F-Secure DeepGuard alarm and wscript.exe


we got a F-Secure DeepGuard alarm today.

The User told me he download a zip file with Google Chrome,

in which should be a word document.

He said he deleted the zip file an did not open

it. Attached some screenshots from F-Secure.


The question is, is it true that he did not open it?

Can F-Secure detect it without running something

or did the user run the file inside the zip? Was

the wscript.exe called by this or did F-Secure only

detect, that inside the zip there is something which wants

to call wscript.exe?

Is it possible that Chrome can run wscript.exe or a JavaScript JS file

that is calling wscript?

Best Regards 



This discussion has been closed.