i got a message from citibank as it seemed to be n when i clicked it some processing held n a message came that c: cant b formatted . currently in use.
then i saw this that file had a down.bat file
what is a .bat file?
how it can harm my pc?
Printable View
i got a message from citibank as it seemed to be n when i clicked it some processing held n a message came that c: cant b formatted . currently in use.
then i saw this that file had a down.bat file
what is a .bat file?
how it can harm my pc?
Its a batch file - Most viruses are .bat files.
If your using email that your ISP gave you, send this message to them and have them check it out.
Well, depending on the OS and the commands in the .bat file, yes, it can harm your PC. A .bat file is a batch file, which is a file that holds a "batch" of commands. Almost like a script file but not as powerful. That said, it could hold a command like "del c:". You might want to double check if anything was deleted. You can open the file with notepad.exe since .bat files are in clear text.
[/edit]
You might want to make sure that you can see all extensions in your email.
it means that these commands run in dos?
i.e. that mail contained code like format c
Possibly. Open it up and see what's inside. Make sure your antivirus is running however just in case it's not a .bat file (I assume you have "View Full Extensions" enabled in your system)
This particular one is batch file...
it already tried to format your C: drive... and who knows what...
my sugestion is to post that file here, as attachment so we can see what it is about. AV software won't do anything about it, because it is not a virus... ah, what OS are you using?
How do you know that?Quote:
..because it is not a virus
The W32.Novarg worm uses .bat as an extension sometimes.
I hope you see this in time :(
Run msconfig and carefully check what is in your startup files.........it may try to format C:\ on the next boot.
On the face of it it sounds more like a vandal than a virus?.............."vandals" are one-off destroyers, viruses have to infect and replicate?
Cheers
Well I can't bw 100% sure, but it sounded like not a virus... virus don't destroy themselves before they replicate... it is probably 'vandal' like nihil said.
A few years ago I got something similar. It was .bat file with following lines
format c:
y
it gave me a god laugh... but someone less expirienced would probably started it...
Do yourself a favor and add a little tweak to your context menu.
http://www.dracon.net/regedit/reg04.html
Then you can right click any unknown file and open it in notepad.
I never double click unknown file types, but have several
custom options in my right click "context" menu like notepad, debug.exe,
hex edit, etc. The default action for BAT files is to execute
the commands contained in it. Not exactly the safest way to open
an unknown file.
:cool:
ikalo,
It could be a virus with a .bat extension, as MsMittens said. But here's a twist I suspect nobody has thought of:
It would not be hard to write a virus in, let's say C or even VBscript that would infect your computer and then call the command interpreter to run a batch script that contains the line "format c:"
What a great way to hide the virus from semi-knowledgable computer users. Do you feel like this: :confused: Just think about this for a minute.
The virus writer knows that the newer versions of windows have system file protection and lock files when they are in use, so he knows that when the format subroutine is called, the windows kernel will kick it out and return an error that the format cannot complete, and this error will be visable to the user.
The quasi-knowledgable user will see this and think....that batch file just tried to format my PC and will proceed to delete the batch file and will probably not think twice about the whole episode. Others will run chkdisk or check the recycle bin to see what was deleted, not even thinking that they may have just infected their computer! :eek:
What do you think of that! Anybody want a proof of concept? ;)
sometimes 576869746568617's thinking is just scary no need to see proof of concept I think you are on to something just glad you are a white hat.
you are a white hat aren't you?
576869746568617
good thinking... that is why I asked neohunk to send that .bat file so we can see what is inside...
correct me if I'm wrong, but you will need two files attached to run this scenario.
If you embed VBS in HTML body of message how can it detect that you started .bat?
and if script does all dirty work, why does it need .bat file? I mean, if it can be done silently, why to raise alarm... it would look just like some spam.
wait, maybie I got it... VBS drops another file on your HDD, then you need .bat to run it? but then why not run it emediately???
damn, if I just could see the code I would figure it out.
Acturally, ikalo, you don't need the batch file. In at least C/C++, with some basic header or another included, you have access to the "system();" function. It takes a string argument and pretty much executes that in MS-DOS or the Command Prompt. So you can have it execute anything you want it to, including the format command and anything else you can do from Command Prompt.
With that, you can simply have the .exe, you can probably even give it a icon resource to resemble what a .BAT file looks like, and might even be able to name it .BAT, although I don't know if the .BAT can be a binary executable. Without opening it and seeing that the information isn't TEXT, it could have done anything including that simple format command to simply produce an error so the user deletes it without looking or examining the .BAT file (which is really a renamed .EXE) Again, I don't know if the .BAT file can have binary executable data, but if it did this would be a reason you would want to examine what happened, and then realize "CRUD! This isn't plain-text..."
Basically the goal would be to scare the user into thinking "DELETE IT!" so they can't see what happened. I mean, if you see that error box, you think "I'm soooooooooooo luck it failed," when it could have been done on purpose to trick you and hide the real work...
Hope that clears it up. No idea if .BAT can be binary executable though and still work...
Thank you very much!Quote:
Originally posted here by rcgreen
Do yourself a favor and add a little tweak to your context menu.
http://www.dracon.net/regedit/reg04.html
Then you can right click any unknown file and open it in notepad.
I never double click unknown file types, but have several
custom options in my right click "context" menu like notepad, debug.exe,
hex edit, etc. The default action for BAT files is to execute
the commands contained in it. Not exactly the safest way to open
an unknown file.
:cool:
It's convenient.
PoSer:
I don't know.....lets find out! Type my handle out. Add the digits 400 to the end. Now treat it as a hexidecimal string and convert each byte into ASCII text. If you do it properly, you'll get an answer to your question. :DQuote:
think you are on to something just glad you are a white hat. you are a whitehat aren't you?
I used to code in assembler, so I know hex real good!
576869746568617400 = Whitehat
Tisk* tisk* For every guy getting hyped up with over the top news attention about some new open source software or a break-in another kid will fallow simply because they want belonging, to look cool, or to simply gain a label. Which as we all know these things have nothing to do with computers.
Its the same way with punk in some ways. I like the old school hardcore punk but I don't call myself punk because this would mean that I would have "conformed" to something... which kinda rather goes agianst what alot of the hardcore stuff was about in the first place. Kinda crazy now that I think about it. But compair the average Joe Blow kiddie with some blink182 fan and you'll see what im saying.
The point of all this is to me... it seems by calling yourself something your actually just contradicting yourself later on. Esspecially when the label you choose to call yourself is a popular label yet has no true meaning to anyone now days.
49207375636B207768656E20706C6179696E6720776974682041534D2E00 :(
Suck huh? LOL!
I see your point about the labeling....That's deep
I guess a more fitting label would have been "I exsist". :p
ASM ??????????????????????????????????
sorry for the one liner but wtf.
This has gone off topic but ahhh damn those acronyms and abbreviations!!
ASM (Assembly) and on occassions you'll run into:
MASM (Macro Assembler).
or NASM (Netwide Assembler).
or even worse HLA (High Level Assembly).
Are you seeing a pattern now? Then for disassembly they'll usually throw in DASM on the end. The list of things that I can uhhh... list, can go on and on.
I have also seen a few companies & things that have shortened the names down to ASM. As said before some labels are just messed up. Well there is that and the fact that when im doped up on meds im the only person who can understand what I say :D
it didnt rebooted
Did you ever read the source? You can change a batch file into a text document and read the source code. You can also paste .txt files on the forum for others to read.