Eliminate all VBS worms and viruses

• Stephen Mencik
• Published: 29 May 2001

Editor's note: Learn the latest on VBS threats in our updated article: Are VBS worms still dangerous?

This tip was submitted to the SearchSecurity Tip Exchange Contest by user Stephen Mencik.

There is a very simple way for Windows users (95, 98, ME, NT or 2000) to eliminate completely the threat of "accidentally" executing a VBS attachment to an e-mail.

Do the following:

1. Go to any open Windows Explorer or File Manager window.
2. On the pull-down menus select "Options" on the "View" pull-down.
3. Select the "File Types" tab.
4. Scroll down until you see the .vbs file type.
5. For each of them, highlight the entry and select "Edit."
6. Highlight "Open" and select "Edit."
7. Change the "application use to perform action" from "wscript.exe" to the path name for where "notepad.exe" is located. This is likely either "C:windowsnotepad.exe" or "C:WINNTnotepad.exe." You can use the file find feature to locate the proper path.
8. Once changed, click "OK" and "Close."
9. Repeat for the .vbe file type.

By doing this, if you ever "accidentally" click on a worm or virus written in Visual Basic, it will pop open in notepad rather than executing. This will stop all of them, even if your antivirus software doesn't. This does not mean you don't need antivirus software, as it does nothing for other types of malicious code (.exe, .com, etc.). It also does not prevent those who have need to run Visual Basic scripts from running them. It does mean they will need to use the "Open With" feature of the right mouse button, rather than simply double-clicking the icon.