After a considerable infection with a trojan(over 14 files infected) I noticed a file that starts at start-up named 5t34my.bat. I know it’s from the internet because Windows asks me if I want to run it. I press Cancel but the program still starts. The tricky part is that avast! didn’t detect anything, as I have performed the memory scan( when avast! starts) and a boot-time scan. I googled it, and found no results so I was wondering if someone knows what it is. I wanted to send it for analysis but as avast! doesn’t recognize a virus I don’t know how…
To send it to alwil you could:
Send it in a password protected archive to virus(at)avast(dot)com, advising of the password in the body of the email.
You could also add some info about what goes on with the file.
or
Right click avast icon → start avast antivirus → click on virus chest → navigate to user files -->add files to chest
From there you can send the file to alwil for further investigation
You could also upload the file to www.virustotal.com
Thanks for the prompt response. I will try your method and post the result in a later edit of this post.
Later edit: I think I’ll have to live with that pest. I couldn’t find the file neither with search of browsing there C:/Users/Dante/Local files(Didn’t even find this folder), so I decided to just open msconfig and disable it from starting, as well as the three copies of “calc”. Thanks anyway for your help and support as I really appreciate it.
Edit2: By the way I didn’t notice any unusual behviour so I think it’s just a file thatgot lost somehow(???).
I somehow doubt virustotal or avast would find anything in a .bat (text) file.
Using notepad open the file (don’t double click as that will run it) and view the contents, you can copy and paste them into the topic. A batch file will have run commands for a number of files and it is these files that are the payload and these that should be scanned by avast and uploaded to virustotal.
Check the offending/suspect file/s listed in the batch file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page. You can’t do this if you sent the file to the security of the chest, you need to extract it to a temporary (not original) location first.
I didn’t know that…well you learn something new everyday
Thanks for the correction DavidR
-Scott-
No problem, unless there is some specific code in the .bat file (which I don’t know if it would run) there is nothing malicious in the file, so effectively nothing to detect.
Though in theory .dat files are text files and avast on occasion detects these as infected.
Okay, okay, okay… So the file is not a virus, but what does it do. It’s a misplaced file or something? Because none of my programs created it, if they would windows wouldn’t have asked me if i wanna run it. And the tricky part is that I can’t seem to find it. The entry in msconfig says that it’s located in “C:\Users\Dante\Local Settings\Temp\5t34my.bat” and it seems to have vanished. The point is, Is it possible that one of my programs is infected with some sort of new virus, undetectable, that used this file as… I don’t know, as an “infecting scout” or that a program created it for it to work properly? Because besides start-up the file seems it doesn’t exist…
you can try to upload it in www.virustotal.com to cross-check whether it is a virus or not
i think it might be temporary file of something you ran in the computer
I have told you what it does and asked that you post the contents of the .bat file in the topic.
If however it is no longer there then there is little you can do in the way of further investigation.
The file however could be hidden.
- Ensure that you have hidden files and folders enabled and disable hide system files in Windows Explorer, Tools, Folder Options, Hidden files and folders, uncheck Hide extensions for known file types, etc. see image.
‘virus_go_away’ has already been given the virustotal link with that suggestion, but as I said I would find it highly likely that it would find nothing in a .bat file.
Umm… I don’t think someone can understand something like this “‹ã~KVÿþ¥ÄIA¡˜ÜIVäk#°pÞ›éZ’>ìeJâ¸ñŠ6~GÑD¾UÜO`%¦à{‘é”… It’s all over in the file… Not even a comprehensible word… I strongly doubt it can do something…
Then it is unlikely that it is a batch (.bat), text file as that would be plain language text. It is possible that the file type doesn’t match the file content as anyone can change the file type of a file.
So as has been suggested you can upload it to virustotal and see what results that brings.
Ok, nevermind the question just reinstalled Windows and everything is just fine ;D. I didn’t care for the C drive because I could always delete and reformat partitition but I cared for D and E drive because I could lome my games, my movies, my music so… Anyway thank you all for your help and support.
Glad u did the decision of ur heart^^
-AnimeLover^^