Tell Windows not to run scripts locally.

disc-smashed-by-hammer-1-1244240-639x425

For some reason Windows, by default, is set to open Javascript and VBScript files with the WSH (Windows Scripting Host) which then executes the script.  This is a good way for bad guys to get you to run their code on your machine.  In fact, it’s how the ransom-ware CryptoWall was infecting people.  If you don’t know what ransom-ware is yet, you’re lucky.  Basically, it encrypts all your important files, usually with good unbreakable cryptography,  then you have to pay a large sum of money to get the key to decrypt your files which may or may not work depending on the skill of the malware author.  Most people do not need to have these scripts executing on their machines.  Most scripting that people actually use is in web pages where it is interpreted and executed by the web-browser.

I recommend changing the file association for these types of files to notepad.   If it breaks something for you, you can always change it back, but 99% of people who would actually need these files executing would know how to set it up.  To protect yourself create two new files.  You can do this in numerous ways but one is to right-click on the desktop -> new -> text document.  Rename one file (test.js).  It is important that you get that (.js) file extension.  You should get a warning about changing the file extension, say yes.

warning

Now right-click on the test.js file and select (open with->choose another app).  Some wording might be different on different versions of Windows.  Select notepad and make sure you check “always use this app…”

infobox

Rename your other file test.vbs and do the same thing.  Once done, you can delete these two files.  If you ever want to change it back you simply select some .js and/or .vbs file, or make one and associate it with Windows Based Script Host from the screenshot above.

You are now a little safer.  As always, if you need help with this or any other issue please contact us and we can help.  Stay safe out there.

Leave a Reply

Name *
Email *
Website