-{ Quote: "@echo off
:df
del %1
if exist %1 goto df" }-

Copy and paste into a text file without trailing spaces then save. Wait for EAV/ESS to pop up.

It's hard to take ESET seriously sometimes when it throws up warnings like this. :blink:

Yes this file is used by a trojan installer but it's not a threat (all it does is delete the file passed to it at runtime).

In the meantime it would be nice if ESS/EAV could actually remove virtumonde instead of just alerting about harmless batch files.

BTW ESET to remove virtumonde all you need is unlocker and this script:
-{ Quote: ":start
del %systemroot%\system32\[virtumonde dll file name here]
go to start" }-

Run the above script (leave it looping) then use unlocker on the virtumonde dll and choose "unlock all." System will crash (winlogon.exe) but the file will be gone. ESS/EAV's efforts however were in vain.

I'm sure this could be implemented in ekrn.exe

Cheers. :)

Here's what your peers think:
~removed VT results per policy (http://www.wilderssecurity.com/showthread.php?t=180057)....Bubba~

LOL !!!

Perhaps you could name all the antivirus/firewall programs that will get rid of virtumonde. It will be a very short list.
I was able to remove virtumonde from a system which had another firewall that allowed virtumonde to get in in the first place by removing that firewall and installing ESS.

Perhaps the above code is a part of a Virtumonde file/algorythm and that is why it is detected by ESET in generic signature