Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Anti Spyware Code Scam


  • Please log in to reply
2 replies to this topic

#1 Justice-4All

Justice-4All

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:17 PM

Posted 12 December 2017 - 03:44 AM

Hello all,

 

I was scammed in to purchasing antimalware online. The criminals now have full time a access to my computer through ShowMYPC and LogMeIn software. I have disconnected my computer from the internet and am using a different computer to go online now. Can anyone tell me what this code does? I have to followup with my credit card provider in the next couple of days and need as much information as I can get. Thank you so much.

 

Anti-SpyWare.BAT : Code Below
 
@echo off
ipconfig /all
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
echo:
echo:
echo:
 
echo Establishing connection to Firewall 
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
echo:
echo:
echo:
echo Done 
 
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
echo:
echo:
echo:
echo Checking Configuration 
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
echo:
echo:
echo:
echo Routing Ports
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
echo:
echo:
echo:
echo Done
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
echo:
echo:
echo:
echo Replacing Modules
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
echo:
echo:
echo:
echo 1 of 5..
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
echo:
echo:
echo:
echo 2 of 5..
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
echo:
echo:
echo:
echo 3 of 5..
echo:
echo:
echo:
echo Execution Attempt 1
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
echo:
echo:
echo:
echo Successful
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
echo:
echo:
echo:
echo 4 of 5..
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
echo:
echo:
echo:
echo 5 of 5..
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
 
echo:
echo:
echo:
echo Checking security
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
echo:
echo:
echo 6 of 6..
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
 
echo 7 layer firewall
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
echo:
echo:
echo Done
 
echo Windows MOdules Replaced.
 
Network Security.BAT : Code Below
 
@echo off
ipconfig /all
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
echo:
echo:
echo:
 
echo Establishing connection to Firewall 
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
echo:
echo:
echo:
echo Done 
 
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
echo:
echo:
echo:
echo Checking Configuration 
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
echo:
echo:
echo:
echo Routing Ports
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
echo:
echo:
echo:
echo Done
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
echo:
echo:
echo:
echo Replacing Modules
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
echo:
echo:
echo:
echo 1 of 5..
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
echo:
echo:
echo:
echo 2 of 5..
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
echo:
echo:
echo:
echo 3 of 5..
echo:
echo:
echo:
echo Execution Attempt 1
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
echo:
echo:
echo:
echo Successful
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
echo:
echo:
echo:
echo 4 of 5..
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
echo:
echo:
echo:
echo 5 of 5..
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
 
echo:
echo:
echo:
echo Checking security
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
echo:
echo:
echo 6 of 6..
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
 
echo 7 layer firewall
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
pathping localhost -q 2 -p 250 > nul
echo:
echo:
echo Done
 
echo Windows MOdules Replaced.
 
Registry Cleaner.BAT : Code Below
 
@echo off
FOR /F "tokens=1,2*" %%V IN ('bcdedit') DO SET adminTest=%%V
IF (%adminTest%)==(Access) goto noAdmin
for /F "tokens=*" %%G in ('wevtutil.exe el') DO (call :do_clear "%%G")
echo.
echo goto theEnd
:do_clear
echo clearing %1
wevtutil.exe cl %1
goto :eof
:noAdmin
exit
 

 



BC AdBot (Login to Remove)

 


#2 RecursiveNerd

RecursiveNerd

  • Malware Study Hall Junior
  • 235 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Louisville, KY
  • Local time:11:17 PM

Posted 12 December 2017 - 11:48 AM

I would suggest looking here for help: https://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/

 

Make sure to read the subforum rules before posting there.

 

As far as the bat files are concerned, echo is just a way for the bat file to write text out to the standard stream (so text will show in a command prompt). PathPing is just ping and tracert on steroids. It just lists out paths to get to a certain IP. They're all doing the same thing: pathping localhost (so pinging yourself) -q (number of queries, 2) -p (period wait between pings, so it waits 250 miliseconds). It's literally doing nothing in those bat files.

 

Wevtutil is just the windows event log utility. The Registry Cleaner.Bat is just clearing windows event log entries.



#3 Justice-4All

Justice-4All
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:17 PM

Posted 15 December 2017 - 10:32 PM

Thank you so much RecursiveNerd. Your information is exactly what I needed and I made my deadline. I will check your recommended link. Thanks again.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users