"ddbxx******.vbs is trying to access a protected COM interface"

sahtimonni · September 8, 2011, 2:03pm

When i go to my online banking webpage(sampopankki.fi) and try to enter my log-in details i am getting COMODO Defense+ Alerts about ******.vbs file that is accessing protected COM interface WINMGMTS.1

Should i be worried about security? If not how do i disable those pop-ups. I get about 20 of those.

here is a pic: http://img716.imageshack.us/img716/962/sampo2a.jpg

ParstaKallo · September 8, 2011, 5:40pm

I have exatcly same broblem whit two differrent machines whit different operation systems (XP an Win 7).
Also I am unable to use then banking services. Same bank btw.

rhgtyink · September 8, 2011, 6:32pm

banking software that uses .vbs? sounds suspicious to me, but you never know…
Is this an offline banking version? can you copy the vbs and attach it here, or PM me if you don’t wish to put it public here?

sahtimonni · September 9, 2011, 3:18am

You can test it by going to address www.sampopankki.fi and click “Kirjaudu verkkopankkiin”=“Login to webbank” button that is located upper right corner of page. After that alerts start.

rhgtyink · September 9, 2011, 6:10am

Geez, they are really loading Java first which in it’s place tries to execute a .vbs script in the %temp% folder.

Below is the code inside it, looks like they are ‘verifiying’ your Windows Serialnumber ???
My personal opinion, naughty coding, I can’t imagine Java on it’s own isn’t capable of reading this data out of your system.
No clue why they ‘escaped’ to .vbs


Set objWMIService = GetObject("winmgmts:\\.\root\cimv2")
Set colItems = objWMIService.ExecQuery _ 
   ("Select SerialNumber from Win32_OperatingSystem") 
For Each objItem in colItems 
    Wscript.Echo objItem.SerialNumber 
Next

The MSDN link to the query used


SerialNumber

    Data type: string
    Access type: Read-only

    Operating system product serial identification number.

    Example: "10497-OEM-0031416-71674"

I think it’s dirty coding, but who am I.

sahtimonni · September 10, 2011, 3:09pm

So can i should just block it permanently? or if it’s required for the site to work then allowing it? how to do it?

Citizen_K · September 10, 2011, 5:27pm

Just try blocking it, and don’t let D+ remember the answer, and see if that breaks things or not.

ZkhaYa · October 19, 2011, 7:31am

I have the exact same problem, but how to block the vbs code since the file pops up multible times with different file name (10 or so times). Blocking one file didn’t help in my case.

Also should we be worried about their “bad coding”. It didn’t use to do that untill Java update few months ago. For me totally ignoring the alerts doesn’t effect the way my computer logs on to the bank tho.