Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My program detected as a virus?


  • Please log in to reply
11 replies to this topic

#1 Vaine

Vaine

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Somewhere in NewYork
  • Local time:06:08 AM

Posted 28 August 2009 - 11:43 AM

Alright, I keep getting booted from AOL because my network was failing at the time, but I made a simple batch file and converted it to an .exe file and then it was detected a virus.

Here is the code.::


[codebox]@echo off
title AOL Process Terminator
color 0a
:A
cls

echo Welcome to the AOL Process Terminator. Please note that this will end AOL's
echo processes.
pause
cls

ECHO Choose from the following options:
echo.
echo.
Echo 1. Stop AOL Main Window (AOL Will restart)
echo 2. Stop the AOL Tray Icon
echo 3. Stop the connection service
echo 4. Stop all three above (AOL will restart)
echo 5. Stop everything (AOL Will not restart)
echo 6. Exit AOL Terminator
echo.
echo.
set /p choice=Option:
if '%choice%'=='1' goto B
if '%choice%'=='2' goto c
if '%choice%'=='3' goto D
if '%choice%'=='4' goto E
if '%choice%'=='5' goto F
if '%choice%'=='6' goto G

:B
cls
TASKKILL /F /IM "waol.exe"
pause
goto A

:C
cls
TASKKILL /F /IM "aolsoftware.exe"
pause
goto A

:D
cls
TASKKILL /F /IM "AOLacsd.exe"
pause
goto A

:E
cls
TASKKILL /F /IM "waol.exe"
TASKKILL /F /IM "aolsoftware.exe"
TASKKILL /F /IM "AOLacsd.exe"
TASKKILL /F /IM "aoltpsd3.exe"
pause
goto A

:f
Cls
:E
cls
TASKKILL /F /IM "waol.exe"
TASKKILL /F /IM "aolsoftware.exe"
TASKKILL /F /IM "AOLacsd.exe"
TASKKILL /F /IM "shellrestart.exe
TASKKILL /F /IM "aoltpsd3.exe"
pause
goto A

:G
exit[/codebox]


I also want it to let me RUN C\Program files\Aol\Waol.exe

BC AdBot (Login to Remove)

 


#2 ThunderZ

ThunderZ

  • Deactivated
  • 4,454 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:08 AM

Posted 28 August 2009 - 12:00 PM

Your best course of action would probably be to submit it to your AV company as a FP = false positive. They will analyze it and if deem`d safe adjust their signature data base with in the next couple of updates pushed out to clients.

#3 Vaine

Vaine
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Somewhere in NewYork
  • Local time:06:08 AM

Posted 28 August 2009 - 12:03 PM

I scanned it on Jotti and almost everything detected the EXE as a virus...and about 3 with the .bat as a virus

#4 ThunderZ

ThunderZ

  • Deactivated
  • 4,454 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:08 AM

Posted 28 August 2009 - 12:13 PM

Not a programmer.

At this point I would not worry about every AV program, only the particular one you use on the machine you plan to run it on.

Did any of the detections give it a name? Since you just wrote it I am guessing it was detected by heuristics. Meaning for what it may be capable of doing not for what you intend it to do or that it has already been seen in the wild.

Perhaps adding it to the ignore list of your AV is a workable solution for your personal use.

#5 Axephilic

Axephilic

    MRU Graduate


  • Members
  • 224 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wisconsin, US
  • Local time:04:08 AM

Posted 28 August 2009 - 02:25 PM

It's a false positive that is picked up by the heuristics of the AVs. Add it to your AV's ignore list, ThunderZ was correct. :thumbsup:

On the programming side, I'm not sure if it would work.

:E
cls
TASKKILL /F /IM "waol.exe"
TASKKILL /F /IM "aolsoftware.exe"
TASKKILL /F /IM "AOLacsd.exe"
TASKKILL /F /IM "shellrestart.exe"<------- was missing last "
TASKKILL /F /IM "aoltpsd3.exe"
pause


Also take a look at the /t command for taskkill. It may prove useful to you if the program won't work as it is currently.

To start AOL again, you can use this command:

start "" "C:\Program files\Aol\Waol.exe"

That should work.

Regards,
Adam

Edited by Axephilic, 28 August 2009 - 02:29 PM.

Proud to be a Graduate of Malware Removal University - I am a member of:
Posted Image Posted Image

If I helped you, please consider a donation: Posted Image

#6 ThunderZ

ThunderZ

  • Deactivated
  • 4,454 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:08 AM

Posted 28 August 2009 - 02:32 PM

Thank you for the confirmation Adam. :thumbsup:

It was a semi-educated guess. :flowers:

#7 Vaine

Vaine
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Somewhere in NewYork
  • Local time:06:08 AM

Posted 28 August 2009 - 04:37 PM

I see. The shell restart I need to have it so that it kills it but after a pause upon that option to kill it, because that .exe takes a while to realize that AOL 'Crashed', its a delayed response.

#8 Vaine

Vaine
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Somewhere in NewYork
  • Local time:06:08 AM

Posted 28 August 2009 - 04:47 PM

Here is a revised and edited code:

@echo off
title AOL Process Terminator
color 0a
:A
cls

echo			  Welcome to the AOL Process Terminator BETA 1.0.   
echo. 
echo.
echo			 Please note: This program will end AOL's processes.
pause
cls

ECHO Choose from the following options:
echo.
echo.
Echo 1. Stop AOL Main Window (AOL Will restart)
echo 2. Stop the AOL Tray Icon 
echo 3. Stop the connection service
echo 4. Stop all three above (AOL will restart)
echo 5. Stop everything (AOL Will not restart)
echo 6. Restart AOL
echo 7. Exit AOL Terminator
echo.
echo.
set /p choice=Option:  
if '%choice%'=='1' goto B
if '%choice%'=='2' goto c
if '%choice%'=='3' goto D
if '%choice%'=='4' goto E
if '%choice%'=='5' goto F
if '%choice%'=='6' goto G
if '%choice%'=='7' goto H

:B
cls
TASKKILL /F /IM "waol.exe"
pause 
goto A

:C
cls
TASKKILL /F /IM "aolsoftware.exe"
pause
goto A

:D
cls
TASKKILL /F /IM "AOLacsd.exe"
pause
goto A

:E
cls
TASKKILL /F /IM "waol.exe"
TASKKILL /F /IM "aolsoftware.exe"
TASKKILL /F /IM "AOLacsd.exe"
TASKKILL /F /IM "aoltpsd3.exe"
pause
goto A

:f
Cls
:E
cls
TASKKILL /T /IM "waol.exe"
TASKKILL /T /IM "aolsoftware.exe"
TASKKILL /T /IM "AOLacsd.exe"
TASKKILL /T /IM "aoltpsd3.exe"
pause
TASKKILL /T /IM "shellrestart.exe
pause
goto A

:G
cls
echo.Starting...
start "" "C:\Program files\AOL 9.1\Waol.exe"
pause
goto A

:H
exit


#9 Romeo29

Romeo29

    Learning To Bleep


  • BC Advisor
  • 3,194 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:127.0.0.1
  • Local time:05:08 AM

Posted 29 August 2009 - 01:46 PM

I saved your first code on my computer, Avira Antivir did not detect it as virus. Changed extension to EXE, no detection.
I uploaded the file to VirusTotal.com, 0% detection.

Here is the VirusTotal result : http://www.virustotal.com/analisis/371d124...ba27-1251571267

#10 Vaine

Vaine
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Somewhere in NewYork
  • Local time:06:08 AM

Posted 05 September 2009 - 10:58 AM

I used Jotti and it found viruses

#11 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:08 AM

Posted 05 September 2009 - 02:54 PM

Hello.

I'm am almost certain it is the compiler that is causing the issue.

Because malicious code can be put into the batch script, AV heuristics flag the file.

What compiler are you using, please? Is there a particular reason you want to convert to .exe?

With Regards,
The Panda

#12 Vaine

Vaine
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Somewhere in NewYork
  • Local time:06:08 AM

Posted 11 September 2009 - 08:28 AM

I am using this

http://www.abyssmedia.com/quickbfc/

The reason why I want it in an EXE is because it makes it uneditable




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users