[thelist] [Fwd: Windows Scripting Host -- Disabling Extensions]

Anthony Baratta Anthony at Baratta.com
Mon May 8 18:09:21 2000
Previous message: [thelist] CF Textarea problem....
Next message: [thelist] [Fwd: Contemplations : Melissa, I love you - not!]
Return to the message index sorted by: [ date ] [ thread ] [ subject ] [ author ]
Jonathan Cook wrote:
> 
> Here are the registry keys for Windows Scripting Host extensions (.VBS,
> .VBE, .JS, .JSE, .WSH & .WSF) as I know them.  Any suggested additions or
> changes are welcomed.  The following registry entries replaces the standard
> call to execute these file extensions with a call to open the file
> "S:\virus\careful.txt" in notepad.  Do a search and replace on "notepad.exe
> s:\\virus\\careful.txt" to replace that filename with your own.  Remember to
> use \\ in place of a normal \ in your path.  The registry import reads the
> strings like C strings.
> 
> I suggest naming the registry file something like anti-virus.reg.
> 
> It can be launched from the command line or login script with the dos
> command:
> 
> REGEDIT.EXE -S <path & filename>
> 
> I have mine placed in a "reg" subdirectory of my login script directory, and
> here is the command from my login script:
> 
> REGEDIT.EXE -S %0\..\reg\anti-virus.reg
> 
> The %0\..\ is a little trick I just found in the knowledge base today which
> lets you reference files in your login script as if you knew where they were
> being executed from (when in fact they may be run off of any of your login
> servers.  (http://support.microsoft.com/support/kb/articles/Q121/3/87.asp)
> 
> Additionally, I recommend disassociating the .REG extension from
> automatically launching REGEDIT.  Users don't need this double-click
> functionality!  And for administrators, it's just as easy to create a
> shorcut which does "REGEDIT.EXE <filename>" if you are going to do it enough
> to want to avoid the command line.
> 
> I'm a little worried that these virii could be placed inside of those
> "questionaire" HTML pages that sometimes go around.  I'm pretty sure that to
> combat that you'd actually have to remove the Windows Scripting Host
> components or disable scripting in all your browsers. *sigh*
> 
> Jonathan
> 
> <begin registry file>
> 
> REGEDIT4
> 
> [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session
> Manager\Environment]
> "PATHEXT"=".COM;.EXE;.BAT;.CMD;"
> 
> [HKEY_CLASSES_ROOT\VBSFile\Shell\Open\Command]
> @="notepad.exe S:\\VIRUS\\careful.txt"
> 
> [HKEY_LOCAL_MACHINE\Software\CLASSES\VBSFile\Shell\Open\Command]
> @="notepad.exe S:\\VIRUS\\careful.txt"
> 
> [HKEY_LOCAL_MACHINE\Software\CLASSES\VBEFile\Shell\Open\Command]
> @="notepad.exe S:\\VIRUS\\careful.txt"
> 
> [HKEY_CLASSES_ROOT\JSFile\Shell\Open\Command]
> @="notepad.exe S:\\VIRUS\\careful.txt"
> 
> [HKEY_LOCAL_MACHINE\Software\CLASSES\JSFile\Shell\Open\Command]
> @="notepad.exe S:\\VIRUS\\careful.txt"
> 
> [HKEY_CLASSES_ROOT\JSEFile\Shell\Open\Command]
> @="notepad.exe S:\\VIRUS\\careful.txt"
> 
> [HKEY_LOCAL_MACHINE\Software\CLASSES\JSEFile\Shell\Open\Command]
> @="notepad.exe S:\\VIRUS\\careful.txt"
> 
> [HKEY_CLASSES_ROOT\WSHFile\Shell\Open\Command]
> @="notepad.exe S:\\VIRUS\\careful.txt"
> 
> [HKEY_LOCAL_MACHINE\Software\CLASSES\WSHFile\Shell\Open\Command]
> @="notepad.exe S:\\VIRUS\\careful.txt"
> 
> [HKEY_CLASSES_ROOT\WSFFile\Shell\Open\Command]
> @="notepad.exe S:\\VIRUS\\careful.txt"
> 
> [HKEY_LOCAL_MACHINE\Software\CLASSES\WSFFile\Shell\Open\Command]
> @="notepad.exe S:\\VIRUS\\careful.txt"
> 
> [HKEY_CLASSES_ROOT\.VBE]
> @="VBEFile"
> 
> [HKEY_LOCAL_MACHINE\Software\CLASSES\.VBE]
> @="VBEFile"
> 
> [HKEY_CLASSES_ROOT\VBEFile]
> @="VBScript Script File"
> 
> [HKEY_CLASSES_ROOT\VBEFile\Shell\Open]
> @="&Open"
> 
> [HKEY_LOCAL_MACHINE\Software\CLASSES\VBEFile]
> @="VBScript Script File"
> 
> [HKEY_LOCAL_MACHINE\Software\CLASSES\VBEFile\Shell\Open]
> @="&Open"
> 
> [HKEY_CLASSES_ROOT\.VBE]
> @="VBEFile"
> 
> [HKEY_LOCAL_MACHINE\Software\CLASSES\.VBE]
> @="VBEFile"
> 
> [HKEY_CLASSES_ROOT\VBEFile]
> @="VBScript Script File"
> 
> [HKEY_CLASSES_ROOT\VBEFile\Shell\Open]
> @="&Open"
> 
> [HKEY_LOCAL_MACHINE\Software\CLASSES\VBEFile]
> @="VBScript Script File"
> 
> [HKEY_LOCAL_MACHINE\Software\CLASSES\VBEFile\Shell\Open]
> @="&Open"
> 
> [HKEY_CLASSES_ROOT\.JS]
> @="JSFile"
> 
> [HKEY_LOCAL_MACHINE\Software\CLASSES\.JS]
> @="JSFile"
> 
> [HKEY_CLASSES_ROOT\JSFile]
> @="JScript Script File"
> 
> [HKEY_CLASSES_ROOT\JSFile\Shell]
> 
> [HKEY_CLASSES_ROOT\JSFile\Shell\Open]
> @="&Open"
> 
> [HKEY_LOCAL_MACHINE\Software\CLASSES\JSFile\Shell\Open]
> @="&Open"
> 
> [HKEY_CLASSES_ROOT\.JSE]
> @="JSEFile"
> 
> [HKEY_LOCAL_MACHINE\Software\CLASSES\.JSE]
> @="JSEFile"
> 
> [HKEY_CLASSES_ROOT\JSEFile]
> @="JScript Script File"
> 
> [HKEY_CLASSES_ROOT\JSEFile\Shell]
> 
> [HKEY_CLASSES_ROOT\JSEFile\Shell\Open]
> @="&Open"
> 
> [HKEY_LOCAL_MACHINE\Software\CLASSES\JSEFile\Shell\Open]
> @="&Open"
> 
> [HKEY_CLASSES_ROOT\.WSH]
> @="WSHFile"
> 
> [HKEY_LOCAL_MACHINE\Software\CLASSES\.WSH]
> @="WSHFile"
> 
> [HKEY_CLASSES_ROOT\WSHFile]
> @="Windows Scripting Host Settings File"
> "IsShortcut"="Yes"
> 
> [HKEY_CLASSES_ROOT\WSHFile\Shell\Open]
> @="&Open"
> 
> [HKEY_LOCAL_MACHINE\Software\CLASSES\WSHFile]
> @="Windows Scripting Host Settings File"
> "IsShortcut"="Yes"
> 
> [HKEY_LOCAL_MACHINE\Software\CLASSES\WSHFile\Shell\Open]
> @="&Open"
> 
> [HKEY_CLASSES_ROOT\.WSF]
> @="WSFFile"
> 
> [HKEY_LOCAL_MACHINE\Software\CLASSES\.WSF]
> @="WSFFile"
> 
> [HKEY_CLASSES_ROOT\WSFFile]
> @="Windows Scripting Host Settings File"
> "IsShortcut"="Yes"
> 
> [HKEY_CLASSES_ROOT\WSFFile\Shell\Open]
> @="&Open"
> 
> [HKEY_LOCAL_MACHINE\Software\CLASSES\WSFFile]
> @="Windows Scripting Host Settings File"
> "IsShortcut"="Yes"
> 
> [HKEY_LOCAL_MACHINE\Software\CLASSES\WSFFile\Shell\Open]
> @="&Open"
> 
> <end registry file>


-- 
Anthony Baratta
Previous message: [thelist] CF Textarea problem....
Next message: [thelist] [Fwd: Contemplations : Melissa, I love you - not!]
Return to the message index sorted by: [ date ] [ thread ] [ subject ] [ author ]