dos environment???

well, i’ve made a little cmd file which is running some basic commands (disable taskmgr etc.), to see if im protected against batch files.
i dont understand why avast ignore the file, which may cause some decent damage to an unprotected system, and this is why im posting this thread…
if something is against the rules feel free to edit my post, and sorry if i did pass a rule.
if it didn’t find the file i made, what will happen if i will download such a file from the internet? - file code below: (didn’t even check it yet)

removed can someone please check this thing. :slight_smile:

Well, what you are saying is: “I’ve just written a new malware, why it’s not detected yet”?

ive sent it to avast like 50 times before months ago and it still not being detected, so i guess it isnt and im wrong idk… that’s why im asking here.
idk what to do…

If you’re the only one having that file (meaning it’s not being actively used), you can consider it a ZOO sample.
Sorry, but I don’t see a point in wasting time on things like that. Detecting your particular file won’t help with detecting other - real - stuff.

[And, I’ll rather remove the script from the original post - before it becomes ITW]

what’s itw? and can you please give it to someone who can analyze it?
and how can you say you cant see the point? a lot of batch viruses are having at least 1-2 commands of what i’ve written right here.

In the wild.

are you sure this is even a malware? no av detects it… so i was thinking maybe im wrong.

Please remove the script…!! Thanks.
asyn

ITW means that malware authors actively use it.

It’s not possible to detect any “possibly malicious line” in BAT files. While some malicious scripts may try to destroy user’s data, it’s certainly possible that someone else uses BAT files to format new hard drives, without any malicious intent - and it’s the same line.
So no, your file won’t help protecting against real-world malware in any way.

If you wish to become a malware author - start to publish these scripts and they start to be used in malware, their detection will be added.

igor, please read this:

  1. since when task manager disabling, wallpaper changing, swapping mouse buttons- sound as decent commands!?
  2. why do i need to be a bad man in order to help? why cant avast just add those bad registry commands to their database.
  3. i will never publish such scripts to make damage, i hate it the most- i just tried to help.
  4. script removed.
  5. do you really think what i’ve posted here counts as a malware?
  • could be part of some “policy-setting” script, used by the admin
  • someone might like to change his wallpaper every day?

I am saying that there is no “database of commands” - it’s not possible to detect just the single lines, it would produce too many false positives.
The whole script files are detected - but detecting your specific file, if it’s only you who has it and you don’t use it for any malicious purposes, is pointless - it’s a “ZOO sample”.
I’m sure there are many real scripts, using very similar or same lines as the ones you used, that are detected.

Certainly could be used that way - if somebody included it as a payload into an exploit/downloader package.

you didnt answer about the mouseswapbutton reg :slight_smile:
and i didnt know that av has in its database the whole image of the virus, i thought it uses
standalone codes to detect a lot of files…

I don’t think it would really justify it to be detected as malware. A joke, maybe…

It doesn’t contain the whole images, but in particular for the BAT files, it’s necessary to look at the “bigger picture”, probably the whole file.
Detecting the single lines would produce too many false positives.

Generally, detecting tiny BAT files is quite hard if you don’t want to have false positives - because it’s hard to decide whether it’s always malicious, or if somebody can use it for ordinary tasks (such as formatting disks, cleaning unused drives, …)

so what u saying is… its rather be undetected than false positive :slight_smile:

and it doesnt scan it as an image, cuz when i add the rundll32 commands, it detects a malware!

I said “probably the whole file”.
In any case, if we added all your lines and detected them separately, I’m quite sure there would be a lot of false alarms. It’s necessary to be careful.

And, I’m sure the virus guys have a lot of real-life samples… it’s really not necessary to create artificial ones, even if well meant.

Maybe because it will flag some other false positives of other people using these commands for good ???

Oh, I see Igor has already said that…

False positives of the files of other users, not yours.

yeah i know that

i always thought that the av companies under estimate batch viruses and that’s why they didnt detect my files.
so its all because of the danger behind false positive? so you say that they are like normal viruses but less dangerous, the problem with batch is that they cant
be added into the av cuz they will make a lot of false positive, that may give the batch a big advantage over c viruses.

I am saying that if the malicious BAT is used in real malware, spreading between the users - it should be, and hopefully will be detected.
If it’s just your files that you’ve just created yourself - they probably won’t be, because such files are new, and hopefully “test only”; and I don’t think virus lab guys should really spend time on your files, they’ve got plenty of work with real-world stuff.

And yes, BAT file detection is a bit tricky, because of their small size and little content. But I am not saying they are not detected, if they are real.

That said, I’d probably close the subject (from my side at least) - I also have some work to do, sorry.