F-Secure DeepGuard alarm and wscript.exe
we got a F-Secure DeepGuard alarm today.
The User told me he download a zip file with Google Chrome,
in which should be a word document.
He said he deleted the zip file an did not open
it. Attached some screenshots from F-Secure.
The question is, is it true that he did not open it?
Can F-Secure detect it without running something
or did the user run the file inside the zip? Was
the wscript.exe called by this or did F-Secure only
detect, that inside the zip there is something which wants
to call wscript.exe?
that is calling wscript?