pc-off.bat

Discussion in 'ESET Smart Security' started by graywolf202, Aug 24, 2008.

Thread Status:
Not open for further replies.
  1. graywolf202

    graywolf202 Registered Member

    Joined:
    Aug 10, 2008
    Posts:
    4
    Hullo. There's this malware that a couple of AV's (nod32, ess, kapersky, etc) can't detect (but avira can detect it). Avira says it's a backdoor trojan C:\Windows\pc-off.bat. Apparently, it is also associated with other malware like password_viewer.exe and bar311.exe. People describe it as shutting down their pc. Some say there is also a timer before the shutdown. I'll send you a .zip sample as soon as i can find one. samples@eset.sk right?
     
  2. ASpace

    ASpace Guest

    Make sure to send password_viewer.exe and bar311.exe , the bat file itself , without the executables is not that important.
     
  3. darklord_godiver

    darklord_godiver Registered Member

    Joined:
    Aug 27, 2008
    Posts:
    4
    Location:
    Philippines
    ESET Nod32 Antivirus is now detecting it, however, it's still attacking my PC although with the help of the antivirus, it's not shutting down. In a matter of 10 to 15 minutes after I switched on my PC, the NOD32 starts showing pop-ups of pc-off.bat being quarantined. Now, having my PC on for more than 30 minutes, the virus has tried to attack for more than 400 times.

    Do you have any suggestion on how to remove this thing? Even after doing a complete scan and quarantine, I can't seem to get it out of the system...
     
  4. ASpace

    ASpace Guest

    Hello!

    Download and run ESET SysInspector
    http://www.eset.com/download/sysinspector.php

    When the utility has collected the information , click File > Save Log
    Confirm your wish. A log file , placed in a zip archive , will be created.

    Send that archived file to ESET , email samples@eset.com . Then , they'll guide you to a way to eliminate the threat and possibly recover the problems.
     
  5. unleashedpsycho

    unleashedpsycho Registered Member

    Joined:
    Apr 25, 2007
    Posts:
    10
    Hello Friends,
    I had a similar problem the pc shuts down after around 45 mins...
    My system was infected with iph.exe and system.bat.
    system.bat was place in "%systemroot%\windows" o %systemroot%\windows\system32" i'm confused...
    Normally the shutdown countdown used to be executed after running command prompt.
    But this happened about a month a go...

    So i managed to delete it manually using DOS commands...
    Now it's fine..
    But now i hope eset gets hold of it...Not sure o_O

    But when ever i run command prompt it shows system.bat missing..i'm not able to remove that till now:doubt:


    I hope my experience can help anyone out there...:thumb:
     
Thread Status:
Not open for further replies.