Jump to content
dcohn

Maskrider2001

Recommended Posts

I have been cleaning this off a clients locations for over a year now. They have hundreds of machines across about 100 locations around the country.

Will SAS clean this properly? Links claim solow-G Worm! but it does not match the descriptions well. The files found are maskrider2001.vbs and wscript is the process running (windows scripting). Once you shut down the scirpt engine you can delete the vbs files. Pain in the butt though as the reg keys must go as well.

Thanks

Doug

Share this post


Link to post
Share on other sites
I have been cleaning this off a clients locations for over a year now. They have hundreds of machines across about 100 locations around the country.

Will SAS clean this properly? Links claim solow-G Worm! but it does not match the descriptions well. The files found are maskrider2001.vbs and wscript is the process running (windows scripting). Once you shut down the scirpt engine you can delete the vbs files. Pain in the butt though as the reg keys must go as well.

Thanks

Doug

Can you send the files to samples AT superantispyware.com

Share this post


Link to post
Share on other sites

Am I to understand you have not heard of the maskrider2001.vbs script that I am referring to?

I probably cleaned all them already manually and did not save them but I thought this was a pretty well known issue affecting the ability for people to double click my computer then double click a drive letter. It prevents the drive from opening.

I never see it since I never open Windows Explorer that way (I right click my computer and select explore) but the users complain about it. It seems to always copy itself to a USB drive as well as all fixed drive letters.

It also has an accompanying autorun.inf file. Therefore you select the drive and the autorun.inf calls the maskrider2001.vbs file. Very simple but a pian in the butt. It is also in the windows run reg key startup and it defaces the IE TITLE. So manual cleanup is very simple assuming there are no other hidden threats but a pain in the ass none the less.

With clients in the field at remote locations as we have they use the machines as sales stations and refuse to password protect anything so every machine on their networks get infected in minutes.

I will send you a sample NEXT time But tell me if this is a known issue or not at least.

If they would buy SAS I assume it would protect them. Am I correct that SAS will protect the IE Title (Not the HOme Page just the TITLE).

I own SAS pro and we run SAS on their systems. I have not tested it with this yet.

Thanks

Doug

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×