Follow along with the video below to see how to install our site as a web app on your home screen.
Note: This feature may not be available in some browsers.
If not exist c:\Anti-Vir.Dat echo x>c:\anti-vir.dat
If not exist c:\Anti-Vir.Dat goto BailOut
BailOut:
cls
Echo You are not permitted to login, contact Tech Support
echo for further information. Ext 1234.
pause
goto BailOut
If Exist c:\%windows%\mstaskmon.exe goto BailOut
If Exist
If not exist c:\Anti-Vir.Dat goto BailOut
if exist c:\%windows%\mstaskmon.exe goto BailOut
blacklist magista.dat
if errorlevel 1 goto bailout
If exist c:\%windows%\wink*.exe goto BailOut
--------------------------------------------
W32/Frethem-Fam
C:\%windows%\Start Menu\Programs\Startup\setup.exe
Alternatively, for a computer with multi-user setting enabled, the worm
could copy itself to <user profile path>\Start Menu\Programs\Startup.
Freethem deletes:
ANTI-VIR.DAT
CHKLIST.DAT
CHKLIST.MS
CHKLIST.CPS
CHKLIST.TAV
IVB.NTZ
SMART CHK.MS
SMARTCHK.CPS
AVGQT.DAT
AGUARD.DAT
--------------------------------------------
Yaha-E
creates MSTASKMON.EXE
--------------------------------------------
W32/Badtrans-B creates MSTASKMON.EXE
F-Secure says it also creates files with the tests:
[code]
if exist c:\%windows%\KERNEL32.EXE goto BailOut
if exist c:\%windows%\system\KERNEL32.EXE goto BailOut
if exist c:\%windows%\system\CP_25389.NLS goto BailOut
--------------------------------------------
W32/ElKern-C No obvious traces.
F-Secure says:
if exist C:\%windows%\system\WQK.EXE goto BailOut
--------------------------------------------
W32/Magistr.B No obvious traces.
F-Secure says:
Magistr.b looks for and 'destroys' *.NTZ
As was done for Anti-Vir.dat, so one could create a file named c:\%windows%\Test.NTZ and look for its removal.
--------------------------------------------
W32/Hybris-B No obvious traces.
F-Secure says:
Creates Wininit.ini as do other installs.
The thing is that unless there has been a recent install one should not have a c:\%windows%\wininit.ini nor a C:\%windows%\deletefi.ini
In a stable client environment where users are not supposed to install packages one could test for these files and bar any user that has one.
--------------------------------------------
Klez-E deletes:
ANTI-VIR.DAT
CHKLIST.DAT
CHKLIST.MS
CHKLIST.CPS
CHKLIST.TAV
IVB.NTZ
SMART CHK.MS
SMARTCHK.CPS
AVGQT.DAT
AGUARD.DAT
F-Secure says:
[code]
if exist c:\%windows%\SystemWINK*.EXE goto BailOut
if exist c:\%windows%\MMC.EXE goto BailOut
if exist c:\%windows%\ADMIN.DLL goto BailOut
if exist c:\%windows%\system\ADMIN.DLL goto BailOut