Tech Support Forum - View Single Post - windows script hosting keeps popping up! [Moved From General Security}

tetonbob · 11-29-2007, 08:38 AM

Well, to rule out malware as the cause, because I'm not sure it is, I'd like to get some sort of scanner run on the machine which provides me with useful output.

Assuming you're transporting logs from the affected machine to friend's machine with USB stick or other removable media, we can use this freestanding scanner to accomplish the same thing.

Download this to removable media, and transport it to the affected machine.

* Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe

Doubleclick the drweb-cureit.exe file.
Click on Start, and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, we need to change the default settings.
In the Menu Bar, Go to Options>Change Settings.
Click on the Actions tab
Using the drop down menus, change each item under Objects, Infected Packages and Malware to Report, then click OK
Next, tick the Complete Scan radio button.
Click the green arrow at the right, and the scan will start.
Click 'No to All' if it asks if you want to cure/move the file.
After the scan has completed, in the Dr.Web CureIt menu on top, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Ignore and close any windows which open, prompting you to buy DrWeb.
Post the contents of the log from Dr.Web you saved previously in your next reply.

11-29-2007, 08:38 AM	#7 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,784 OS: 2000 Pro; XP Pro; XP Home	Re: windows script hosting keeps popping up! [Moved From General Security} Well, to rule out malware as the cause, because I'm not sure it is, I'd like to get some sort of scanner run on the machine which provides me with useful output. Assuming you're transporting logs from the affected machine to friend's machine with USB stick or other removable media, we can use this freestanding scanner to accomplish the same thing. Download this to removable media, and transport it to the affected machine. * Download Dr.Web CureIt to the desktop: ftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe Doubleclick the drweb-cureit.exe file. Click on Start, and Allow to run the express scan This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan. Once the short scan has finished, we need to change the default settings. In the Menu Bar, Go to Options>Change Settings. Click on the Actions tab Using the drop down menus, change each item under Objects, Infected Packages and Malware to Report, then click OK Next, tick the Complete Scan radio button. Click the green arrow at the right, and the scan will start. Click 'No to All' if it asks if you want to cure/move the file. After the scan has completed, in the Dr.Web CureIt menu on top, click file and choose save report list Save the report to your desktop. The report will be called DrWeb.csv Close Dr.Web Cureit. Ignore and close any windows which open, prompting you to buy DrWeb. Post the contents of the log from Dr.Web you saved previously in your next reply. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009