Is this a virus?

Copy and paste into a text file without trailing spaces then save. Wait for EAV/ESS to pop up.

It's hard to take ESET seriously sometimes when it throws up warnings like this.

Yes this file is used by a trojan installer but it's not a threat (all it does is delete the file passed to it at runtime).

In the meantime it would be nice if ESS/EAV could actually remove virtumonde instead of just alerting about harmless batch files.

BTW ESET to remove virtumonde all you need is unlocker and this script:

Run the above script (leave it looping) then use unlocker on the virtumonde dll and choose "unlock all." System will crash (winlogon.exe) but the file will be gone. ESS/EAV's efforts however were in vain.

I'm sure this could be implemented in ekrn.exe

Cheers.

Here's what your peers think:
~removed VT results per policy....Bubba~

 

LOL !!!

 

Perhaps you could name all the antivirus/firewall programs that will get rid of virtumonde. It will be a very short list.
I was able to remove virtumonde from a system which had another firewall that allowed virtumonde to get in in the first place by removing that firewall and installing ESS.

 

Perhaps the above code is a part of a Virtumonde file/algorythm and that is why it is detected by ESET in generic signature