The VBScript program linked on this page was used years ago to deal with the Swen virus. Swen is News spelled backwards. The virus took advantage of the Microsoft Newsgroups used at the time.

I used this script for many months in 2003. I received 10's of thousands of infected emails in my Outlook account. My email account got disabled a few times because I had so many messages in my inbox. I could only deal with the situation because this script deleted most of the infected messages.

Fortunately, nothing like this has happened since. This script is no longer needed. But the code demonstrates how to scan an Outlook inbox, enumerate the messages, and analyze each message content and the HTML. It detects attachments and checks if they are executables, with .EXE extension, or GIF's. It detects Iframe download exploits. It uses the size of the message to help determine which variety of the Swen virus was detected.

If the program decided the message was infected, it was deleted. The deleted email messages were left in the "Deleted Items" folder, where they could be reviewed, if desired, before emptying the folder.

I only post this script in case anyone encounters a similar situation where virus software fails to detect a new infection. This code can be used as a model to deal with a virus yourself. You would likely need to detect one or more text strings that are a signature of the virus.

ScanSwen.txt <<-- Click here to view or download the program