VBS script

Discussion in 'other anti-virus software' started by Gigabyte, May 5, 2004.

Thread Status:
Not open for further replies.
  1. Gigabyte

    Gigabyte Registered Member

    Joined:
    Apr 28, 2004
    Posts:
    163
    Location:
    NC,USA
    Just ran a test to see if my virus protection would detect this,it didn't. How much of a concern is this and how do I go about preventing it? Thanks :eek:
     
  2. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    That really depends on what anti-virus you are using! (any clues?) Some (like Norton AV) have this as a selectable feature (Script Blocking) so checking your configuration may help here.
     
  3. Gigabyte

    Gigabyte Registered Member

    Joined:
    Apr 28, 2004
    Posts:
    163
    Location:
    NC,USA
    I am using a suite that uses Trend Micro for the antivirus. I tried another test and it found the VBS wormo_O? :doubt:
     
  4. TheSnowGuy

    TheSnowGuy Guest

    GIG..

    our friend PARA made the point....script blocking....an as PARA stated its a selectable feature..in the program Para mentioned.
    Otherwise, anti-virus programs are not pre se script detectors, therefore, if the script you ran was not "seen" as a potential threat there was no reason the anti virus program should have alerted you. This may be taken as a broad statement..but many scripts can be dangerous...if used in that context.....to that end.
    IMO thats one reason layered protection is essential. Check out the program Script Defender....can be found on the wilders free tools page
     
  5. TheSnowGuy

    TheSnowGuy Guest

    GIG

    So, is this correct...your second test "saw" this so-labeled worm as a threat and alerted you....is that right? My first thought...it should have alerted you on the first test....we don't often get second chances with virues........nevertheless, it saw it as a threat only because the script signature was "seen"..........an unknown virus would have passed....just about most anti virus programs.
    Those unknowns are what gets us. Again, layered protection is essential...to block those unknowns.....a script detector comes into play regarding those...gives you a fighting chance.
     
  6. wizard

    wizard Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    818
    Location:
    Europe - Germany - Duesseldorf
    Can you give me some more information please? Which antivirus program and with which VBS malware did you test it?

    wizard
     
  7. Gigabyte

    Gigabyte Registered Member

    Joined:
    Apr 28, 2004
    Posts:
    163
    Location:
    NC,USA
    Yes. I used a completely different test and it found it.
     
  8. Gigabyte

    Gigabyte Registered Member

    Joined:
    Apr 28, 2004
    Posts:
    163
    Location:
    NC,USA
    Can't find script defender on the free tools site?
     
  9. Gigabyte

    Gigabyte Registered Member

    Joined:
    Apr 28, 2004
    Posts:
    163
    Location:
    NC,USA
    The antivirus is TrendMicro and the link is here taht I used for the test.
    http://pages.prodigy.net/seims/antivirustest.htm As soon as I tried to open it it popped up that a virus was found.
     
  10. TheSnowGuy

    TheSnowGuy Guest

    GIG

    ok, then I understood correctly. personally I would be troubled by those results. Also, as Wizard asked....what malware is this> but that brings into play yet another question...is it known malware?
    In fairness to all anti virus vendors I personally would not expect their products to detect "every" unknown virus.....in fact, if their products did..we would never again have to worry about any virus...but they don't.
    Nor do I believe its a fair test to use known virus for testing by in-experience users.....norton may detect what avg does not...so it gets into a constant never ending debate on which product is better......to heck with that.......
    All I can honestly tell you GIG is that a script such as you mention will not run on my system....no <vbs> script....known,,unknown....it just isn't going to execute.......
     
  11. wizard

    wizard Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    818
    Location:
    Europe - Germany - Duesseldorf
    I've tried the "VBS test". All the script does is open a message box which is far away from being anything malicious. So any alert of an av program for this file can be considered as big false positive.

    I would not worry too much about it.

    wizard
     
  12. Gigabyte

    Gigabyte Registered Member

    Joined:
    Apr 28, 2004
    Posts:
    163
    Location:
    NC,USA
    Thanks! :D
     
  13. TheSnowGuy

    TheSnowGuy Guest

    GIG

    Here you are..dirct from the vendor..you can download when there is you wish:

    http://www.analogx.com/contents/download/system/sdefend.htm

    An GIG, read....take just a moment to see the purpose of the program.....judge for yourself if its an asset.........by the way...its a set and forget program....once the intercepts are enable just forget its there...
     
  14. Gigabyte

    Gigabyte Registered Member

    Joined:
    Apr 28, 2004
    Posts:
    163
    Location:
    NC,USA
    It's appreciated! :cool:
     
  15. Gigabyte

    Gigabyte Registered Member

    Joined:
    Apr 28, 2004
    Posts:
    163
    Location:
    NC,USA
    The file is so small,I figured better safe than sorry.But after I installed it and hit install intercepts,there is suppose to be some sort of test pop up,but it doesn'to_O?I have VBS installed and checkedo_O o_O
     
  16. TheSnowGuy

    TheSnowGuy Guest

    GIG

    I am not awear of it having any test pop-up.....been using it for years...
    but what the heck..if you want to test it just go take that test again...see which programs alerts you first..might be fun.....
    if the intercepts are installed....thats it...done job....not to worry. You now have an added layer of protection that gives real time protection .....yes, its small...kinda nice...takes no resources..even nicer...
    kinda makes a guy wonder why everybody isn't using it. Later you can add extensions...for now just see how you like it......
     
  17. peakaboo

    peakaboo Registered Member

    Joined:
    Oct 20, 2002
    Posts:
    377
    look in the folder for script defender.

    you should see a file called test.vbs

    double click this (harmless) file.

    if you have script defender set up properly it should intercept this vbs file and give you the choice to execute or abort.

    another layer of protection you can add if you don't have it is an application sandbox such as Abtrusion Protector or SSM.
     
  18. TheSnowGuy

    TheSnowGuy Guest

    Well ShoNuff that test script is right where peekie said......an all these years I never once looked there........hmmmmmm early age mental fatique..
     
  19. Gigabyte

    Gigabyte Registered Member

    Joined:
    Apr 28, 2004
    Posts:
    163
    Location:
    NC,USA
    Found it and it worked. :D Thanks for all the info fellas. ;)
     
  20. TheSnowGuy

    TheSnowGuy Guest

    GIG

    you are most welcome...an thanks to Peekie for the directions to the test.
     
Thread Status:
Not open for further replies.