Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Make an anti-virus via notepad


  • Please log in to reply
13 replies to this topic

#1 Tafoya

Tafoya

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bakersfield, CA
  • Local time:08:15 AM

Posted 25 October 2010 - 12:10 AM

I'm sorry if this is the wrong board. This is the closest board I could find to my question.

I want to make a .bat file that deletes known viruses and worms in the system32 file. I'm about 100 lines into it but when I save it onto my desktop and try to run it first thing is that my AVG is saying it's a worm and wants me to add it to my vault, so how do I stop that. Second is it's saying I do not have permission to acess the file,path or device. How do I get acess to it.. I'm on my only account and it's an admin with full rights. Thanks!

Edited by Tafoya, 25 October 2010 - 04:38 AM.


BC AdBot (Login to Remove)

 


#2 Platypus

Platypus

  • Moderator
  • 13,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:11:15 PM

Posted 25 October 2010 - 03:57 AM

I'm afraid that would be like trying to build a battle tank out of cardboard.

Top 5 things that never get done:

1.


#3 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:07:15 AM

Posted 25 October 2010 - 06:40 AM

I want to make a .bat file that deletes known viruses and worms in the system32 file

Just so you are aware, there is more to malware removal than just deleting some files. There are also often registry keys, etc that go along with it. Still, I suppose it is possible, just not a very efficient way to go about it.

I have no idea what operating system you are running, but the Windows folder is a protected folder. Any read-writes that take place have to be done by processes with administrative rights. Just because you have admin rights does not mean that the file you created does. A couple things to think about. What happens if there is a problem with your file and you do actually get it to run? You could accidentally brick your system. Another thing is messing around with permissions is a god way to open your system up in ways you can never imagine. I say that because if you are trying to go about removing malware with .bat files, then you don't exactly understand the environment in which you are trying to work.

If you are going to go about doing this, set up a virtual machine on your system and work with that. If you wreck that, you can easily restore an image. Not so much if you brick your entire computer.

Your anti-virus is behaving exactly as it should. It is letting you know that an unauthorized file is trying to do file manipulation in a place where it has no business doing so. I am not sure if AVG has a setting to ignore certain fies or not.

#4 Romeo29

Romeo29

    Learning To Bleep


  • BC Advisor
  • 3,194 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:127.0.0.1
  • Local time:08:15 AM

Posted 25 October 2010 - 11:32 AM

That strategy is effective only if you are sure that a computer is infected by a certain malware program and you know what changes that particular malware program makes to files, folders, registry etc.

#5 Tafoya

Tafoya
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bakersfield, CA
  • Local time:08:15 AM

Posted 25 October 2010 - 06:45 PM

I want to make a .bat file that deletes known viruses and worms in the system32 file

Just so you are aware, there is more to malware removal than just deleting some files. There are also often registry keys, etc that go along with it. Still, I suppose it is possible, just not a very efficient way to go about it.

I have no idea what operating system you are running, but the Windows folder is a protected folder. Any read-writes that take place have to be done by processes with administrative rights. Just because you have admin rights does not mean that the file you created does. A couple things to think about. What happens if there is a problem with your file and you do actually get it to run? You could accidentally brick your system. Another thing is messing around with permissions is a god way to open your system up in ways you can never imagine. I say that because if you are trying to go about removing malware with .bat files, then you don't exactly understand the environment in which you are trying to work.

If you are going to go about doing this, set up a virtual machine on your system and work with that. If you wreck that, you can easily restore an image. Not so much if you brick your entire computer.

Your anti-virus is behaving exactly as it should. It is letting you know that an unauthorized file is trying to do file manipulation in a place where it has no business doing so. I am not sure if AVG has a setting to ignore certain fies or not.


Sorry, I did not explain in full. It is going to point to all known places where the malware or virus is known to hide i.e system32 or yes the Reg. I already have an image of my OS for this computer, it's Win7 32bit.

Romeo29- It's going to be a .bat turned into an exe, it will run and if the files the .bat are looking for are not their it will do nothing, I am creating this just so I am able to scan computer and remove most if not all of the malware/ virus with it. I've already tested this on my computer and my laptop


So a new question, if anyone can answer it. Does anyone know how to add a choice option for the user using the .bat such as
choice 1=start choice 2=exit and make them each do what they say they're supposed to.

Edited by Tafoya, 25 October 2010 - 06:46 PM.


#6 Eyesee

Eyesee

    Bleepin Teck Shop


  • BC Advisor
  • 3,539 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:In the middle of Kansas
  • Local time:08:15 AM

Posted 27 October 2010 - 06:08 PM

Its been a long time since I have done this but I believe it was if errorlevel
If you google it you will find lots on it
In the beginning there was the command line.

#7 VoidX789

VoidX789

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:15 AM

Posted 01 November 2010 - 05:36 PM

Just out of curiousity, will you post the code here or give me a link where it was found? I think it would be an interesting thing to look at, and perhaps I will diddle around with it a bit.
Welcome to the Void of Insanity
Posted Image

#8 Minh Triet Pham Tran

Minh Triet Pham Tran

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:15 AM

Posted 07 January 2012 - 05:17 PM

I'm sorry if this is the wrong board. This is the closest board I could find to my question.

I want to make a .bat file that deletes known viruses and worms in the system32 file. I'm about 100 lines into it but when I save it onto my desktop and try to run it first thing is that my AVG is saying it's a worm and wants me to add it to my vault, so how do I stop that. Second is it's saying I do not have permission to acess the file,path or device. How do I get acess to it.. I'm on my only account and it's an admin with full rights. Thanks!


I think you should forget this idea.
Batch file execution in Windows depends on cmd.exe, it could not remove all the malware which you want to delete.
If you think technology can solve your security problems, then you don't understand the problems and you don't understand the technology. Bruce Schneier

#9 ident

ident

  • Members
  • 109 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cambridge
  • Local time:09:15 AM

Posted 08 January 2012 - 09:34 AM

How does the batch file know the file is even infected?

#10 Minh Triet Pham Tran

Minh Triet Pham Tran

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:15 AM

Posted 08 January 2012 - 12:44 PM

How does the batch file know the file is even infected?


Some people use the path & filename, file size to know some file is infected.
This way is not based on signature which antivirus programs base on and could provide false detections & removals.
If you think technology can solve your security problems, then you don't understand the problems and you don't understand the technology. Bruce Schneier

#11 ident

ident

  • Members
  • 109 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cambridge
  • Local time:09:15 AM

Posted 09 January 2012 - 01:18 PM


How does the batch file know the file is even infected?


Some people use the path & filename, file size to know some file is infected.
This way is not based on signature which antivirus programs base on and could provide false detections & removals.


That didn't answer my question. I already knew the answer. This route could lead to issues and is not an Anti virus.

#12 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,638 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:15 PM

Posted 12 January 2012 - 07:02 AM

I'm on my only account and it's an admin with full rights. Thanks!


You have to elevate.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#13 DavidWJ

DavidWJ

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:15 AM

Posted 20 February 2012 - 02:20 AM

Why don't you download combofix.exe winrar or uniextract will separate the components out for you and once you understand all that is involved you might have an idea of the complexity of the situation that you are confronting. a Batch file is useless against rootkits, Don't forget that you will have to be active in the anti-virus community and keep at it daily or your 'batch file.exe' will quickly become out of date.

#14 UserUnknown

UserUnknown

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 09 March 2014 - 08:50 PM

 

 

So a new question, if anyone can answer it. Does anyone know how to add a choice option for the user using the .bat such as
choice 1=start choice 2=exit and make them each do what they say they're supposed to.

I Can answer that

============Text Below============

SET /P M=Type 1, 2, 3, 4, or 5 then press ENTER:
IF %M%==1 GOTO A
IF %M%==2 GOTO B
IF %M%==3 GOTO C
IF %m%==4 GOTO D
IF %M%==5 GOTO Exit
==============Text above=============





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users