While tweaking my new laptop with a Windows 10 (latest build) installation, I found a little entry with SysInternals’ AutoRuns for a gatherNetworkInfo.vbs script.
My first idea was: Malware!
Then I started viewing the script and was very quickly convinced that it wasn’t malware.
The script was easy to read and understand, so I started to Google and figure out what this was.
Alex Verboon has made a blog post about this script, which apparently has been a part of Windows Client since Windows 7!…
After reading his post I was fully convinced that this script was safe and could do no harm.
I’m only wondering what its use would be… but for now I don’t have time to investigate.
Just wanted to let you know that it’s not malware and you can go about and do your business again 🙂
I just wanted to add that the first activity of a hacker is to gather information about a system that will enable them to discover everything they can find out about a system. So, while this *is* harmless with respect to what it does to one’s machines… and it would take quite a bit to get access to this script to run it considering where it is, it does serve a purpose. I suppose one could think of it like atomic power… it’s uses run form benign and helpful, to malignant and destructive. (sigh) What a world… what a world…
Hmmm… I just realized that a user has read & execute, traverse… for this… that’s all that would be needed. Tough decision for me if sysinternals needs and uses this… still, they could have at least listed themselves in the script as a comment.
Since running it makes files according to Alex, and they don’t exist, or have been deleted…. I remain ambivalent, and since this has apparently never been run, and I have been hacked… once… several years ago… perhaps…. I’m still conflicted. I think I’ll just rename it, or consider changing User rights..
This actually gathers every single bit of meta data about your PC that is possible. Change the .vbs to .txt and read the code! Then leave it as a text file so it cant be used.
Good catch, I updated the post. Thanks!