I guess I will join this thread and post my 2 cents in as well. Let us
start with the basics: What is a virus? According to Microsoft, a
viruses are, "(Computer viruses are) software programs that are
deliberately designed to interfere with computer operation, record,
corrupt, or delete data, or spread themselves to other computers and
throughout the Internet." This includes *.bat files. So can *.bat files
be viruses? Of course. It is a possibility. However, *.bat files are old
technology (but that is still in use today). The probability of a *.bat
virus spreading on the internet is slim; at least one that is spreading
quickly in the wild. A batch file is a collection of commands; although
not as sophisticated as today's scripts.

I remember old batch files that would reboot your computer and format
your c:\ drive or worse fdisk the whole drive. To knock on wood, I have
not run across many viruses nowadays that do this. IMHO, I worry about
spyware 10x more than viruses.

I feel as if I have digressed, so I will stop now. :-) I hope that helps


--
Michael D. Alligood
MCSA, MCDST, MCP, A+,
Network+, i-Net+, CIW Assoc.,
CIW Certified Instructor



"BoaterDave" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed):

> Ooops! Sorry about that - I was deep in thought and sent the blank response
> in error.
>
> Perhaps it was Divine intervention - I then saw the post from Kerry Brown.
> Or, as he's known elsewhere, TechB.
>
> What you couldn't know, gls858, is that my younger son, Nick, who would have
> been 36 tomorrow, tragically collapsed and died almost 8 years ago. No cause
> for his death was found. He was a computer guru, with a first class degree
> in Physics, and worked for ICL. He could *always* answer my queries ........
> and I miss him.
>
> I appreciate *your* help. Thank you.
>
> My basic understanding now is that, as a 'bat' file is not a 'virus' per se,
> it would (probably) not be picked up by an anti-virus programme. However, I
> suspect that if such a file was surepticiously placed on one's PC, it could
> issue commands to make one's PC do just about anything, including being able
> to make adjustments to, in my case, NIS 2006.
>
> If I'm right about this (and I recognise that I may have got it wrong yet
> again!) unless one specifically seeks out a suspicious 'bat' file, one's PC
> could apparently be working normally whilst, at the same time, be acting as
> a 'zombie' for unscrupulous persons unknown. (Perhaps that is what my
> 'script kiddie' meant - he's no academic, that's for sure!)
>
> Referring to the post from KB, I'd just mention that he 'advises' on the N/g
> to which I was lured (by email) following posts I made here with MS back in
> February. I was highly suspicious then, and still feel that there may be
> those with malicious intent residing there (perhaps using the PC's of other
> newsgroup members as zombies too - just my theory!). I'm aware that some
> 'members' there scan these MS newsgroups - perhaps looking for other
> vulnerable 'clients' - I could determine no other reason.
>
> I didn't know what a 'Troll' was this time last year. All I've been trying
> to do is identify just how the 'bad guys' wreak havoc on the 'Net, not
> simply 'clean' my own machine.
>
> FWIW (and I didn't know what that meant either, then! <g>)
>
> David
> ______________________________________________________
>
>
> "gls858" <(E-Mail Removed)> wrote in message
> news:%(E-Mail Removed)...
>
> > It's not the fact that's it's a .bat file that makes it good or bad
> > it's the commands that it contains. A .bat is simply a series of commands.
> > If you want to see the contents of a .bat file simply right click and
> > select edit. If you or your so called "script kiddie" don't understand the
> > commands contained in the batch file I would suggest you find a real
> > computer programmer to explain to you what the file is intended to do.
> > Batch files are commonly used to perform redundant tasks on a schedule.
> >
> > gls858

Hello Michael,

Thank you for responding. Your comments were rather supportive of my theory.

I haven't (or so I thought!) intimated that *.bat files are spreading 'in
the wild', rather that I feel that they may be being utilised by (probably)
a small number of 'bad guys' who are hiding within a specific newsgroup, the
purpose of which is supposed to help others with their PC problems (*still*
no concrete proof, which is highly frustrating!). There are, though,
hundreds of users of the 'host' server, so many users may be compromised.

When I discussed the threat I received with our Police (once I had recovered
funds fraudulently taken from my bank account by PayPal last year) I
discovered just how massive Cybercrime has become. Discussion with their
Hi-Tech crime unit then led me to investigate further, and I discovered
findings by Sunbelt Software which, in turn, made me realise that no-one
really knows just *how* such crime is growing. So, perhaps in memory of my
son, I've done my best to identify how it *may* be being done (at least in
part).

I feel that I can take the matter little further on my own.

Thanks again.

David

PS You will find many posts I've made before if you 'Google' for BoaterDave,
but find out just who *I* am if you 'Google' for BoaterDaveTJ
____________________________________________________

"Michael D. Alligood" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>I guess I will join this thread and post my 2 cents in as well. Let us
>start with the basics: What is a virus? According to Microsoft, a viruses
>are, "(Computer viruses are) software programs that are deliberately
>designed to interfere with computer operation, record, corrupt, or delete
>data, or spread themselves to other computers and throughout the Internet."
>This includes *.bat files. So can *.bat files be viruses? Of course. It is
>a possibility. However, *.bat files are old technology (but that is still
>in use today). The probability of a *.bat virus spreading on the internet
>is slim; at least one that is spreading quickly in the wild. A batch file
>is a collection of commands; although not as sophisticated as today's
>scripts.
>
> I remember old batch files that would reboot your computer and format your
> c:\ drive or worse fdisk the whole drive. To knock on wood, I have not run
> across many viruses nowadays that do this. IMHO, I worry about spyware 10x
> more than viruses.
>
> I feel as if I have digressed, so I will stop now. :-) I hope that helps
>
>
> --
> Michael D. Alligood
> MCSA, MCDST, MCP, A+,
> Network+, i-Net+, CIW Assoc.,
> CIW Certified Instructor
>
>
>
> "BoaterDave" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed):
>
>> Ooops! Sorry about that - I was deep in thought and sent the blank
>> response
>> in error.
>>
>> Perhaps it was Divine intervention - I then saw the post from Kerry
>> Brown.
>> Or, as he's known elsewhere, TechB.
>>
>> What you couldn't know, gls858, is that my younger son, Nick, who would
>> have
>> been 36 tomorrow, tragically collapsed and died almost 8 years ago. No
>> cause
>> for his death was found. He was a computer guru, with a first class
>> degree
>> in Physics, and worked for ICL. He could *always* answer my queries
>> ........
>> and I miss him.
>>
>> I appreciate *your* help. Thank you.
>>
>> My basic understanding now is that, as a 'bat' file is not a 'virus' per
>> se,
>> it would (probably) not be picked up by an anti-virus programme. However,
>> I
>> suspect that if such a file was surepticiously placed on one's PC, it
>> could
>> issue commands to make one's PC do just about anything, including being
>> able
>> to make adjustments to, in my case, NIS 2006.
>>
>> If I'm right about this (and I recognise that I may have got it wrong yet
>> again!) unless one specifically seeks out a suspicious 'bat' file, one's
>> PC
>> could apparently be working normally whilst, at the same time, be acting
>> as
>> a 'zombie' for unscrupulous persons unknown. (Perhaps that is what my
>> 'script kiddie' meant - he's no academic, that's for sure!)
>>
>> Referring to the post from KB, I'd just mention that he 'advises' on the
>> N/g
>> to which I was lured (by email) following posts I made here with MS back
>> in
>> February. I was highly suspicious then, and still feel that there may be
>> those with malicious intent residing there (perhaps using the PC's of
>> other
>> newsgroup members as zombies too - just my theory!). I'm aware that some
>> 'members' there scan these MS newsgroups - perhaps looking for other
>> vulnerable 'clients' - I could determine no other reason.
>>
>> I didn't know what a 'Troll' was this time last year. All I've been
>> trying
>> to do is identify just how the 'bad guys' wreak havoc on the 'Net, not
>> simply 'clean' my own machine.
>>
>> FWIW (and I didn't know what that meant either, then! <g>)
>>
>> David
>> ______________________________________________________
>>
>>
>> "gls858" <(E-Mail Removed)> wrote in message
>> news:%(E-Mail Removed)...
>>
>> > It's not the fact that's it's a .bat file that makes it good or bad
>> > it's the commands that it contains. A .bat is simply a series of
>> > commands.
>> > If you want to see the contents of a .bat file simply right click and
>> > select edit. If you or your so called "script kiddie" don't understand
>> > the
>> > commands contained in the batch file I would suggest you find a real
>> > computer programmer to explain to you what the file is intended to do.
>> > Batch files are commonly used to perform redundant tasks on a schedule.
>> >
>> > gls858
>

Thanks Shenan.

............... but they *could* be? Please see my response to Michael.

David
_________________________________________________
"Shenan Stanley" <(E-Mail Removed)> wrote in message
news:%23WqE$(E-Mail Removed)...
> Yes - batch scripts can be used for bad things. So can a lot of other
> files. Doesn't mean they are.
>
> --
> Shenan Stanley
> MS-MVP
> --
> How To Ask Questions The Smart Way
> http://www.catb.org/~esr/faqs/smart-questions.html
>

Thank you for your view, Ken.

.............. so if they *could* be, would they be identified by an
anti-virus scan?

I think not. You may know different - I'm still willing to learn!

Please see my response to Michael. Thank you.

David
_________________________________________________
"Ken Blake, MVP" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
Although it's possible that such
> commands *could* be mailicious, there's nothing about their being in a bat
> file that makes them so, and most bat files by far are completely
> innoucuous.

Ken Blake - Microsoft MVP Windows: Shell/User
> Please reply to the newsgroup
>

BoaterDave wrote:
> Thanks Shenan.
>
> .............. but they *could* be? Please see my response to

*.jpgs can have viruses.
*.doc files can contain macro viruses.
You can be infested with a LOT of malware just by visiting the wrong web
page.

I never said they could not be bad - matter of fact - I said they could be
bad. What I was disagreeing with was the assertion your young friend made
that you stated, "... One thing he mentioned recently was '.bat' files. He
was absolutely adamant that, with only two exceptions, other such files
indicate that a PC has been compromised, often without the knowledge of the
user. I have tried to convince others of this, but none believe me ..." <-
it's simply not true as stated. It does *not* indicate an infested/infected
machine at all - and in the majority of cases is 100% benign.

--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html

Shenan - I appreciate you coming back to me yet again (I'm sure you must be
busy with other things, so thanks)

Perhaps you didn't read my response to Michael where I said:-

"My basic understanding now is that, as a 'bat' file is not a 'virus' per
se,
it would (probably) not be picked up by an anti-virus programme. However, I
suspect that if such a file was surepticiously placed on one's PC, it could
issue commands to make one's PC do just about anything, including being able
to make adjustments to, in my case, NIS 2006.

If I'm right about this (and I recognise that I may have got it wrong yet
again!) unless one specifically seeks out a suspicious 'bat' file, one's PC
could apparently be working normally whilst, at the same time, be acting as
a 'zombie' for unscrupulous persons unknown. (Perhaps that is what my
'script kiddie' meant - he's no academic, that's for sure!)"

I DO understand what you have explained to me. Thank you again.

HTH

David
____________________________________________
"Shenan Stanley" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> BoaterDave wrote:
>> Thanks Shenan.
>>
>> .............. but they *could* be? Please see my response to
>
> *.jpgs can have viruses.
> *.doc files can contain macro viruses.
> You can be infested with a LOT of malware just by visiting the wrong web
> page.
>
> I never said they could not be bad - matter of fact - I said they could be
> bad. What I was disagreeing with was the assertion your young friend made
> that you stated, "... One thing he mentioned recently was '.bat' files. He
> was absolutely adamant that, with only two exceptions, other such files
> indicate that a PC has been compromised, often without the knowledge of
> the user. I have tried to convince others of this, but none believe me
> ..."
<-
> it's simply not true as stated. It does *not* indicate an
> infested/infected machine at all - and in the majority of cases is 100%
> benign.
>
> --
> Shenan Stanley
> MS-MVP
> --
> How To Ask Questions The Smart Way
> http://www.catb.org/~esr/faqs/smart-questions.html
>

Almost all AV programs now have heuristics scanning. To further explain,
heuristics scanning "is similar to signature scanning, except that
instead of looking for specific signatures, heuristic scanning looks for
certain instructions or commands within a program that are not found in
typical application programs. As a result, a heuristic engine is able to
detect potentially malicious functionality in new, previously
unexamined, malicious functionality such as the replication mechanism of
a virus, the distribution routine of a worm or the payload of a trojan."
(Markus Schmall).

So along with detecting viruses by using "virus signatures", AV programs
also look for "certain instructions or commands within a program that
are not found in typical application programs." Possibly detecting your
*.bat files. While there is no golden AV program that detect all
suspicious programs, files and scripts -- and I do not want to continue
this thread with the "Best AV program" on the market, it should perform
heuristic scans to help locate these suspicious files/programs.

I hope this clears things up.

--
Michael D. Alligood
MCSA, MCDST, MCP, A+,
Network+, i-Net+, CIW Assoc.,
CIW Certified Instructor



"BoaterDave" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed):

> Thank you for your view, Ken.
>
> .............. so if they *could* be, would they be identified by an
> anti-virus scan?
>
> I think not. You may know different - I'm still willing to learn!
>
> Please see my response to Michael. Thank you.
>
> David
> _________________________________________________
> "Ken Blake, MVP" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> Although it's possible that such
> > commands *could* be mailicious, there's nothing about their being in a bat
> > file that makes them so, and most bat files by far are completely
> > innoucuous.
>
> Ken Blake - Microsoft MVP Windows: Shell/User
> > Please reply to the newsgroup
> >

BoaterDave wrote:

> Thank you for your view, Ken.
>
> .............. so if they *could* be, would they be identified by an
> anti-virus scan?
>
> I think not. You may know different - I'm still willing to learn!


Others here have called you a troll. I don't know anything of your past
postings, so I am willing to give you the benefit of the doubt, unless or
until you convince me that you are trolling. You are close to convincing me
of that, but I thought I would invest one more message before being sure.

So here's the story:

It's likely that many kinds of malicious statements in a bat file would not
be caught by a an anti-virus program. There are many kinds of malicious
software, and the kind you might find in a bat file would not be a virus,
and might not be caught. Anti-virus software does not catch everything, and
if you rely solely on anti-virus osftware for protection for security, you
are kidding yourself.

Let's say, for the sake of argument, that I want to create a file that would
delete the contents of an important folder like c:\program files. I could
write a batch file to do this, I could create an exe file to do this, I
could create a file that masqueraded as a jpg file (or any other type) to do
this. Regardless of how I did it, a virus checker might not catch it.

The point is that all of the various ways I might write something to perform
this malicious act are equivalent. There's nothing special about the bat
file, and that particular kind of file is no more risky than any other type
of file.

Over and above the points made above, you said "One thing he mentioned
recently was '.bat' files. He was absolutely adamant that, with only two
exceptions, other such files indicate that a PC has been compromised, often
without the knowledge of the user. I have tried to convince others of this,
but none believe me. "

Your young man's statement is *completely* false. There is risk in bat
files, as there is risk with any kind of files. With bat files, as with all
other files, you need to know what they are and where they came form before
you can trust them. The risk is not greater with bat files and the statement
that "with only two exceptions, other such files indicate that a PC has been
compromised" is complete and utter nonsense. If you are putting your trust
in someone who says that, you are very clearly trusting the wrong person. He
has no idea what he is talking about.

Feel free to disbelieve everything I, and everyone else here, has told you,
and trust your young man instead. It's entirely your choice.

--
Ken Blake - Microsoft MVP Windows: Shell/User
Please reply to the newsgroup



> _________________________________________________
> "Ken Blake, MVP" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> Although it's possible that such
>> commands *could* be mailicious, there's nothing about their being in
>> a bat file that makes them so, and most bat files by far are
>> completely innoucuous.
>
> Ken Blake - Microsoft MVP Windows: Shell/User
>> Please reply to the newsgroup

Mr. BoaterDave, have you ever heard of the saying that it is better to have
others wonder if you are an idiot than to open your mouth and remove all
doubt?



"BoaterDave" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
Hello TechB - nice to see you here! :-)

I think you already know the danger of '.bat' files to us mere mortals.
My real, 'in-the-flesh', ex 'script kiddie' hacker turned PC consultant has
told
me so face-to-face. I'd rather trust him than you, I'm afraid.

David
__________________________________________________
"Kerry Brown" <(E-Mail Removed)*a*m> wrote in message
news:(E-Mail Removed)...
> Trolling over here now David? Are you going to warn us all about the
> dangers of .bat files? There are a lot of them available for download from
> many MVP's sites, along with .cmd. .reg, etc..
>
> --
> Kerry Brown
> Microsoft MVP - Shell/User
> www.vistahelp.ca/phpBB2

"BoaterDave" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> My thanks to both Frank and Shenan. I appreciate your comments.
>
> I've spent hundreds of hours 'experimenting'over the last 12 months,
> culminating with a discussion with a young man (mid 20's) who is employed
> in
> a local computer shop. He is a self-confessed ex 'script kiddie' hacker
> who
> has now reformed and spends most of his time helping others by repairing
> PC's and ridding them of 'nasties'. He is real and not just a 'virtual'
> entity. I believe what he tells me. Perhaps that is because he is getting
> married soon and has introduced me to his fiance.
>
> One thing he mentioned recently was '.bat' files. He was absolutely
> adamant
> that, with only two exceptions, other such files indicate that a PC has
> been
> compromised, often without the knowledge of the user. I have tried to
> convince others of this, but none believe me.
>
> I was concerned about the web site because of the utilisation of '.bat'
> files
> if one follows the use of a HOSTS file, here:
> http://mvps.org/winhelp2002/hosts.htm


That particular site is one I will vouch for. The BAT files there are not
harmful and can be quite useful. They are also quite well known. If I were
to use them I would change the names, however, but to something I was sure I
could remember. The reason is that they are so well known that malware
might look for them and try to change them to do something nasty.

--
Frank Saunders, MS-MVP OE/WM
http://www.fjsmjs.com
Answer in newsgroup. Don't send mail.