Is this Malware?

njtt · October 3, 2014, 6:24am

When I booted up my computer (Windows 7 64 bit) today, a Notepad window, containing what I take to be a brief Visual Basic script, was open on my desktop. I have never seen this before, and I am pretty sure I closed all the open windows (not that this would have been one of them) before I shut it down the previous day. The file name is del.vbs, and there appear to be two copies of it in C:\Users
jtt\AppData\Local\Temp. The contents are as follows.


Sub Main()

Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objShell = CreateObject("Wscript.Shell")

objFile = Wscript.ScriptFullName
objFolder = objFSO.GetParentFolderName(objFile)
objParentFolder = objFSO.GetParentFolderName(objFolder)

objShell.CurrentDirectory = objParentFolder
objFSO.DeleteFolder(objFolder)

End Sub

On Error Resume Next
Main

Should I be worried?

I rather think that my system as currently set up does not know how to run .vbs files of this sort, which may be a good thing in this instance, and may explain why it turned up in a Notepad window instead (presumably) of executing.

A scan with Malwarebytes did not turn up anything of any likely relevance.

Mangetout · October 3, 2014, 7:21am

All it seems to be doing is identifying and then deleting its own folder. It could be part of something bad (i.e. the part that covers its tracks), but on its own, this isn’t malware.

Isilder · October 3, 2014, 7:54am

The code is the very same (letter for letter) example code given out by Microsoft - it would have been put there by an installer - its cleaning up after a software (or fonts or driver or something) is installed.
( What that means is there is no signature IN it to link it to a malware… its impossible to know what put it there, unless you check the files date stamp with package install times/dates… )

here’s an example of the same code given out as examples on vbs.
http://theregime.wordpress.com/vbs/

control-z · October 3, 2014, 6:34pm

Did you install any software prior to the Shutdown before you saw the Notepad window?

njtt · October 3, 2014, 9:07pm

Not shortly before. I think something may have updated earlier in the day, well before the shutdown.

control-z · October 3, 2014, 9:13pm

Software updaters/installers can’t update files that are open, so they will defer those updates until the next boot. A bug in an installer could be what you saw.

Topic		Replies	Views
Is this a virus? (Visual Basic question) Factual Questions	6	935	May 22, 2000
possible virus? Factual Questions	2	934	August 7, 2000
Virus Help Please Factual Questions	4	570	August 1, 2003
Is this a virus or a Windows system file? Factual Questions	6	830	September 10, 2003
.vbs extensions Factual Questions	3	765	July 18, 2002

Is this Malware?

Related topics