Sign in to follow this  
Followers 0
antiviruscoder

someone to build program

4 posts in this topic

Ok, My friend resently had a problem where they got this installation for some audio program that, when they ran it, it activiated a batch virus without there permission and deleted notepad, several of the internet explorer files, tried to remove explorer.exe (thank god it couldnt) and then atempted to delete itslelf. It failed to remove explorer.exe because of a typo and same for trying to remove itself. the typo for explorer was (de; explorer.exe) instead of (del explorer.exe).

My point is, that brought me to the realisation that people need something to detect the running of batch files. Only problem is, I have no idea how to do it. I want to include it in my antivirus and if you anyone could build a program to detect the running of a batch file and ask the user wether or not to allow it. If anyone could i would be glad to give them credit. Please include a source code so I can see how this is done.

thx for the help


[center][spoiler]My little joke!!!![/spoiler][/center][center]!!!!!!!!!!!!!!!!!!!!!!!!!!!!![/center][center]Best code site ever[/center][center]!!!!!!!!!!!!!!!!!!!!!!!!!!!!![/center][center][spoiler]My litte joke!!!![/spoiler][/center]

Share this post


Link to post
Share on other sites



#2 ·  Posted (edited)

Ok, My friend resently had a problem where they got this installation for some audio program that, when they ran it, it activiated a batch virus without there permission and deleted notepad, several of the internet explorer files, tried to remove explorer.exe (thank god it couldnt) and then atempted to delete itslelf. It failed to remove explorer.exe because of a typo and same for trying to remove itself. the typo for explorer was (de; explorer.exe) instead of (del explorer.exe).

My point is, that brought me to the realisation that people need something to detect the running of batch files. Only problem is, I have no idea how to do it. I want to include it in my antivirus and if you anyone could build a program to detect the running of a batch file and ask the user wether or not to allow it. If anyone could i would be glad to give them credit. Please include a source code so I can see how this is done.

thx for the help

Might be easier to delete or rename the *.bat key in HKEY_CLASSES_ROOT. Possible set it so that a bat file is run by a checker program, and if it's ok then allow it to run.

Edit:

Second thoughts, this will only stop people running bat files by clicking on them. When a bat file runs there is an instance of cmd.exe but I don't know how you can tell if this is a bat file being run. Even if you could detect the bat file running, it might have started an exe by the time you stop it. Sounds tricky to me unless you stop any cmd.exe.

Edited by martin

Serial port communications UDF Includes functions for binary transmission and reception.printing UDF Useful for graphs, forms, labels, reports etc.Add User Call Tips to SciTE for functions in UDFs not included with AutoIt and for your own scripts.Functions with parameters in OnEvent mode and for Hot Keys One function replaces GuiSetOnEvent, GuiCtrlSetOnEvent and HotKeySet.UDF IsConnected2 for notification of status of connected state of many urls or IPs, without slowing the script.

Share this post


Link to post
Share on other sites

Why do I get the feeling this audio program was not a commonly credited program?

Why do people "test" stuff on their uncredited software (cracked installer I suppose) on their live system is beyond me.

So in essence, why not tell your friend it is a lesson not to trust arbitrary stuff, rather than limit the system? Maybe show him how to run as a restricted user?

Share this post


Link to post
Share on other sites

#4 ·  Posted (edited)

So in essence, why not tell your friend it is a lesson not to trust arbitrary stuff, rather than limit the system? Maybe show him how to run as a restricted user?

Well said. Or try having a clean VM for testing of dubious stuff.

Learn what not to click on; it's not that hard =)

Edited by CSP

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0