How To Stop A Vbscript Windows 10

Windows Script Host (or WSH) (also known as Windows Scripting Host) is a scripting language shipped with all major Windows and Windows Server distributions since Windows 98. Scripts made with WSH (which normally have VBS extension, since they are primarily written in VBScript) are usually more than powerful and versatile than batch files (.BAT extension) and, for a certain period, they have been used within most software installation processes to carry out diverse system configuration activities. WSH is a language-independent system, as it allows you to write code using different script engines including VBScript (default), JavaScript, Perl and more than.

Unfortunately, the great potential and versatility of the Windows Script Host eventually led almost hackers and black-hat developers to use information technology to develop malicious script-based figurer viruses and malware. A WSH script can automate almost any operation normally performed by Windows and tin be launched with a single click, thus making it the perfect tool to be used in the electronic mail spamming / electronic mail phishing campaigns, where multiple fake invoices are sent to a wide corporeality of users  hoping that some of them would "double click" on them, thus activating the malware. For this reason, the mere presence of a .VBS file direct attached to an e-postal service or "hidden" in a .Zilch archive should alarm the user and block any impulse to open it - or, amend said, to accept it run  confronting your system.

The good practice of never opening e-mail attachments with unknown or potentially unsafe file extensions is well-known amid It experts since year, and - also every bit a result of the threat due to the widespread spread of Ransomware - it finally begins to spread fifty-fifty among less experienced users: it is no coincidence that paying close attention to attachments received via east-mail (specially "invoices" and administrative / accounting documents) is i of the main tricks recommended past all experts and computer security sites (nosotros have talked most them here).

Despite this, unfortunately there are still many users who, either because of their addiction of clicking or lark, continue to make mistakes of this blazon, which have the unfortunate effect of causing execution of VBS scripts on your automobile. The fact that information technology is non an EXE file should not be misleading: it is, as mentioned, scripts that accept reward of an extremely powerful and therefore potentially very dangerous Windows feature, which deserves the maximum attending in terms of prevention - and, fifty-fifty more than so, in the unlikely scenario of an erroneous execution.

How to prevent VBS files from running

Given the above picture, the organisation administrator tin definitely consider disabling the Windows Script Host feature on all client and / or server PCs for security reasons: this is certainly a good do especially if this language is not used intensively , which is truthful in most cases. The blocking of the WSH function volition prevent the execution of files with .VBS extension, which will then become "harmless" text files on all PCs subjected to this handling.

Here are the steps to be taken to disable the Windows Script Host (WSH) functionality for the current user (footstep 2-three) and / or for all users (steps four-5):

1. Press the WINDOWS + R keys, and so blazon regedit to open the organisation registry in edit mode.
2. Navigate to HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings\
3. Create (if it doesn't exist already) a new REG_DWORD key, call information technology Enabled and assign a value of 0 (aught) to it.
4. Navigate to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings\
5. Create (if information technology doesn't exist already) a new REG_DWORD central, call it Enabled and assign a value of 0 (zero) to it.

The VBS execution block should now exist effective: in lodge to test it, create a test.vbs file on the desktop and endeavor to run it. If everything has been done correctly, you lot should see the following alert message appear in a popup window:

Windows Script Host access is disabled on this machine. Contact your ambassador for details.

Needless to say, to bring dorsum such functionality yous but demand to delete the Enabled registry fundamental (or change its value to ane).

What to do if a harmful .VBS file is executed

In the event of an "unexpected" execution of a potentially harmful .VBS file it is certainly advisable to bear out the following precautions:

• Make a copy of the VBS file (without executing it) and browse it online with a tool similar VirusTotal: this will let you to place the threat, a cardinal prerequisite for any subsequent "erase" or "cleaning" strategy. Needless to say, take special care not to execute that file while treatment information technology! To lower the risk - for you and other users - nosotros strongly recommend renaming it with a harmless extension (eg .TXT or .BAK).
• Perform a system scan with an available AntiVirus tool (Bitdefender, Kaspersky, Avira, Avast, etc.). If you do not have paid versions or active subscriptions, yous can download and install one of the many free versions made available by the developers of the same products. But exist certain to download the executables but from the official sites and update the antivirus database to the latest version before starting the scan.
• Perform an additional system browse with the Trend Micro Anti-Threat Toolkit offline installer version (32bit or 64bit, depending on your system CPU architecture). This is the software that gave u.s. best results for scanning and removing the about unsafe malware (rootkits, ransomware) distributed through .VBS scripts.

In addition to performing the above-mentioned countermeasures, it is advisable to take a full general await at the organization to identify suspicious files and/or potential threats, including: files with strange or wrong extensions, unknown text files, performance drops, awarding crashes, and anything else that could unveil ransomware activities being in progress. We likewise advise you to read the following posts and perform the suggested best practices:

• How to prevent Information Breach (Malware ,Virus, Hacker, Phishing, etc.)
• Key elements that threaten your Online Security
• Precautions to follow to protect your Organisation from Malware

Conclusion

That's it for now: given the widespread distribution of VBS viruses and malwares attached to e-mails throughout the whole Europe, we can only recommend to preventively disable WSH to all system administrators, unless explicitly required by specific scenarios.

Source: https://www.ryadel.com/en/disable-windows-script-host-wsh-block-vbs-malware/

Posted by: hamiltonbefee1995.blogspot.com

Share this post