Solve : is this vbscript code dangerous??

1.	Solve : is this vbscript code dangerous??
Answer» I found this code on the internet but it appears to be some sort of malware, anyone entirely sure what it is? by looking at it can anyone tell me how entirely it works? Dim objHTA Dim cClipBoard Dim WshShell set objHTA=createobject("htmlfile") cClipBoard=objHTA.parentwindow.clipboarddata.getdata("text") Set WshShell = WScript.CreateObject("WScript.Shell") WshShell.RegWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit\LastKey", cClipBoard, "REG_SZ" WshShell.Run "regedit.exe -m" Set objHTA = nothing Set WshShell = nothingit launches registry editor, setting the VIEW to the registry key that is on the clipboard. The source appears to be here. and why EXACTLY does that make this malicious? Quote from: zask on December 10, 2015, 01:51:39 PM and why exactly does that make this malicious? I never said it was malicious.could you maybe explain in detail what it does? Quote from: zask on December 11, 2015, 11:19:12 PM could you maybe explain in detail what it does? The blog post I linked is from the original author, and provides details about what each PART of the script does. ANTIVIRUS says its malicious?Antivirus' can come up with false positives, but this is probably getting flagged because of Quote WshShell.RegWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit\LastKey", cClipBoard, "REG_SZ" WshShell.Run "regedit.exe -m" I have written programs from scratch such as in C++ and while they are perfectly fine, the antivirus can show false positives based on the behavior of the code to be over protective of the system. I generally have to add exceptions to not quarantine my newly compiled programs as AVG on rare occasion will flag my newly compiled exe as a false positive.

Answer»

I found this code on the internet but it appears to be some sort of malware, anyone entirely sure what it is? by looking at it can anyone tell me how entirely it works?

Dim objHTA
Dim cClipBoard
Dim WshShell
set objHTA=createobject("htmlfile")
cClipBoard=objHTA.parentwindow.clipboarddata.getdata("text")
Set WshShell = WScript.CreateObject("WScript.Shell")
WshShell.RegWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit\LastKey", cClipBoard, "REG_SZ"
WshShell.Run "regedit.exe -m"
Set objHTA = nothing
Set WshShell = nothingit launches registry editor, setting the VIEW to the registry key that is on the clipboard.

The source appears to be here.

and why EXACTLY does that make this malicious?
Quote from: zask on December 10, 2015, 01:51:39 PM

and why exactly does that make this malicious?

I never said it was malicious.could you maybe explain in detail what it does?
Quote from: zask on December 11, 2015, 11:19:12 PM

could you maybe explain in detail what it does?

The blog post I linked is from the original author, and provides details about what each PART of the script does.

ANTIVIRUS says its malicious?Antivirus' can come up with false positives, but this is probably getting flagged because of

Quote

WshShell.RegWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit\LastKey", cClipBoard, "REG_SZ"
WshShell.Run "regedit.exe -m"

I have written programs from scratch such as in C++ and while they are perfectly fine, the antivirus can show false positives based on the behavior of the code to be over protective of the system. I generally have to add exceptions to not quarantine my newly compiled programs as AVG on rare occasion will flag my newly compiled exe as a false positive.

Solve : is this vbscript code dangerous??

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment