Jump to content


  • Content Count

  • Joined

  • Last visited

About dcohn

  • Rank
  1. Am I to understand you have not heard of the maskrider2001.vbs script that I am referring to? I probably cleaned all them already manually and did not save them but I thought this was a pretty well known issue affecting the ability for people to double click my computer then double click a drive letter. It prevents the drive from opening. I never see it since I never open Windows Explorer that way (I right click my computer and select explore) but the users complain about it. It seems to always copy itself to a USB drive as well as all fixed drive letters. It also has an accompanying autorun.inf file. Therefore you select the drive and the autorun.inf calls the maskrider2001.vbs file. Very simple but a pian in the butt. It is also in the windows run reg key startup and it defaces the IE TITLE. So manual cleanup is very simple assuming there are no other hidden threats but a pain in the ass none the less. With clients in the field at remote locations as we have they use the machines as sales stations and refuse to password protect anything so every machine on their networks get infected in minutes. I will send you a sample NEXT time But tell me if this is a known issue or not at least. If they would buy SAS I assume it would protect them. Am I correct that SAS will protect the IE Title (Not the HOme Page just the TITLE). I own SAS pro and we run SAS on their systems. I have not tested it with this yet. Thanks Doug
  2. I have been cleaning this off a clients locations for over a year now. They have hundreds of machines across about 100 locations around the country. Will SAS clean this properly? Links claim solow-G Worm! but it does not match the descriptions well. The files found are maskrider2001.vbs and wscript is the process running (windows scripting). Once you shut down the scirpt engine you can delete the vbs files. Pain in the butt though as the reg keys must go as well. Thanks Doug
  • Create New...