Batch File Virus Question

Microsoft Windows xp professional w/serv...
April 27, 2010 at 16:30:21
Specs: Windows XP
Ok so in the computer lab, the computers are plagued with viruses and the anti-virus software was disabled for security reasons(haha thats kinda funny...) and every time you plug a flash drive into them the drives are immidiatly infected with the virus so i made a batch file to delete the great...but the problem is that every computer in the lab has a differnet name for the virus
Heres what the batch file currently looks like:

@echo off
IF NOT EXIST autorun.inf GOTO :no
del /f /a h autorun*.inf + nuoiv*.exe + nuoiv*.scr + kbtoz*.exe + kbtoz*.scr + xeaxa*.exe + xeaxa*.scr + vouhu*.exe + vouhu*.scr + puodoi*.exe + yeayel*.exe + yeayel*.scr
echo Virus Deleted
IF EXIST nuoiv*.exe GOTO :yes
IF EXIST nuoiv*.scr GOTO :yes
IF EXIST kbotz*.exe GOTO :yes
IF EXIST kbotz*.scr GOTO :yes
IF EXIST xeaxa*.exe GOTO :yes
IF EXIST xeaxa*.scr GOTO :yes
IF EXIST vouhu*.exe GOTO :yes
IF EXIST vouhu*.scr GOTO :yes
IF EXIST poudoi*.exe GOTO :yes
IF EXIST yeayel*.exe GOTO :yes
IF EXIST yeayel*.scr GOTO :yes
echo No Virus Found
P.S. i have thought about just doing del /f /a h *.scr + *.exe but there r other .exe files i dont want to be deleted...
(sorry about spelling errors)

See More: Batch File Virus Question

Report •

April 27, 2010 at 16:39:00
You got a polymorphic rootkit. How fun. The proper solution would be to get rid of the rootkit. What have you tried to use for scanning? Try malwarebytes...

If it was me I would just reimage the computers because with rootkits you can never know that you have completely got rid of them. This is our policy where I work but you may have a reason not to do this.

Report •

April 27, 2010 at 16:42:35
viruses and the anti-virus software was disabled for security reasons

What ???

You batch file, even if it would work correctly, is suitable for only one virus.

Btw.: When plugging a new hard drive to a computer, where you have already run that batch file, that tells me, that you haven't killed the virus with the batch file.

I strongly recommand, to use a professional antivirus software, to catch the virus and eliminate it persistently.
And I further recommend, to do this on all the workstations or servers you have.

You can't fight against viruses with a simple batch file.
This is reminiscent of Don Quichotte.

The original poster should always write the last response !!!
Let us know, if the problem is solved !!!

Report •

April 27, 2010 at 16:55:53
to reply to the first to responses...the anti-virus software is disabled and i cant download anything from the internet on the computer either...the account i have to use is useless except for basic tasks...

Report •

Related Solutions

April 27, 2010 at 17:57:04
You boot from a systems disk and run it. Do you have any Windows Systems disks? Plus did you try Malwarebytes? It usually circumvents rootkits. Otherwise the proper solution is to backup what you can, scan the files from a clean computer and reimage the infected one. Do you keep images of the computers?

Report •

April 27, 2010 at 18:58:57
Lodge a complaint at the highest level of your organization about the lack of action in dealing with these viruses.

Obviously, somebody is not doing their job.

Please let us know if you found someone's advice to be helpful.

Report •

April 27, 2010 at 19:13:18
All flash drives ought to have a folder called autorun.inf

That prevents at least the lsass.exe virus.

Playing to the angels
Les Paul (1915-2009)

Report •

Ask Question