This page will determine if you're safe from Javascript exploits as well as the more significant "WSHOM.OCX" exploit which has been described as "Trojan.BAT.Format CQ" which isn't really a "trojan" but is rather a scripting exploit permitted by the Microsoft dotNET/Windows WSHOM.OCX Scripting Host and is AS DESIGNED by Microsoft to permit. Microsoft INTENDED for Windows to permit these ActiveX functions to occur as part of dotNET.
PLEASE NOTE! This web page will transmit a *SAFE* script to your machine. No possible damage will occur and the actions (if any) will be taken by your machine. No information will be transmitted back to this site at all and all actions which occur will be on your own machine as a result of the instructions in the script which is downloaded to you to run locally.
A recent exploit disabled mouse, monitor and keyboard, edited the registry to remain in the system and then filled the hard disk swap space and memory. After this it formatted the C: drive. If you turn off the machine, Then it would write to WININIT.INI to continue on the next boot before Windows could start in order to finish its complete destruction of your system. A number of "web trojan downloader" exploits also make use of these functions to cause Internet Explorer to automatically download back door trojans without placing a screen to let you know that this was occurring. "dotNET" extensions when enabled in the Internet Zone are DANGEROUS. The WSHOM.OCX file is the core of this risk and is not easily removed owing to Microsoft's "system restore" which will put it back. This is a completely separate issue from "Data Source Object" exploits for which we created DSOStop although using our FREE DSOStop software and making certain that you've checked the "Internet Zone" protection will also help. That's why we included the "Internet Zone" in its coverage.
In our test, we will open 3 copies of Microsoft CALCULATOR from your WINDOWS or WINNT folder depending on your version of Windows. That will demonstrate whether or not you are at risk. If you see them, then you're at risk. If you do NOT see three copies of Windows calculator appear, then you are safe from the Windows Scripting Host part of the risk. You will be warned if you are exposed to Microsoft Javascripting exploits if those exist as well.
For more information on our products and how we can help to protect your
security and privacy, please take a second and drop by our main page at:
www.nsclean.com
We hope you receive an "immune" verdict and
do NOT see three copies of CALC.EXE on your screen.