Discussion in 'ESET Smart Security' started by graywolf202, Aug 24, 2008.

Thread Status:
Not open for further replies.
  1. graywolf202

    graywolf202 Registered Member

    Aug 10, 2008
    Hullo. There's this malware that a couple of AV's (nod32, ess, kapersky, etc) can't detect (but avira can detect it). Avira says it's a backdoor trojan C:\Windows\pc-off.bat. Apparently, it is also associated with other malware like password_viewer.exe and bar311.exe. People describe it as shutting down their pc. Some say there is also a timer before the shutdown. I'll send you a .zip sample as soon as i can find one. samples@eset.sk right?
  2. ASpace

    ASpace Guest

    Make sure to send password_viewer.exe and bar311.exe , the bat file itself , without the executables is not that important.
  3. darklord_godiver

    darklord_godiver Registered Member

    Aug 27, 2008
    ESET Nod32 Antivirus is now detecting it, however, it's still attacking my PC although with the help of the antivirus, it's not shutting down. In a matter of 10 to 15 minutes after I switched on my PC, the NOD32 starts showing pop-ups of pc-off.bat being quarantined. Now, having my PC on for more than 30 minutes, the virus has tried to attack for more than 400 times.

    Do you have any suggestion on how to remove this thing? Even after doing a complete scan and quarantine, I can't seem to get it out of the system...
  4. ASpace

    ASpace Guest


    Download and run ESET SysInspector

    When the utility has collected the information , click File > Save Log
    Confirm your wish. A log file , placed in a zip archive , will be created.

    Send that archived file to ESET , email samples@eset.com . Then , they'll guide you to a way to eliminate the threat and possibly recover the problems.
  5. unleashedpsycho

    unleashedpsycho Registered Member

    Apr 25, 2007
    Hello Friends,
    I had a similar problem the pc shuts down after around 45 mins...
    My system was infected with iph.exe and system.bat.
    system.bat was place in "%systemroot%\windows" o %systemroot%\windows\system32" i'm confused...
    Normally the shutdown countdown used to be executed after running command prompt.
    But this happened about a month a go...

    So i managed to delete it manually using DOS commands...
    Now it's fine..
    But now i hope eset gets hold of it...Not sure o_O

    But when ever i run command prompt it shows system.bat missing..i'm not able to remove that till now:doubt:

    I hope my experience can help anyone out there...:thumb:
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.