How to temove this bat file?

Claire Bennette · May 28, 2009

Dear all Recently I noticed that My Computer creating funny bat file called
xh319r9b.bat.
It uses autorun.inf and when I delete those 2 files it creates again in 5
seconds. How
can I remove those 2 files I tried to scan those 2 files in Mcafee and
Norton Both Its
not recognize it.

1PW · May 29, 2009

Claire Bennette wrote:
> Dear all Recently I noticed that My Computer creating funny bat file called
> xh319r9b.bat.
> It uses autorun.inf and when I delete those 2 files it creates again in 5
> seconds. How
> can I remove those 2 files I tried to scan those 2 files in Mcafee and
> Norton Both Its
> not recognize it.

Hello Claire:

This can be looked at from several directions. This might be a
legitimate file whose name is purposefully randomized for its protection.

or...

This could be malware that's also protecting itself with the same
randomized name technique.

You could try submitting the batch file (through upload) to:

<https://www.virustotal.com/>

If the contents of the batch file isn't too long, you could post its
contents here in a follow-up post for our analysis.

Although you've called them by their manufacturer names, you haven't
told us which exact and specific products you are scanning the batch
file with.

Are you also running antispyware applications? Please reveal as much
system information as is available.

Pete
--
1PW @?6A62?FEH9E=6o2@=]4@> [r4o7t]

Richard Urban · May 29, 2009

Please do not ask anyone to post potentially malicious software in these
newsgroups!

--

Richard Urban
Microsoft MVP
Windows Desktop Experience

"1PW" <barcrnahgjuvfgy@nby.pbz> wrote in message
news:gvnubd$61q$1@news.eternal-september.org...
> Claire Bennette wrote:
>> Dear all Recently I noticed that My Computer creating funny bat file
>> called xh319r9b.bat.
>> It uses autorun.inf and when I delete those 2 files it creates again in 5
>> seconds. How
>> can I remove those 2 files I tried to scan those 2 files in Mcafee and
>> Norton Both Its
>> not recognize it.
>
> Hello Claire:
>
> This can be looked at from several directions. This might be a legitimate
> file whose name is purposefully randomized for its protection.
>
> or...
>
> This could be malware that's also protecting itself with the same
> randomized name technique.
>
> You could try submitting the batch file (through upload) to:
>
> <https://www.virustotal.com/>
>
> If the contents of the batch file isn't too long, you could post its
> contents here in a follow-up post for our analysis.
>
> Although you've called them by their manufacturer names, you haven't told
> us which exact and specific products you are scanning the batch file with.
>
> Are you also running antispyware applications? Please reveal as much
> system information as is available.
>
> Pete
> --
> 1PW @?6A62?FEH9E=6o2@=]4@> [r4o7t]

Jordon · May 29, 2009

Richard Urban wrote:
> Please do not ask anyone to post potentially malicious software in these
> newsgroups!

He just suggested to post the contents of a batch file. Plain
text in a news group message isn't malicious.

--
Jordon

David H. Lipman · May 29, 2009

From: "Jordon" <jordon@REMOVEgrahamtrucking.com>

| Richard Urban wrote:
>> Please do not ask anyone to post potentially malicious software in these
>> newsgroups!

| He just suggested to post the contents of a batch file. Plain
| text in a news group message isn't malicious.

| --
| Jordon

Yes, the contets of a .BAT or .CMD is OK. No problem with that.

One could say; del *.* /y is malicious.

--
Dave

Multi-AV -

John Doe · May 29, 2009

damn it - there went my hard drive! : }

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:%23gg$jaK4JHA.3304@TK2MSFTNGP06.phx.gbl...
> From: "Jordon" <jordon@REMOVEgrahamtrucking.com>
>
> | Richard Urban wrote:
>>> Please do not ask anyone to post potentially malicious software in these
>>> newsgroups!
>
> | He just suggested to post the contents of a batch file. Plain
> | text in a news group message isn't malicious.
>
> | --
> | Jordon
>
>
> Yes, the contets of a .BAT or .CMD is OK. No problem with that.
>
> One could say; del *.* /y is malicious.
>
> --
> Dave
>
> Multi-AV -
>
>

1PW · May 30, 2009

Richard Urban wrote:
> Please do not ask anyone to post potentially malicious software in these
> newsgroups!

Hello Richard:

Your point is well taken. If it's bad stuff, surely it would
propagate. If it's not, we might help the OP further. From my
standpoint it's a conundrum, so Virus Total /is/ obviously the better
step.

Thank you,

Pete
--
1PW @?6A62?FEH9E=6o2@=]4@> [r4o7t]

Richard Urban · May 30, 2009

Believe it or not, someone is liable to take that text and save it with
either a .cmd or a .bat extension and run it. (-:

I know several who are that stupid!

--

Richard Urban
Microsoft MVP
Windows Desktop Experience

"1PW" <barcrnahgjuvfgy@nby.pbz> wrote in message
news:gvqgqh$4e4$1@news.eternal-september.org...
> Richard Urban wrote:
>> Please do not ask anyone to post potentially malicious software in these
>> newsgroups!
>
> Hello Richard:
>
> Your point is well taken. If it's bad stuff, surely it would propagate.
> If it's not, we might help the OP further. From my standpoint it's a
> conundrum, so Virus Total /is/ obviously the better step.
>
> Thank you,
>
> Pete
> --
> 1PW @?6A62?FEH9E=6o2@=]4@> [r4o7t]

David H. Lipman · May 30, 2009

From: "Richard Urban" <richardurbanREMOVETHIS@hotmail.com>

| Believe it or not, someone is liable to take that text and save it with
| either a .cmd or a .bat extension and run it. (-:

| I know several who are that stupid!

| --

Chances are the .BAT will contain references to an external command that is malware that
does NOT exist outside the infected person's environment and therefore a 3rd party who
copies & pastes the contents of said .BAT would not be in trouble.

--
Dave

Multi-AV -

Richard Urban · May 30, 2009

Point taken!

--

Richard Urban
Microsoft MVP
Windows Desktop Experience

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:efmOa6R4JHA.1096@TK2MSFTNGP06.phx.gbl...
> From: "Richard Urban" <richardurbanREMOVETHIS@hotmail.com>
>
> | Believe it or not, someone is liable to take that text and save it with
> | either a .cmd or a .bat extension and run it. (-:
>
> | I know several who are that stupid!
>
> | --
>
> Chances are the .BAT will contain references to an external command that
> is malware that
> does NOT exist outside the infected person's environment and therefore a
> 3rd party who
> copies & pastes the contents of said .BAT would not be in trouble.
>
> --
> Dave
>
> Multi-AV -
>
>

John Doe · May 31, 2009

I need those as customers, talk about job security! : }

"Richard Urban" <richardurbanREMOVETHIS@hotmail.com> wrote in message
news:%23UcUfXP4JHA.4412@TK2MSFTNGP06.phx.gbl...
> Believe it or not, someone is liable to take that text and save it with
> either a .cmd or a .bat extension and run it. (-:
>
> I know several who are that stupid!
>
> --
>
> Richard Urban
> Microsoft MVP
> Windows Desktop Experience
>
>
> "1PW" <barcrnahgjuvfgy@nby.pbz> wrote in message
> news:gvqgqh$4e4$1@news.eternal-september.org...
>> Richard Urban wrote:
>>> Please do not ask anyone to post potentially malicious software in these
>>> newsgroups!
>>
>> Hello Richard:
>>
>> Your point is well taken. If it's bad stuff, surely it would propagate.
>> If it's not, we might help the OP further. From my standpoint it's a
>> conundrum, so Virus Total /is/ obviously the better step.
>>
>> Thank you,
>>
>> Pete
>> --
>> 1PW @?6A62?FEH9E=6o2@=]4@> [r4o7t]
>

Log in or Sign up

How to temove this bat file?

Claire Bennette Guest

1PW Guest

Richard Urban Guest

Jordon Guest

David H. Lipman Guest

John Doe Guest

1PW Guest

Richard Urban Guest

David H. Lipman Guest

Richard Urban Guest

John Doe Guest

Share This Page

Log in or Sign up

How to temove this bat file?

Claire Bennette Guest

1PW Guest

Richard Urban Guest

Jordon Guest

David H. Lipman Guest

John Doe Guest

1PW Guest

Richard Urban Guest

David H. Lipman Guest

Richard Urban Guest

John Doe Guest

Share This Page

Useful Searches