Copy and paste into a text file without trailing spaces then save. Wait for EAV/ESS to pop up. It's hard to take ESET seriously sometimes when it throws up warnings like this. Yes this file is used by a trojan installer but it's not a threat (all it does is delete the file passed to it at runtime). In the meantime it would be nice if ESS/EAV could actually remove virtumonde instead of just alerting about harmless batch files. BTW ESET to remove virtumonde all you need is unlocker and this script: Run the above script (leave it looping) then use unlocker on the virtumonde dll and choose "unlock all." System will crash (winlogon.exe) but the file will be gone. ESS/EAV's efforts however were in vain. I'm sure this could be implemented in ekrn.exe Cheers. Here's what your peers think: ~removed VT results per policy....Bubba~
Perhaps you could name all the antivirus/firewall programs that will get rid of virtumonde. It will be a very short list. I was able to remove virtumonde from a system which had another firewall that allowed virtumonde to get in in the first place by removing that firewall and installing ESS.
Perhaps the above code is a part of a Virtumonde file/algorythm and that is why it is detected by ESET in generic signature