Malware Analysis Vbs scripts when I login into Windows. Is this normal?

Zero Knowledge

Level 20
Thread author
Verified
Top Poster
Content Creator
Dec 2, 2016
841
Untitled.png



Seems odd vbs scripts would like to run upon logging in. Very odd :p This is abnormal behavior right? Because I've de registered vbs files and extensions yet they still want to run.
 
F

ForgottenSeer 86663

"De-registering vbs files and extenstions," as you put it, does not block their attempted launch in and of itself. If there is a login vbs script, it is still going to attempt to run. Without digging into your system nobody can tell you what and why a vbs script is attempting to run.

In fact, what you did ("de-registering") is the reason that the Windows file association prompt is appearing.

Hard Configurator uses a NirSoft utility that extracts ETL and displays them for you. In the block event log you might find more details of what is attempting to launch. Hard Configurator also ships with an autoruns inspection so you can inspect all the script autoruns on your system. You need to figure that stuff out for yourself.

It could be c:\windows\system32\gathernetworkinfo.vbs. It could be something else. It could be a lot of things.
 
Last edited by a moderator:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top