Trojan.Agent.Trace DelUS.bat

[Don_yourWhiteHat]

Got a detection this morning on ONE computer but the file doesn't seem to be malicious. Please explain how this batch file is a Trojan:

Trojan.Agent.Trace         Quarantined      C:\DelUS.bat

Contents:

:Repeat

attrib -R "C:\Users\MICHAE~1.BRI\AppData\Local\Temp\DelE864.tmp"

del "C:\Users\MICHAE~1.BRI\AppData\Local\Temp\DelE864.tmp"

if exist "C:\Users\MICHAE~1.BRI\AppData\Local\Temp\DelE864.tmp" goto Repeat

attrib -R "\DelUS.bat"

del "\DelUS.bat"

[miekiemoes]

Hi,

This is a Trace of a Trojan you probably had installed in the past. Hence the name Trojan.Agent.Trace

It's totally safe to have Malwarebytes delete that batch file.

[Don_yourWhiteHat]

is there any way to know what it was a trace of?

[miekiemoes]

There have been quite some different Trojans that created this as well.

Some examples are: 

https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Trojan:Win32/Micmackin.B

https://vms.drweb-av.pl/virus/?i=2042188

https://home.mcafee.com/VirusInfo/VirusProfile.aspx?key=1611020#none

There are a few other ones that created these too. We used to see it more often a few years ago.

You find more, using the following search-query:

https://www.google.com/search?q="C:/DelUS.bat"

Additionally, it could have also be created manually, not by Trojans. But the majority are traces by Trojans. Nevertheless, it's safe to remove if you didn't manually created it, especially since it points to contents of the temp folder (in this case)