exe \"%1\" %*"
    ".MSC"="%SystemRoot%\\system32\\mmc.exe \"%1\" %*"
    ".REG"="regedit.exe \"%1\""
    ".SCT"=""
    ".SHB"="rundll32 %SystemRoot%\\System32\\shscrap.dll,OpenScrap_RunDLL /r /x %1"
    ".SHS"="rundll32 %SystemRoot%\\system32\\shscrap.dll,OpenScrap_RunDLL %1"
    ".VBE"="%SystemRoot%\\System32\\WScript.exe \"%1\" %*"
    ".VBS"="%SystemRoot%\\System32\\WScript.exe \"%1\" %*"
    ".WSC"="C:\\Program\\Script Defender\\sdefend.exe %1 %*"
    ".WSF"="%SystemRoot%\\System32\\WScript.exe \"%1\" %*"
    ".WSH"="%SystemRoot%\\System32\\WScript.exe \"%1\" %*"

    You have to open every file association with the executable in the same line, for example .msc with windows\system32\mmc.exe etc.
    Since I don´t have a backup before installing SD, I have to restore it the hard way... :(

    /C.
     
    Last edited: Oct 4, 2007
  5. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I'm glad you did the test too (I hope you can recover from it easily), then I'm not the only one. This is obvious a bug in the program, this is not supposed to happen. My technical knowledge of Windows, to fix it manually is too small.
    I always solve such problems by restoring a FDISR-archive or a ShadowProtect-image, the easy way. :)
     
  6. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    3,741
    Location:
    New York City
  7. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Cerxes,
    Thanks for the extra info about these extensions. I stored them in my installation file of Script Defender. Sorry about the hard way to fix it.
    I was more lucky, because I was re-installing my computer and uninstalled SD in my old system partition for another reason and that's when I noticed it. So I didn't install SD on my new system partition, because of that.
     
  8. Cerxes

    Cerxes Registered Member

    Joined:
    Sep 6, 2005
    Posts:
    581
    Location:
    Northern Europe
    SD was last updated 2000, so I doubt the author have an easy solution to this problem I´m afraid. Besides, it´s a design fault of the software regarding the registry so the best way is to handle it manually, if you don´t have any snapshots around like some other people... :D ;)

    /C.
     
  9. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    LOL. Well I'm going to use Script Sentry v2.7.1 to replace Script Defender.
    I can't work with such a software, that doesn't uninstall itself properly.
    I'm used to bad uninstallers in general, but this one screws your system and that is unacceptable for me.
    Other SD-users are at least warned. :)
     
  10. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Yes I tried. I wrote a message to report this bug in full detail and I got this message as reply on the website :
    Thanks AnalogX. :rolleyes:
     
  11. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,633
    Location:
    U.S.A. (South)
    Your a real champ Cerxes, because with the PC workload i have and never enough time to have to break away to "fix" an issue like this, i too would be up the creek if not for your timely assistance and list especially.

    On Erik's advice i took the plunge for ScriptDefender because it DOES cover a great deal MORE extensions and i like that. Trouble is, looks like it's a program that once you install it, it takes exception to being removed.

    Although that's a manual replacement is that list 100% complete? If so, i'll leave it for now, because it's a reliable interceptor of many scripts that can harbor viruses and i just don't want a partial coverage. I used ScriptSentry for many years and yes it's also a good one, but it's coverage IS limited somewhat unfortunately but at least it returns the registry to it's prior state after install.

    Thanks Again.
     
  12. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I discovered this bug yesterday. If I would have known this earlier, I wouldn't have adviced ScriptDefender to you.
    You can't uninstall ScriptDefender without screwing your system. If you don't mind and can fix it, that's OK with me. I won't use it anymore.
    I tried to contact the developer, but that link is dead, so it won't be fixed in the future either.

    Frankly, I'm quite astonished that this bug has never been discovered, reported and fixed during all these years. The last update is of 2000, that is at least 7 years. :eek:
     
  13. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,633
    Location:
    U.S.A. (South)
    Sorry to take exception with that issue, but since you deal mostly with Applications Analysis from surface observations, i can say with 100% Certainty that ScriptDefender "CAN" be fully installed and the associations returned again back to normal default. It's NOT a low-level coded program. It's just that it takes some manual (time-consuming) duties to get those back in place as they were.

    In these next few days i'm going to piece together a reg file that does just that, since it's elementary text letters with a .reg extension. I've had plenty of experience over the years of on-the-fly building malware removal reg files to remove/replace registry entries.

    It's those SYSTEM\LEGACY driver connections that require Permissions to remove that are a real pain. This shouldn't be so hard since i tracked & copied ScriptDefender's path changes with none else but Tiny Watcher! :thumb:
     
  14. Cerxes

    Cerxes Registered Member

    Joined:
    Sep 6, 2005
    Posts:
    581
    Location:
    Northern Europe
    I also use TW but that didn´t helped me in this case since you have to have a pre-SD system to detect the changes. Even if I install SD once more it´s useless to trace the changes since the damage is already done. No more SD for me either. :)

    /C.
     
  15. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I don't like "Script Sentry" either, which seems to me an out-of-date software.

    Since Faronics Anti-Executable doesn't protect me against scripts, I need an additional security software, that protects me against scripts.
    My boot-to-restore removes scripts anyway, but I need something that stops the execution of scripts IMMEDIATELY.
    I also use Firefox + Noscript.

    So again, is there a better alternative, money is NOT an issue ?
     
  16. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    3,522
    Location:
    USA - Back in a real State in time for a real Pres
    A possible simple alternative program: ScripTrap.

    http://keir.net/scriptrap.html

    Haven't used it in years. Last updated August 18th 2000.



    Scripts are small programs that are written in a variety of simple computer languages. They can perform useful functions but they can also be used for less useful and sometimes damaging purposes, the prime examples being computer viruses and trojan-horse programs.

    ScripTrap traps scripts when they attempt to run on your computer and provides the option of blocking them or letting them continue to run. You can also check the intercepted script with your anti-virus program before you decide to run it or not. This provides you with a chance of catching possibly malicious code before it causes damage. ScripTrap is particularly useful for trapping scripts that arrive in email attachments, such as the recent ILOVEYOU virus.

    The worst thing about many types of scripts is that they can operate without warning as a legitimate part or extension of another program. Most damaging of all are email attachments that contain scripts. If you open them in an email program that allows scripting they may execute before you even realize what you have done.

    Using the same techniques for script file interception, ScripTrap will also warn you when Microsoft Word and Excel files are about to run, possibly saving you from executing documents that could contain malicious macro code by giving you that important second chance after inadvertently opening an email attachment!

    ScripTrap provides you with filtering capabilities so you can choose to automatically accept or reject selected script files without prompting. You can also choose to only intercept scripts that try to run from temporary directories, having most likely been placed there when about to be run from an email attachment.

    The ScripTrap self-extracting download file contains a single 40K executable that performs the installation, Start menu shortcut creation, program configuration and script interception. It includes comprehensive built-in help text and will perform the correct and complete uninstall procedure should you wish to remove the program. Unlike similar offerings ScripTrap will remove all traces of itself upon uninstalling including removing all associated registry entries and folder/file deletion.
     
  17. Cerxes

    Cerxes Registered Member

    Joined:
    Sep 6, 2005
    Posts:
    581
    Location:
    Northern Europe
    I also tested ScripTrap years ago, and what I can remember is that it´s well coded but you can´t choose which file associations to intercept.

    /C.
     
  18. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,633
    Location:
    U.S.A. (South)
    Ok

    Calling All Security Soft Developers

    WE, the PC users of the world are in dire need of having this addressed, and pronto, as in many yesterdays ago, but not years :mad:

    Just like i find the neglect of developers in creating a "resident" simple file/folder directory watcher like FileChangeAlarm is proven to be, i see now that script protection is been all but dismissed too, and we all are only too keen & aware of what damage can be had when a cleverly crafted (text file code) .bat, .vbs, etc. files can wreak on a windows machine. Anyone who is ever had any experiences with Windows 98/Me has surely been victim at one time or another from them.

    Since WScript/Cscript.exe can be useful in launching normal programs, AE would just make for another unreasonable delay in guarding them and cost us time to disable, just to run scripts that depend on those .exe's

    Batch Files & VisualBasicScript Files, destructively fashioned, can quickly and easily bring a Windows system to it's knees and disable a whole host of normal programming just as quick as launching an exe unfortunately.

    I'm sticking with ScriptDefender for now, it's no big deal to uninstall, only if i can construct a restore associations vbs or reg file which i hope i'll get around to soon.

    This Topic has me where i think i'm going to try to contact Doug Knox and politely solicit his assistance for us if possible regarding ScriptDefender's lack of restore abilty on uninstall, he is an absolute master with these type of things.
     
  19. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,633
    Location:
    U.S.A. (South)
    This might be of some comfort for anyone who still favors reaping the script protection benefits of ScriptDefender, but are put off should they need to uninstall it so it just might prove useful for some. All courtesy of Doug Knox, a MVP and crafty coder since he is been closely associated with $M and especially Windows.

    This current list in no way includes other extensions that ScriptDefender associates, but at least it does cover many basic ones for a start untill someone can take the effort to craft a single .reg file to 100% restore ALL of them and restore some sense of relief against these concerns in SD again.

    http://www.dougknox.com/

    UNDER Whats New? menu to the left side screen

    Apr 21, 2007 - Windows XP File Assocation Fixes
     
    Last edited: Oct 7, 2007
Loading...
Similar Threads
  1. drhu22
    Replies:
    1
    Views:
    493
Thread Status:
Not open for further replies.