antiviruscoder Posted July 12, 2007 Share Posted July 12, 2007 Ok, My friend resently had a problem where they got this installation for some audio program that, when they ran it, it activiated a batch virus without there permission and deleted notepad, several of the internet explorer files, tried to remove explorer.exe (thank god it couldnt) and then atempted to delete itslelf. It failed to remove explorer.exe because of a typo and same for trying to remove itself. the typo for explorer was (de; explorer.exe) instead of (del explorer.exe). My point is, that brought me to the realisation that people need something to detect the running of batch files. Only problem is, I have no idea how to do it. I want to include it in my antivirus and if you anyone could build a program to detect the running of a batch file and ask the user wether or not to allow it. If anyone could i would be glad to give them credit. Please include a source code so I can see how this is done. thx for the help [center][spoiler]My little joke!!!![/spoiler][/center][center]!!!!!!!!!!!!!!!!!!!!!!!!!!!!![/center][center]Best code site ever[/center][center]!!!!!!!!!!!!!!!!!!!!!!!!!!!!![/center][center][spoiler]My litte joke!!!![/spoiler][/center] Link to comment Share on other sites More sharing options...
martin Posted July 12, 2007 Share Posted July 12, 2007 (edited) Ok, My friend resently had a problem where they got this installation for some audio program that, when they ran it, it activiated a batch virus without there permission and deleted notepad, several of the internet explorer files, tried to remove explorer.exe (thank god it couldnt) and then atempted to delete itslelf. It failed to remove explorer.exe because of a typo and same for trying to remove itself. the typo for explorer was (de; explorer.exe) instead of (del explorer.exe).My point is, that brought me to the realisation that people need something to detect the running of batch files. Only problem is, I have no idea how to do it. I want to include it in my antivirus and if you anyone could build a program to detect the running of a batch file and ask the user wether or not to allow it. If anyone could i would be glad to give them credit. Please include a source code so I can see how this is done. thx for the helpMight be easier to delete or rename the *.bat key in HKEY_CLASSES_ROOT. Possible set it so that a bat file is run by a checker program, and if it's ok then allow it to run.Edit:Second thoughts, this will only stop people running bat files by clicking on them. When a bat file runs there is an instance of cmd.exe but I don't know how you can tell if this is a bat file being run. Even if you could detect the bat file running, it might have started an exe by the time you stop it. Sounds tricky to me unless you stop any cmd.exe. Edited July 12, 2007 by martin Serial port communications UDF Includes functions for binary transmission and reception.printing UDF Useful for graphs, forms, labels, reports etc.Add User Call Tips to SciTE for functions in UDFs not included with AutoIt and for your own scripts.Functions with parameters in OnEvent mode and for Hot Keys One function replaces GuiSetOnEvent, GuiCtrlSetOnEvent and HotKeySet.UDF IsConnected2 for notification of status of connected state of many urls or IPs, without slowing the script. Link to comment Share on other sites More sharing options...
Uten Posted July 12, 2007 Share Posted July 12, 2007 Why do I get the feeling this audio program was not a commonly credited program? Why do people "test" stuff on their uncredited software (cracked installer I suppose) on their live system is beyond me. So in essence, why not tell your friend it is a lesson not to trust arbitrary stuff, rather than limit the system? Maybe show him how to run as a restricted user? Please keep your sig. small! Use the help file. Search the forum. Then ask unresolved questions :) Script plugin demo, Simple Trace udf, TrayMenuEx udf, IOChatter demo, freebasic multithreaded dll sample, PostMessage, Aspell, Code profiling Link to comment Share on other sites More sharing options...
CSP Posted July 12, 2007 Share Posted July 12, 2007 (edited) So in essence, why not tell your friend it is a lesson not to trust arbitrary stuff, rather than limit the system? Maybe show him how to run as a restricted user?Well said. Or try having a clean VM for testing of dubious stuff.Learn what not to click on; it's not that hard =) Edited July 12, 2007 by CSP Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now