Jump to content

Recommended Posts

Got a detection this morning on ONE computer but the file doesn't seem to be malicious. Please explain how this batch file is a Trojan:

Trojan.Agent.Trace         Quarantined      C:\DelUS.bat

Contents:

:Repeat

attrib -R "C:\Users\MICHAE~1.BRI\AppData\Local\Temp\DelE864.tmp"

del "C:\Users\MICHAE~1.BRI\AppData\Local\Temp\DelE864.tmp"

if exist "C:\Users\MICHAE~1.BRI\AppData\Local\Temp\DelE864.tmp" goto Repeat

attrib -R "\DelUS.bat"

del "\DelUS.bat"
Link to post
Share on other sites

  • Staff

There have been quite some different Trojans that created this as well.

Some examples are: 

https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Trojan:Win32/Micmackin.B

https://vms.drweb-av.pl/virus/?i=2042188

https://home.mcafee.com/VirusInfo/VirusProfile.aspx?key=1611020#none

There are a few other ones that created these too. We used to see it more often a few years ago.

You find more, using the following search-query:

https://www.google.com/search?q="C:/DelUS.bat"

Additionally, it could have also be created manually, not by Trojans. But the majority are traces by Trojans. Nevertheless, it's safe to remove if you didn't manually created it, especially since it points to contents of the temp folder (in this case)

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.