MS-DOS Batch File on desktop

Computing.Net > Forums > Windows Me > MS-DOS Batch File on desktop

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

MS-DOS Batch File on desktop

Name: Mark122
Date: September 20, 2003 at 10:05:35 Pacific
OS: Windows ME
CPU/Ram: Pentium2/160MB RAM

Comment:

Hello...A "MS-DOS Batch File" icon suddenly appeared on my desktop; it's NOT a shortcut and it's functional.
The only recent changes I have made was downloading freeware; i.e. Divx players.
Anyone know how this happens/should I move this somewhere else/delete it, or...?
Thank you in advance...

Sponsored Link

Ads by Google

Response Number 1

Name: wawadave
Date: September 20, 2003 at 10:14:42 Pacific

Reply:

hello
scan your computer for spyware.d/l spybot search and destroy,update it,run it try these scans also
free trojin scan
http://www.trojanscan.com/trojanscan/scanner.htm
panda scan
http://www.pandasoftware.es/activescan/
housecall
http://housecall.trendmicro.com/housecall/start_corp.asp
nrav av
http://www.ravantivirus.com/scan/
avast cleaning tool
http://www.avast.com/i_idt_171.html
mcafee avert stinger
http://vil.nai.com/vil/stinger/
scans for open trojin ports
http://scan.sygate.com/pretrojanscan.html

Response Number 2

Name: SkipCox
Date: September 20, 2003 at 10:15:57 Pacific

Reply:

What is the name of the batch file?
Rt click on icon...click on properties.

Response Number 3

Name: Viking
Date: September 20, 2003 at 10:22:55 Pacific

Reply:

Also, right click on the icon again, select edit (notepad should open) and have a look inside it. See what it says.

Response Number 4

Name: Mark122
Date: September 20, 2003 at 10:42:14 Pacific

Reply:

=================================================
Type of file: MS-DOS Batch File
Description: o
edit: if exist C:\WINDOWS\TEMP\playboy.exe C:\WINDOWS\TEMP\playboy.exe
del C:\WINDOWS\TEMP\playboy.exe
=================================================
...Ok, then so the edit shows "playboy"..so is this spyware attached during a pop-up?...do I just delete it?
P.S. I ran AdAware and deleted all the objects it showed..but this is still there.

Response Number 5

Name: smithdk
Date: September 20, 2003 at 10:56:19 Pacific

Reply:

Playboy.exe has been associated with a virus. Have you scanned your computer for a virus yet?

batch files on mac why do recovered files keep appearing in my trash batch file in unix batch file shell split file on blank lines aix set prompt run batch file silently dos batch input dos batch while loop redirection batch serial	ms dos download Delete hosts empty recycle bin command dos image file if exist batch file choice dos batch loop dos batch file prompt batch file run as dos batch cut
See More

Response Number 6

Name: Mark122
Date: September 20, 2003 at 12:01:17 Pacific

Reply:

Yes, I ran AVG: "No virus found"
I ran Spybot: found 1 thing "Common Hijacker:redirected host auto.search.msn.com"
..I did a search about this and it seems that this is a "false positive", that is apparently a glitch in Spybot..,
I ran TrojanScan: "No Trojan Found"
...so how do I make sure that I completely purge my system of this? i.e. is just delete/empty recycle bin sufficient?
Will deleting this file affect or delete my DOS?
P.S. I also noticed an "AuotExec" batch file in my program files when I use ad/remove programs...not sure if this is part of the same thing.
this edit displays:
SET windir=C:\WINDOWS
SET winbootdir=C:\WINDOWS
SET COMSPEC=C:\WINDOWS\COMMAND.COM
SET PATH=C:\WINDOWS;C:\WINDOWS\COMMAND
SET PROMPT=$p$g
SET TEMP=C:\WINDOWS\TEMP
SET TMP=C:\WINDOWS\TEMP

Response Number 7

Name: Viking
Date: September 20, 2003 at 12:10:32 Pacific

Reply:

Do this first. Disable system restore, instructions here.
Then you use Daves links and run some scans, here -
Panda Online Disinfection
and here -
TrendMicro - Housecall

Response Number 8

Name: Mark122
Date: September 22, 2003 at 20:28:42 Pacific

Reply:

Yeh, thx...I did all those scans...nothing found...I still don't understand why an AutoExec Dos batch file keeps reappearing on my C drive even thought I keep deleting it....
anyone know?

Response Number 9

Name: smithdk
Date: September 22, 2003 at 20:35:56 Pacific

Reply:

Run hijackthis and post back the log:
http://www.tomcoyote.org/hjt/

Response Number 10

Name: Mark122
Date: September 22, 2003 at 21:27:09 Pacific

Reply:

Message stated: "You have an particularly large amount of hijacked domains. It's probably better to delete the file itself then to fix each item (and create a backup).
If you see the same IP address in all the reported 01 items, consider deleting your Hosts file, which is located at C:\WINDOWS\HOSTS.
Logfile of HijackThis v1.97.2
Scan saved at 12:13:52 AM, on 9/23/2003
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.exe
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.exe
C:\WINDOWS\SYSTEM\MSTASK.exe
C:\WINDOWS\EXPLORER.exe
C:\WINDOWS\SYSTEM\RESTORE\STMGR.exe
C:\WINDOWS\TASKMON.exe
C:\WINDOWS\SYSTEM\SYSTRAY.exe
C:\PROGRAM FILES\VERIZON ONLINE\WINPOET\WINPPPOVERETHERNET.exe
C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.exe
C:\PROGRAM FILES\AVG\PROGRAM\AVGCC32.exe
D:\D-PROGRAM FILES\AOL\PROGRAM\AIM.exe
D:\D-PROGRAM FILES\WINZIP\WZQKPICK.exe
C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.exe
C:\WINDOWS\SYSTEM\DDHELP.exe
C:\WINDOWS\SYSTEM\SPOOL32.exe
C:\WINDOWS\SYSTEM\PSTORES.exe
D:\D-PROGRAM FILES\HIJACKTHIS\UNZIPPED\HIJACKTHIS.exe
O1 - Hosts: 127.127.127.127 elite
O1 - Hosts: 207.44.194.56 www.google.com
O1 - Hosts: 207.44.194.56 google.com
O1 - Hosts: 207.44.194.56 www.altavista.com
O1 - Hosts: 207.44.194.56 altavista.com
O1 - Hosts: 207.44.194.56 search.yahoo.com
O1 - Hosts: 207.44.194.56 uk.search.yahoo.com
O1 - Hosts: 207.44.194.56 ca.search.yahoo.com
O1 - Hosts: 207.44.194.56 jp.search.yahoo.com
O1 - Hosts: 207.44.194.56 au.search.yahoo.com
O1 - Hosts: 207.44.194.56 de.search.yahoo.com
O1 - Hosts: 207.44.194.56 search.yahoo.co.jp
O1 - Hosts: 207.44.194.56 www.lycos.de
O1 - Hosts: 207.44.194.56 www.lycos.ca
O1 - Hosts: 207.44.194.56 www.lycos.jp
O1 - Hosts: 207.44.194.56 www.lycos.co.jp
O1 - Hosts: 207.44.194.56 alltheweb.com
O1 - Hosts: 207.44.194.56 web.ask.com
O1 - Hosts: 207.44.194.56 ask.com
O1 - Hosts: 207.44.194.56 www.ask.com
O1 - Hosts: 207.44.194.56 www.teoma.com
O1 - Hosts: 207.44.194.56 search.aol.com
O1 - Hosts: 207.44.194.56 www.looksmart.com
O1 - Hosts: 207.44.194.56 search.msn.com
O1 - Hosts: 207.44.194.56 ca.search.msn.com
O1 - Hosts: 207.44.194.56 fr.ca.search.msn.com
O1 - Hosts: 207.44.194.56 search.fr.msn.be
O1 - Hosts: 207.44.194.56 search.fr.msn.ch
O1 - Hosts: 207.44.194.56 search.latam.yupimsn.com
O1 - Hosts: 207.44.194.56 search.msn.at
O1 - Hosts: 207.44.194.56 search.msn.be
O1 - Hosts: 207.44.194.56 search.msn.ch
O1 - Hosts: 207.44.194.56 search.msn.co.in
O1 - Hosts: 207.44.194.56 search.msn.co.jp
O1 - Hosts: 207.44.194.56 search.msn.co.kr
O1 - Hosts: 207.44.194.56 search.msn.com.br
O1 - Hosts: 207.44.194.56 search.msn.com.hk
O1 - Hosts: 207.44.194.56 search.msn.com.my
O1 - Hosts: 207.44.194.56 search.msn.com.sg
O1 - Hosts: 207.44.194.56 search.msn.com.tw
O1 - Hosts: 207.44.194.56 search.msn.co.za
O1 - Hosts: 207.44.194.56 search.msn.de
O1 - Hosts: 207.44.194.56 search.msn.dk
O1 - Hosts: 207.44.194.56 search.msn.es
O1 - Hosts: 207.44.194.56 search.msn.fi
O1 - Hosts: 207.44.194.56 search.msn.fr
O1 - Hosts: 207.44.194.56 search.msn.it
O1 - Hosts: 207.44.194.56 search.msn.nl
O1 - Hosts: 207.44.194.56 search.msn.no
O1 - Hosts: 207.44.194.56 search.msn.se
O1 - Hosts: 207.44.194.56 search.ninemsn.com.au
O1 - Hosts: 207.44.194.56 search.t1msn.com.mx
O1 - Hosts: 207.44.194.56 search.xtramsn.co.nz
O1 - Hosts: 207.44.194.56 search.yupimsn.com
O1 - Hosts: 207.44.194.56 uk.search.msn.com
O1 - Hosts: 207.44.194.56 search.lycos.com
O1 - Hosts: 207.44.194.56 www.lycos.com
O1 - Hosts: 207.44.194.56 www.google.ca
O1 - Hosts: 207.44.194.56 google.ca
O1 - Hosts: 207.44.194.56 www.google.uk
O1 - Hosts: 207.44.194.56 www.google.co.uk
O1 - Hosts: 207.44.194.56 www.google.com.au
O1 - Hosts: 207.44.194.56 www.google.co.jp
O1 - Hosts: 207.44.194.56 www.google.jp
O1 - Hosts: 207.44.194.56 www.google.at
O1 - Hosts: 207.44.194.56 www.google.be
O1 - Hosts: 207.44.194.56 www.google.ch
O1 - Hosts: 207.44.194.56 www.google.de
O1 - Hosts: 207.44.194.56 www.google.dk
O1 - Hosts: 207.44.194.56 www.google.fi
O1 - Hosts: 207.44.194.56 www.google.fr
O1 - Hosts: 207.44.194.56 www.google.com.gr
O1 - Hosts: 207.44.194.56 www.google.com.hk
O1 - Hosts: 207.44.194.56 www.google.ie
O1 - Hosts: 207.44.194.56 www.google.co.il
O1 - Hosts: 207.44.194.56 www.google.it
O1 - Hosts: 207.44.194.56 www.google.co.kr
O1 - Hosts: 207.44.194.56 www.google.com.mx
O1 - Hosts: 207.44.194.56 www.google.nl
O1 - Hosts: 207.44.194.56 www.google.co.nz
O1 - Hosts: 207.44.194.56 www.google.pl
O1 - Hosts: 207.44.194.56 www.google.pt
O1 - Hosts: 207.44.194.56 www.google.com.ru
O1 - Hosts: 207.44.194.56 www.google.com.sg
O1 - Hosts: 207.44.194.56 www.google.co.th
O1 - Hosts: 207.44.194.56 www.google.com.tr
O1 - Hosts: 207.44.194.56 www.google.com.tw
O1 - Hosts: 207.44.194.56 google.at
O1 - Hosts: 207.44.194.56 google.be
O1 - Hosts: 207.44.194.56 google.de
O1 - Hosts: 207.44.194.56 google.dk
O1 - Hosts: 207.44.194.56 google.fi
O1 - Hosts: 207.44.194.56 google.fr
O1 - Hosts: 207.44.194.56 google.com.hk
O1 - Hosts: 207.44.194.56 google.ie
O1 - Hosts: 207.44.194.56 google.co.il
O1 - Hosts: 207.44.194.56 google.it
O1 - Hosts: 207.44.194.56 google.co.kr
O1 - Hosts: 207.44.194.56 google.com.mx
O1 - Hosts: 207.44.194.56 google.nl
O1 - Hosts: 207.44.194.56 google.co.nz
O2 - BHO: (no name) - {2843DAC1-05EF-11D2-95BA-0060083493D6} - C:\WINDOWS\SPEECH\DRAGON\WEB_IE.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [a-winpoet-service] "C:\Program Files\Verizon Online\WinPoET\winpppoverethernet.exe"
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [AVG_CC] c:\PROGRA~1\AVG\PROGRAM\avgcc32.exe /STARTUP
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [AvxIni] c:\program files\softwin\bdprof\avxinit.exe
O4 - HKCU\..\Run: [AIM] D:\D-PROGRAM FILES\AOL\PROGRAM\aim.exe -cnetwait.odl
O4 - Startup: WinZip Quick Pick.lnk = D:\D-Program Files\WinZip\WZQKPICK.exe
O4 - Global Startup: Verizon Online Dialer.lnk = C:\Program Files\Verizon Online\WinPoET\Verizon Online.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: AIM (HKLM)
O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37886.8138078704
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/16ed0f9b5283f6b71622/netzip/RdxIE601.cab
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) - http://www.flipside.com/cab/WONWebLauncherControl.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/bcd48c18cb7498/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

Response Number 11

Name: smithdk
Date: September 23, 2003 at 14:49:42 Pacific

Reply:

Nothing suspicious looking in your startup (O4). There is also a windows startup folder. Have you checked that yet? Also check your win.ini and system.ini files for anything suspicious (use msconfig). Does it copy the file to your desktop when you boot into safe mode?

Response Number 12

Name: smithdk
Date: September 23, 2003 at 14:51:37 Pacific

Reply:

I would also delete the hosts file.

Response Number 13

Name: Mark122
Date: September 23, 2003 at 15:42:06 Pacific

Reply:

--Ok...I know how to check the MSCONFIG/startup
--I checked the win.ini and system.ini files but am not sure what is actually suspicious.
--I looked in WINDOWS for my hosts file...couldn't find it...how do I delete.
btw,,,if my hijack-this results says "You have a particularly large amount of hijacked domains.." and lists all those hosts...what exactly does it mean..and short of having to keep deleting the hosts file,,how do I prevent it again???
THX.

Response Number 14

Name: smithdk
Date: September 23, 2003 at 16:25:07 Pacific

Reply:

On my Windows ME system the hosts file is located in c:\windows. If yours is not there, try searching the entire hard drive for that file. If that doesn't work you could use hijack this to delete all of those lines marked as 01.
on win.ini you need to check for anything after run= or load=
If it is blank that is fine.
on system.ini you should have shell=explorer.
Does the batch file get copied to your desktop when you boot into safe mode?

Response Number 15

Name: smithdk
Date: September 23, 2003 at 17:08:24 Pacific

Reply:

After reviewing your hijackthis log some more, delete this line:
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) - http://www.flipside.com/cab/WONWebLauncherControl.cab

Response Number 16

Name: Mark122
Date: September 23, 2003 at 18:00:53 Pacific

Reply:

The batch file gets copied to C drive, even when in safe mode...the batch file on the desktop has been gone for a couple of days..but C drive one keeps reappearing after deletion.
OK...I'll delete that 016 and all the 01 lines like you suggested, because I went through Windows and couldn't find hosts file.
After I do this...is this the kind of thing like cookies/Adaware when you have to endlessly keep up with/run HijackThis and delete hosts?..or is there a preventitive measure?

Response Number 17

Name: smithdk
Date: September 23, 2003 at 18:30:25 Pacific

Reply:

You said:
..but C drive one keeps reappearing after deletion.
So which file is this that appears on your C drive?

Response Number 18

Name: Mark122
Date: September 23, 2003 at 18:34:30 Pacific

Reply:

"AUTOEXEC", MS-DOS Batch File...size on disk= 4k
edit:
SET windir=C:\WINDOWS
SET winbootdir=C:\WINDOWS
SET COMSPEC=C:\WINDOWS\COMMAND.COM
SET PATH=C:\WINDOWS;C:\WINDOWS\COMMAND
SET PROMPT=$p$g
SET TEMP=C:\WINDOWS\TEMP
SET TMP=C:\WINDOWS\TEMP
reappears after deletion...

Response Number 19

Name: smithdk
Date: September 23, 2003 at 18:43:12 Pacific

Reply:

That file is fine. It is normally part of windows. Windows will recreate it if it is deleted.
So the other batch file you haven't seen in a few days?

Response Number 20

Name: Mark
Date: September 23, 2003 at 20:19:35 Pacific

Reply:

Yeh...the desktop one is gone...must have been removed by one of the programs...

Response Number 21

Name: smithdk
Date: September 24, 2003 at 09:14:48 Pacific

Reply:

It looks like your problem has been taken care of. Thanks for posting back.

Response Number 22

Name: Mark122
Date: September 24, 2003 at 10:00:04 Pacific

Reply:

Yes...I REALLY appreciate all your help smith...I have learned alot during this....
Thx again, Mark122

Sponsored Link

Ads by Google

Small but tiresome....

homepage wont load after ...

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Windows Me Forum Home

Sponsored links

Ads by Google

Results for: MS-DOS Batch File on desktop

Running a DOS batch file in Win ME

Summary

www.computing.net/answers/windows-me/running-a-dos-batch-file-in-win-me-/12120.html

Closing DOS batch file in Win ME

Summary

www.computing.net/answers/windows-me/closing-dos-batch-file-in-win-me/6021.html

Batch Files Program?

Summary

www.computing.net/answers/windows-me/batch-files-program-/20403.html

From the Geek Dictionary
business continuity - A company that is forward-thinking will examine its internal and external w...

Ask a Question!

Weekly Poll
Did you go shopping on Black Friday?

Poll Finishes Today.
Discuss in The Lounge
Poll History

Recent Posts
Upgrade CPU to run win 7 64 bit.

monitor blinks

Connecting offsite server to main

Recommend backup strategy for small business

Cannot view video under profile

All Awaiting Reply

Tom's News
Google Launches Free Public DNS Service

UK Street May Be Named After Lara Croft

Universal to Release Blu-ray/DVD Combo Disc

Orangutan Takes Pics, Shares via Facebook

Man Suffocates Baby Over Gaming Marathon

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE