When i go to my online banking webpage(sampopankki.fi) and try to enter my log-in details i am getting COMODO Defense+ Alerts about ******.vbs file that is accessing protected COM interface WINMGMTS.1
Should i be worried about security? If not how do i disable those pop-ups. I get about 20 of those.
here is a pic: http://img716.imageshack.us/img716/962/sampo2a.jpg
I have exatcly same broblem whit two differrent machines whit different operation systems (XP an Win 7).
Also I am unable to use then banking services. Same bank btw.
banking software that uses .vbs? sounds suspicious to me, but you never know…
Is this an offline banking version? can you copy the vbs and attach it here, or PM me if you don’t wish to put it public here?
You can test it by going to address www.sampopankki.fi and click “Kirjaudu verkkopankkiin”=“Login to webbank” button that is located upper right corner of page. After that alerts start.
Geez, they are really loading Java first which in it’s place tries to execute a .vbs script in the %temp% folder.
Below is the code inside it, looks like they are ‘verifiying’ your Windows Serialnumber ???
My personal opinion, naughty coding, I can’t imagine Java on it’s own isn’t capable of reading this data out of your system.
No clue why they ‘escaped’ to .vbs
Set objWMIService = GetObject("winmgmts:\\.\root\cimv2")
Set colItems = objWMIService.ExecQuery _
("Select SerialNumber from Win32_OperatingSystem")
For Each objItem in colItems
The MSDN link to the query used
Data type: string
Access type: Read-only
Operating system product serial identification number.
I think it’s dirty coding, but who am I.
So can i should just block it permanently? or if it’s required for the site to work then allowing it? how to do it?
Just try blocking it, and don’t let D+ remember the answer, and see if that breaks things or not.
I have the exact same problem, but how to block the vbs code since the file pops up multible times with different file name (10 or so times). Blocking one file didn’t help in my case.
Also should we be worried about their “bad coding”. It didn’t use to do that untill Java update few months ago. For me totally ignoring the alerts doesn’t effect the way my computer logs on to the bank tho.