Is this Bat file malicious?
-
Is this Bat file malicious?
It started with:
REGEDIT4
; @ECHO OFF
; CLS
; REGEDIT.EXE /S "%~f0"
; EXIT
The rest is just editing the HKEY_CLASSES_ROOT\CLSID\
-
Well the semi-colon denote a comment so the line is ignored. You say the rest is just editing the HKEY - well that's the important part. That batch routine is often used to add or remove Registry entries.
Is the bat file malicious? Not what you have shown us.
-
I found this .bat on my friend's system. Here's the rest of it.
[HKEY_CLASSES_ROOT\CLSID\{2D53CE07-8493-49f8-90EB-E6FCA825664F}]
"Live"=hex:01,00,00,00
"Trial"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00 ,00,00,00
"Spend"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00 ,00,00,00
"Install Date"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,0 0,00,00
"LatestLaunchDate"=hex:00,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00
[HKEY_CLASSES_ROOT\CLSID\{7FAC7678-CDDA-40bf-9EF1-DFCC4B9A4187}]
"Live"=hex:01,00,00,00
"Trial"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00 ,00,00,00
"Spend"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00 ,00,00,00
"Install Date"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,0 0,00,00
"LatestLaunchDate"=hex:00,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00
[HKEY_CLASSES_ROOT\CLSID\{618F49BB-C70C-4152-8683-6E86D0A325A2}]
"Live"=hex:01,00,00,00
"Trial"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00 ,00,00,00
"Spend"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00 ,00,00,00
"Install Date"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,0 0,00,00
"LatestLaunchDate"=hex:00,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00
[HKEY_CLASSES_ROOT\CLSID\{57D63C93-7990-49f1-907B-0718BFB57E24}]
"Live"=hex:01,00,00,00
"Trial"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00 ,00,00,00
"Spend"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00 ,00,00,00
"Install Date"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,0 0,00,00
"LatestLaunchDate"=hex:00,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00
-
It looks harmless to me, but that is not my area of expertise. Have you scanned for malware?
Note you can simply rename the file and see if anything breaks (I doubt it will).
-
That bat file dates back to Win95/98. (REGEDIT4) It appears to be the "lead-in" info for a trial version of Windows Live, with a lot of info missing. I'd delete it, it's useless.
Full Member
