What is the difference between the .vbs file extension and an exe?
Is there any non-virus use for .vbs?
Thanks for the info.
Printable View
What is the difference between the .vbs file extension and an exe?
Is there any non-virus use for .vbs?
Thanks for the info.
Same thing here at work.. 50k employees.. sucks to be a sys admin today :)
Yeah we got a warning at work today to.
my reading indicates VB script is intended for internet.
To my understanding you need a scripting engine. From what I read it is vbscript.dll in the windows\system director. Similar to the runtime needed for VB programs.
A person here at work tried to run the attachment for the I love you virus and it did not work. It appears that he did not have the correct version of the dll needed.
A good case for having runtimes?
I would like to know if anyone uses VB script
We got this virus too.
it appears that you need a version of vbscript.dll higher then 3.1.0 but this is not confirmed. anyone else have the abillity to test this?
A guy here tried to run the attachment with 3.1.0 on his machine and the thing would not run. NT gave an error that the file could not be run.
I don't think it was NT in general because others here have run the attachment.
I have VB6 with SP3 and my version of vbscript.dll is 5.0
HTH
Maybe you need the latest version of Outlook to have the .dll? We don't have Outlook, so we've gotten some of the emails but haven't had any problems here.
So far, no one has written one of these for Lotus Notes. Does that make Lotus better than Microsoft?
We received this virus this morning and it went out to all my email contacts, when I called my Mom to warn her not to open any attachments that say "I Love You" she had allready tried to open mine and couldn't. The message she received said she was unable to open this attachment due to #31 or something like that. She didn't know it was a virus at the time. We have 160+ employees and it's been going back and forth all morning I have deleted probably 90 emails this morning saying I love You, and not one of them was a real I LOVE YOU! How sad.:)
Cady
OK.. here's the scoop..
To run this, you need the windows scripting host. Installing IE5 = installing WSH.. or installing Win2000 = installing WSH.
As far as any non virus purpose... think of anything you might want to script. Being a sysadmin, Win2K and the WSH is going to bring some if the much needed flexability to login scripting and administrative scripting in general. You could do all of this stuff on a unix system for years.. people are just targeting Windows.. you're going to effect more people by writing something that targets a MS operating system. Same with the comment about Notes.. there's a lot more people ising Outlook and Outlook express than Notes. It's just sad that someone has to do something like this.. 75% of the people here could write something that does the same exact thing. Actually... anyone with some time and half a brain could do it.. you can find all the code you'd need in different examples all over the web. It's probably someone who has a "Short Man" complex and their trying to take it out on everyone else :)
WSH will also support Javascript, Perl and some others.... It's actually a good thing. In the unix world, you can send an email with one line in a shell script. It's not something that Microsoft has opened up.. it's been there for a long time on the UNIX side but no one has ignorant enough to write something to exploit it.
OK.. I'm rambeling.. I'll stop :)
That's all very well, but what is the I LOVE YOU virus?
If it's like Melissa but ... different I won't have got it
because I'm not on anybody's Contacts list :(
Just WHAT is it? What does it do?
Our work also got this.
It is an e-mail message with ILoveYou in the subject line. When you open the attachment that comes with it, it overwrites some common files on your hard drive with a version of itself, and then e-mails itself to all of your contacts or everyone in your addressbook. We have people starting early, so it was found and stopped before it got too bad.
Hey regarding the I Love You virus make sure the IT department where you work (I work in interactive so thank God thats not me) check out your servers, gif, html, jpeg files etc. We have the code for the virus and it went all throught the registry infecting files in our server where we back up nightly. It was started by someone in Manila, Philippines who "i hate go to school".Anyway just thought you would all want to know if you didn't already.
thats funny, I hate to go to school.
I guess that lead will narrow it down to just about everybody:D
on the first line of code it said that about school and the second line said
by: spyder / [email protected] / @GRAMM
ERSoft Group / Manila,Phillipines
maybe that will narrow it down or than again maybe not...
Does anybody has a copy of this vbs file. I would like to have a look at it. (And no, I don't want to run it, and I don't plan on writing my own virus):D
I'm afraid my colleagues at work deleted about 50 of them, before I could lay a hand on it. Somehow they managed to get a virus scanner able to block these emails at the exchange server, by 15:00 CET.
I think, parts of the code could be very helpful to write useful programs.
You can find all of the code to write this in the msdn, and probably quite a bit of it on this site.
We got it at work too. I've got a printout of the code. We work on e-commerce solutions and use some VBScript for server side coding. One of our developers was trying to work on his code when an error occurred and when he went into Debug mode, there was the virus code. It trashed all of the script files he was working on.
Looking through the code it attacks files with these extensions:
.js, .jse, .css, .wsh, .sct, .hta, .vbs, .vbe, .jpg, .jpeg
It also makes changes to the registry and adds some EXEs to your computer. One of the EXE files is called BUGSFIX.EXE which is a password stealing program.
The code is not difficult or exceptional at all, just malicious. Looking for a silver lining... It could have been easily made worse by having it attack more crucial file extensions like .EXE, .DOC, etc.
Ok got this which may help some one......
If you have inadvertently opened the "I LOVE YOU" virus, and are happy to
> edit your registry, some instructions for fixing it (which may or may not
> work) are at:
>
> http://www.thepope.org/index.pl?node_id=140
>
> Warning: this involves editing your registry, so don't do it if you are at
> all uncertain about what you're doing.
Just got posted this
Joe Hanna (5/05/00 13:53):
The "Love Letter" virus has been mutated into another 2 variations already.
Please read below for more information.
What you need to look out for is
fwd: Joke as the SUBJECT LINE
and the attachment is Very Funny.vbs
VBS/LoveLetter.B
VBS/LoveLetter.B is a variant of the original
VBS/LoveLetter.A worm. The two only differences
are the subject of the arriving e-mail and the
name of the attachment. The subject used by
VBS/LoveLetter.B is
fwd: Joke
instead of the original "ILOVEYOU" subject line
and the name of the attachment is
Very Funny.vbs
instead of LOVE-LETTER-FOR-YOU.TXT.vbs.
The HTML file send through IRC is called
Very Funny.HTM
---------------------------------------------------
Can some one nuke the guy who started this !!!!!!
don't you need ie to have support for vb script ??
Windows98 has included the vb scripting host in the standard installation. This also came with ie5.
Can anyone send me this virus, please?
-- Nobody has my address in contacts... :-(
[email protected]
I have a copy of the mutated version is someone wants it
Yeah we got a mutant virus in a bad way today!!!!
Again I have a copy of the mutated I love you virus if someone want's it!!!
Yip,
send it over
can you give me an email address; our email is down and i need to send it from yahoo ;)and this thingy here defaults to the one on the computer or whatever; hehe
The guy who made that virus was not that
good at programing! If I could read the
code that mean alot :)
Im very glad he didnt have it attack more
file extentions, If it would have attacked
deltree and such , It might have been alot
worse.
Does anyone know if he was caught?
I broke down the virus it is a good virus if there is such a thing...
It effects htm,jpeg,jpg and other file extensions. Destroying the origanl file and replacing it with the virus also makes 2 new files that regenerate the virus on boot or the system of its screen saver....
Brooke Hostmeyer
Net Admin / Programmer
-The guy that spent to many hours cleaning the virus lol-
Id like the code please!!!
Oh, thanks' for the deltree tip ;p
Bebe,
you can send it to
[email protected]
I would also like to see code
[email protected]
Is there a copy for me, pleaseeee?
[email protected]
I've looked at the source code, but I can't seem to find where the part about the screen saver is... are you sure about that, BHostmeyer?
Also, I think some of the coding stuff he used for replacing the jpeg files are weird.
But that's just what I think
Why do you guys want that S******** virus?
What good will that do?
The poeple are getting weirder and weirder every day!
Interesting how you all refer to the author as Him or He.
Today in the Daily mail there is a report from manilla that says that Phillipines National Bureau of Investigation are actually looking for a Woman/Girl. An IT student from a middle class background. The suspect is a moving target.
Fant:cool:
LATEST UPDATE FROM ZDNET
A young woman being sought by Philippine authorities in connection with the creation of the virulent "Love Bug" computer virus will turn herself in, police said on Monday. According to ZDNet Asia, suspected author of the virus, Romel Lamores, 30 years old, was detained by police. -- Reuters
I have a variant of the source to the ILOVEYOU virus but it aint good. Could somebody send me a copy of the source code, just for educational readers.
- Sire
The script is fairly simple.. makes a few calls to the Shell object, is easy to read, and is funny in the way it asks a user to download the ActiveX component of their browser if they don't have it, which destroys their system :)
I spent 8 hours getting the damn thing off the network, though, and really don't feel like letting other people mess with it and creating another variation. Just know that it works, and it's really not all that hard to do.
Brian
[email protected]
whoever has the source code, send it to me as well.
HI you brainwaves. Please be so kind and send me the sourcecode of this silly virus too.
I'd like to see if I can produce the vaccine....
I'm on [email protected]
or [email protected]
Thanks a mil
PS I heard today that is a MALE virus.
First it tells you it loves you.
Then it scr....ws you!!!
Ha ha ha...
Sorry, but I had to let it out...
[Edited by [email protected] on 05-09-2000 at 11:02 PM]
Hehe this I love you virus shows how stupid and naive some (most of the...) users are, and how systemadmin didn't do anything to make sure users can't just run everything they get.
Most ppl run *every* file they get, and think afterwards what is it.... The I love you virus is just a funny new-batchfile-thing (it's only stupid of MS to let batch files have so much control over a computer.. reading files, registry access...with that, you ask that someone will write something like this). I didn't get the virus, at work only 1 got it, but didn't run it (finally someone smart). I *never* run just anything what I get, even not if I should trust the one who send it. It shows some intresting stuff though, like the registry object, which makes it easy to access the registry....
It's a huge joke though that even at the pentagon they don't know how to setup a safe network....
i've seen the code somewhere else around here too.
but why would someone use their coding abilities to attack other people? :confused:
Maybe someone used their coding skills for the sake of anarchism... Maybe they didn't realise the potential for damage that the virus could do...
Maybe they thought it'd be funny to see what happened..?
hmmm, they r all possible solutions, but i guess no one will know,
Has anyone heard of this new virus? It changes the subject each time, so it has no name yet.
Ok, for one thing the "I Love you" virus can only harm your computer if you execute it! looking at and e-mail will not do anything, so in reality your really a dumb ass if it infected you!! Plus, you can spot the VBS really easy since it says, ILOVEYOU.txt.vbs !!!
But what about the enormous percentage of computer users that don't even appreciate that the suffix indicates file type?
You can't just blame people for infecting themselves. These people don't know how to do any better.
I work for a company that extends VBScript to control robots. There's a practical use. :)
If your system admin allows you guys to send and recieve e-mail then he desearved to get a hit. I mean im a college student and i do technical support in the college's library and I even new to disable Java, through on Fortress and only have 3 stations up for e-mail. This way I won't be overwhelmed if we get hit. Just have to be ahead of the game!
Thats the best solution to the virus problem by far. As email is such a useful commodity for keeping in touch don't you think by restricting access to it you're defeating the object?
It seems many of you are very much angry with vbscript ;-(
Actually vbscript is very useful if it is used in the right
sense. Sadly any useful thing can be made to do the worst you wouldn't expect !
PREVENTION IS BETTER THAN CURE :
To avoid running vbscripts accidentally, you should just
change the action it does on being double clicked. The best
change would be to open the script in notepad instead of running directly. This can be done, from the WINDOWS EXPLORER, via the view -> File Types -> Edit ....
To make it easier for you and to proove that vbscript is not always the villain , I show you the following script that changes the behaviour of vbscripts (*.vbs) when they are double clicked.Just cut and paste in notepad and save it
with .vbs extension. Then double click to run,(That is for the last time)...
'------------------------------------------------------------
dim x, y
set x=CreateObject("WScript.Shell")
y=x.RegWrite("HKEY_CLASSES_ROOT\VBSfile\Shell\","Edit")
MsgBox "Success: VBS files will no longer run by default." & _
vbcrlf & "Will open only in notepad !"
'-------------------------------------------------------------
After this whenever you double click a vbs file it will open in notepad by default, for u to inspect. If you are brave enough to run it, just right click and choose open.
NOTE : This works out only for vbscript. For Javascript
*.js and other stuff you have do that in a simillar way.
The point here is to proove that vbscript is not a bad thing at all !
Could someone do us all a favor and post the I LOVE YOU code here. That way, we can get it quickly and view it from a safe distance. :D
It is forbidden to post, post it and I believe John or James may ban you :rolleyes:.
Ok, they are really nice guys, they'll just delete the post, and give you a big lecture on it, so to save yourself the big speech, don't post any harmful code here.
I use VBS on a pretty routine basis to mass copy directories and files to all my servers. It also makes you really learn VB as you write VBS in Notepad or some other text editor.
I have a printout of the virus or worm that this discussion was about. Its pretty nasty stuff but it has some good routines to learn from.
Then could someone mail me the script? I wanna chop it up and put it under a microscope. :eek: Eww... that an ugly script... maybe I shouldn't have cut it up...
Outlook express and IE both can be tricked into running vb scripts without you asking them to do anything.Quote:
Originally posted by Crazy D
Hehe this I love you virus shows how stupid and naive some (most of the...) users are, and how systemadmin didn't do anything to make sure users can't just run everything they get.
Most ppl run *every* file they get, and think afterwards what is it.... The I love you virus is just a funny new-batchfile-thing (it's only stupid of MS to let batch files have so much control over a computer.. reading files, registry access...with that, you ask that someone will write something like this). I didn't get the virus, at work only 1 got it, but didn't run it (finally someone smart). I *never* run just anything what I get, even not if I should trust the one who send it. It shows some intresting stuff though, like the registry object, which makes it easy to access the registry....
It's a huge joke though that even at the pentagon they don't know how to setup a safe network....
And what if their window display is set to hide all known extensions? Then all they will see is ILOVEYOU.txtQuote:
Originally posted by mtomte
Ok, for one thing the "I Love you" virus can only harm your computer if you execute it! looking at and e-mail will not do anything, so in reality your really a dumb ass if it infected you!! Plus, you can spot the VBS really easy since it says, ILOVEYOU.txt.vbs !!!
Or they could do a dirty trick and put 240 spaces between the .txt and the .vbs
Don't assume users are stupid. Occasionally programmers are smart.
Lord Orwell is correct. The sneakiest trick I know is making .exe and then write *.txt before that. Then just place the text icon and voila! Most Users hide known extensions, so the trick works.:D
The code (i'm pretty sure) has been posted here before. if you can do a search (if it still isn't disabled), and you should be able to find it,Quote:
Originally posted by KamiKazeKiwi3
Could someone do us all a favor and post the I LOVE YOU code here. That way, we can get it quickly and view it from a safe distance. :D
I hope you aren't planning to recreate the virus LOL :eek: :p
If 'm not mistaken VB Script is similar to Java script. And I think it is used for web applications. :confused: