someone to build program

[antiviruscoder]

Ok, My friend resently had a problem where they got this installation for some audio program that, when they ran it, it activiated a batch virus without there permission and deleted notepad, several of the internet explorer files, tried to remove explorer.exe (thank god it couldnt) and then atempted to delete itslelf. It failed to remove explorer.exe because of a typo and same for trying to remove itself. the typo for explorer was (de; explorer.exe) instead of (del explorer.exe).

My point is, that brought me to the realisation that people need something to detect the running of batch files. Only problem is, I have no idea how to do it. I want to include it in my antivirus and if you anyone could build a program to detect the running of a batch file and ask the user wether or not to allow it. If anyone could i would be glad to give them credit. Please include a source code so I can see how this is done.

thx for the help

[martin]

Ok, My friend resently had a problem where they got this installation for some audio program that, when they ran it, it activiated a batch virus without there permission and deleted notepad, several of the internet explorer files, tried to remove explorer.exe (thank god it couldnt) and then atempted to delete itslelf. It failed to remove explorer.exe because of a typo and same for trying to remove itself. the typo for explorer was (de; explorer.exe) instead of (del explorer.exe).

My point is, that brought me to the realisation that people need something to detect the running of batch files. Only problem is, I have no idea how to do it. I want to include it in my antivirus and if you anyone could build a program to detect the running of a batch file and ask the user wether or not to allow it. If anyone could i would be glad to give them credit. Please include a source code so I can see how this is done.

thx for the help

Might be easier to delete or rename the *.bat key in HKEY_CLASSES_ROOT. Possible set it so that a bat file is run by a checker program, and if it's ok then allow it to run.

Edit:

Second thoughts, this will only stop people running bat files by clicking on them. When a bat file runs there is an instance of cmd.exe but I don't know how you can tell if this is a bat file being run. Even if you could detect the bat file running, it might have started an exe by the time you stop it. Sounds tricky to me unless you stop any cmd.exe.

Edited July 12, 2007 by martin

[Uten]

Why do I get the feeling this audio program was not a commonly credited program?

Why do people "test" stuff on their uncredited software (cracked installer I suppose) on their live system is beyond me.

So in essence, why not tell your friend it is a lesson not to trust arbitrary stuff, rather than limit the system? Maybe show him how to run as a restricted user?

[CSP]

So in essence, why not tell your friend it is a lesson not to trust arbitrary stuff, rather than limit the system? Maybe show him how to run as a restricted user?

Well said. Or try having a clean VM for testing of dubious stuff.

Learn what not to click on; it's not that hard =)

Edited July 12, 2007 by CSP