You can trust gatherNetworkInfo.vbs

While tweaking my new laptop with a Windows 10 (latest build) installation, I found a little entry with SysInternals’ AutoRuns for a gatherNetworkInfo.vbs script.
My first idea was: Malware!

Then I started viewing the script and was very quickly convinced that it wasn’t malware.
The script was easy to read and understand, so I started to Google and figure out what this was.
Alex Verboon has made a blog post about this script, which apparently has been a part of Windows Client since Windows 7!…

After reading his post I was fully convinced that this script was safe and could do no harm.
I’m only wondering what its use would be… but for now I don’t have time to investigate.

Just wanted to let you know that it’s not malware and you can go about and do your business again 🙂

 

2 comments

  1. Chip Cooper says:

    I just wanted to add that the first activity of a hacker is to gather information about a system that will enable them to discover everything they can find out about a system. So, while this *is* harmless with respect to what it does to one’s machines… and it would take quite a bit to get access to this script to run it considering where it is, it does serve a purpose. I suppose one could think of it like atomic power… it’s uses run form benign and helpful, to malignant and destructive. (sigh) What a world… what a world…

  2. Chip Cooper says:

    Hmmm… I just realized that a user has read & execute, traverse… for this… that’s all that would be needed. Tough decision for me if sysinternals needs and uses this… still, they could have at least listed themselves in the script as a comment.

    Since running it makes files according to Alex, and they don’t exist, or have been deleted…. I remain ambivalent, and since this has apparently never been run, and I have been hacked… once… several years ago… perhaps…. I’m still conflicted. I think I’ll just rename it, or consider changing User rights..

Leave a Reply

Your email address will not be published. Required fields are marked *