UNINSTALL WINDOWS SCRIPTING HOST

Technical Details

VBScript and VBS files
VBScript is a scripting language that allows developers to create a list of commands that can be executed without user interaction. As with any scripting language, it is frequently used to automate actions. Unfortunately, virus writers can also take advantage of its capabilities to infect computers and cause extensive damage.

VBScript files are nothing more than plain text files with a .vbs extension, and they can be edited using any text editor, such as Notepad. They contain a set of instructions that are run when a user executes the file. For example, you can create a .vbs file that reads a list of names for shared folders on your local network and maps a network drive to each name. Almost any action that you can perform while sitting at your computer can be automated by one of these scripts.

What is the Windows Scripting Host?
The Windows Scripting Host (WSH) is a feature of Microsoft Windows operating systems. It enables .vbs files to run in Windows 95, 98, NT 4.0, and Windows 2000. In the case of the VBS.LoveLetter.A and VBS.NewLove.A worms, it enabled the virus writer to automate actions that ran a direct script execution without end-user intervention.

The WSH enables users to automate tasks in Windows by providing access to the Windows shell, file system, registry, and more. The WSH is accessible to anyone who can learn to write the relatively simple scripting code. Scripts can be run directly from the desktop by clicking on a script file from within a program, such as an email program, or from the command console.

What can you do to protect yourself? Uninstall the Windows Scripting Host
One preventive measure that you can take to protect yourself from viruses that come as .vbs attachments (such as the "Love Letter" virus) is to uninstall the Windows Scripting Host. Because Windows Scripting Host is an optional part of Windows, it can be safely removed from your computer. This feature can easily be re-installed if it is required in the future.

Before you begin: If you are using Norton AntiVirus 2001 and you have downloaded and installed the Script Blocking update, or you are using Norton AntiVirus 2002/2003/2004 and Script Blocking is enabled, this is neither necessary nor recommended. The Script Blocking feature will prevent potentially malicious scripts from running, and will still allow you to run the required scripts.

Remove the file from the system (any version of Windows)
With the exception of some versions of Windows 98, the Windows Scripting Host can be installed on the computer, but not be displayed in the Add/Remove Programs dialog box. For all versions of Windows you can disable WSH by removing its executable file. Follow these steps to do this:

  1. Click Start, point to Find, and click Files or Folders.
  2. Make sure that Look in is pointed to either drive C or All Drives, if you have more than one.
  3. In the Named box, type wscript.exe and then click Find Now.
  4. Right-click the resultant file, and then do one of the following:
    • If you are sure that you will not need this, click Delete, and then click Yes to confirm.
    • If you want to keep a copy of this file so that you can easily re-install it later:
      1. Click Cut. (Do not click Copy.)
      2. Close the Find Files window.
      3. Double-click the My Computer icon on the Windows desktop.
      4. Insert a blank, formatted floppy disk into the floppy disk drive.
      5. Double-click the floppy disk drive icon, usually drive A.
      6. Click the File menu, and then click Paste.
  5. Optional: Because you have deleted or moved the Wscript.exe file, if you ever try to run a .vbs file, you will see a Program Not Found message. This is, of course, expected, and you can click Cancel. If you want to prevent this, however, you will have to remove the file association, as follows:
    1. Start Windows Explorer.
    2. Click View, and then click Options or Folder Options.
    3. Click the File Types tab.
    4. In the Registered file types list box, scroll down to select VBScript Script File.
    5. Click Remove, and then click Yes to confirm.
    6. Click OK, and then close all dialog boxes.
Close window