Trojan.BAT.Shutdown.l

wondering about this one,

is this just a onetime script that deactivates programs at startup?

A "friend" sent me this one disguised as "keepass" software.

since i trusted him i clicked on it, but noticed straight away that this was somekind of bat program. (the dos screen popped up)

Nod32, spysweeper, snoopfree or outpost spyware did anything.

so i ran it at virustotal.com and Ikarus,VBA32 detected it as Trojan.BAT.Shutdown.l

panda detected it as suspicious.

and yes, on next startup several programs didnt start, nod32,outlook,intel proset (luckily) and some others

 

why not do a %systemroot% scan in safe model?

 

Can you please send a copy to samples @ eset.sk

Cheers

 

samples @ eset.sk ?? what a unusual e-mail add......................................

 

if you send the sample to this address Eset will be able to analyse it and include detection in NOD32 if necessary.

if you have problems emailing it, try zipping it up (eg with WinZip) and password protecting the file - password should be "infected" (without the quotation marks)

 

dont have the file anymore. Talked to the guy, and it was just a file he dl and renamed.

as for scanning, its difficult when those that detected it doesnt have online scan.

anyways, it worked pretty good. 1 click and every security program etc was removed from startup.