Posted 29 July 2006 - 06:37 AM
Again last night searching around in C:\WINDOWS....2 batch files...tmpcpyis.bat and tmpdelis.bat....i searched tmpcpyis.bat and its supposed to delete temporarys or open temporarys or something...then i searched tmpdelis..virus apparently? Used jotti,norton,and NOD32 as well i ran all my scanners last night and showed up nothing. its supposofly this virus called bat_dmenu.a. Not To mention if it is a virus NOD32 would have picked it up as its in its virus definitons. its also supposed to be the Ameisco(i think thats how you spell it?) Keylogger and i doubt that quite highly..and last but not least W32.Alcarys.B which wasnt picked up..i waz getting tired of reading so many diffrent suggestions so i decided to look at its text which was
"@if exist C:\WINDOWS\tmpcpyis.bat del C:\WINDOWS\tmpcpyis.bat
@if exist C:\WINDOWS\winstart.bat C:\WINDOWS\winstart.bat"
i think all its doing is telling it on restart to delete tmpcpyis.bat and execute winstart...doesent look too malicious...i'll show you tmpcpyis's
@if exist C:\WINDOWS\winstart.bat del C:\WINDOWS\winstart.bat
thaat kinda looks malicious...is it saying: (tmpcpyis is first batch,tmpdelis second,and winstart is third) delete winstart.bat and execute tmpdelis.bat which will delete tmpcpyis.bat which is supposed to execute winstart.bat? but isnt it deleted? does it remake it? i have no clue but this looks malicious so id like your help please.