Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Emsisoft detected Trojan.BAT.Delete!IK


18 Jun 2010   #1

7 Ultimate 64 bit Service Pack 1
 
 
Emsisoft detected Trojan.BAT.Delete!IK

I ran Emsisoft's "smart scan" and the above threat was detects.

More info:

File c:Windows\w7sbc\change.bat
File c:windows\w7sbc\restore.bat

This is from that program "Windows 7 Start Button Changer v 2.6" which is used by many people.

This must be a false positive?

I have not use Emsisoft to fix the issue yet, I would like some opinions please.

Malwarebytes
SuperAntiSpyware
Hitman Pro
MSE

all found nothing.


My System SpecsSystem Spec
.

18 Jun 2010   #2

Microsoft Community Contributor Award Recipient

Windows 8.1 Pro x64
 
 

I have no personal experience with the program, but considering that MSE and MBAM didn't detect anything then I would say that it is probably clean. If you want to be sure, then upload the file that was detected to:

http://www.virustotal.com

This site will scan a file against the definitions of many different anti viruses, and you will be given a percentage of detections. This should be a good indicator as to whether it is a false positive or not.

Tom
My System SpecsSystem Spec
18 Jun 2010   #3

7 Ultimate 64 bit Service Pack 1
 
 

Quote   Quote: Originally Posted by tom982 View Post
I have no personal experience with the program, but considering that MSE and MBAM didn't detect anything then I would say that it is probably clean. If you want to be sure, then upload the file that was detected to:

http://www.virustotal.com

This site will scan a file against the definitions of many different anti viruses, and you will be given a percentage of detections. This should be a good indicator as to whether it is a false positive or not.

Tom
Virustotal Report:

File c:Windows\w7sbc\change.bat

Ikarus T3.1.1.84.0 2010.06.16 Trojan.BAT.Delete

a-squared 5.0.0.26 2010.06.16 Trojan.BAT.Delete!IK
(All others did not detect anything)

File c:windows\w7sbc\restore.bat

a-squared 5.0.0.26 2010.06.16 Trojan.BAT.Delete!IK
Ikarus T3.1.1.84.0 2010.06.16 Trojan.BAT.Delete

(All others did not detect anything)

Opinions?
My System SpecsSystem Spec
.


18 Jun 2010   #4

 

I believe it says a trojan, since the .bat file changes the system files(explorer.exe). You must be safe when MSSE and MBAM is guarding your computer.
My System SpecsSystem Spec
18 Jun 2010   #5

Microsoft Community Contributor Award Recipient

Windows 8.1 Pro x64
 
 

Yes and the virutotal report has shown that the most reliable anti virus programs think that it is clean. I wouldn't worry about it.

If I were you, I would remove emisoft and just remain with MSE and MBAM, these two should protect your system sufficiently.

Tom
My System SpecsSystem Spec
18 Jun 2010   #6

Arch Linux 64-bit
 
 

It appears to be a false positive.

Emsisoft are known for their very high detection rate at a cost to a high false positive rate.
My System SpecsSystem Spec
18 Jun 2010   #7

W7-Enterprise + WS-2008 (Converted to Workstation)
 
 

Quote   Quote: Originally Posted by tom982 View Post
Yes and the virutotal report has shown that the most reliable anti virus programs think that it is clean. I wouldn't worry about it.

If I were you, I would remove emisoft and just remain with MSE and MBAM, these two should protect your system sufficiently.

Tom
"remove emsisoft" ?
why ?
sometimes you get a false positive, that happens with other antivirus-programs too...
yes, if Virustotal says those files are clean , then donīt worry about them.

RoloDman: what Emsisoft-program are using ?
if you are using a-squared, then add those 2 detected programs to the "whitelist".
problem solved...

malexous: "Emsisoft are known for their very high detection rate at a cost to a high false positive rate."

yes, a-squared has a very good detection-rate.
but where did you read about "high false positive rate" ?

on my computer a-squared has a very low false positive detection-rate, it only detected 1 single false positive,
my other A/V-programs detects a lot more.
i have some (safe) securitytest-programs in a folder that fx. makes MSE scream...

if you get too many false positives, then you can reduce the sensitivity,
and if you are worried it misses something, then you can also enhance the sensitivity.
My System SpecsSystem Spec
18 Jun 2010   #8

7 Ultimate 64 bit Service Pack 1
 
 

Quote   Quote: Originally Posted by hackerman1 View Post
Quote   Quote: Originally Posted by tom982 View Post
Yes and the virutotal report has shown that the most reliable anti virus programs think that it is clean. I wouldn't worry about it.

If I were you, I would remove emisoft and just remain with MSE and MBAM, these two should protect your system sufficiently.

Tom
"remove emsisoft" ?
why ?
sometimes you get a false positive, that happens with other antivirus-programs too...
yes, if Virustotal says those files are clean , then donīt worry about them.

RoloDman: what Emsisoft-program are using ?
if you are using a-squared, then add those 2 detected programs to the "whitelist".
problem solved...

malexous: "Emsisoft are known for their very high detection rate at a cost to a high false positive rate."

yes, a-squared has a very good detection-rate.
but where did you read about "high false positive rate" ?

on my computer a-squared has a very low false positive detection-rate,
it only detected 1 single false positive,
my other A/V-programs detects a lot more.
i have some (safe) securitytest-programs in a folder that fx. makes MSE scream...

if you get too many false positives, then you can reduce the sensitivity,
and if you are worried it misses something, then you can also enhance the sensitivity.
I am using A-Squared Free version 4.5.0.27. I white listed the detections as you said. Thank you.
My System SpecsSystem Spec
18 Jun 2010   #9

W7-Enterprise + WS-2008 (Converted to Workstation)
 
 

RoloDman: you are welcome.
thanks for the rep.

perhaps you already know that a-squared has won a lot of awards ?
if not, then take a look at Emsisoft...
itīs very good at detecting, it also works very well together with other antivirus-programs.
previously i used a2-FREE together with Avira, but now iīm using a2-FULL,
actually itīs the only antivirus-program that iīve used for the last couple of months.

i also have Avast & MSE installed, but their realtime-protection is temporarily turned off,
as i wanted to see if i detected any difference in performance.
i regularly scan with Avast, MSE & MBAM just to see if a2 has missed something.

some info about a-squared, which i posted in another thread a few days ago:

"actually, a-squared (a2) has a lot better detectionrate than MBAM....
Whis is the Best? A-squared Free Vs Malwarebytes' Anti-Malware
Which is the Best? MBAM vs A-squared Part 2
"
"get both MBAM & a2.
no antivirus / antimalware-program can detect everything,
thatīs why itīs a very good idea to use several different programs to scan your computer."

for more info about security-programs take a look at my signature...
My System SpecsSystem Spec
18 Jun 2010   #10

Microsoft Community Contributor Award Recipient

Windows 8.1 Pro x64
 
 

Quote   Quote: Originally Posted by hackerman1 View Post
Quote   Quote: Originally Posted by tom982 View Post
Yes and the virutotal report has shown that the most reliable anti virus programs think that it is clean. I wouldn't worry about it.

If I were you, I would remove emisoft and just remain with MSE and MBAM, these two should protect your system sufficiently.

Tom
"remove emsisoft" ?
why ?
sometimes you get a false positive, that happens with other antivirus-programs too...
yes, if Virustotal says those files are clean , then donīt worry about them.

RoloDman: what Emsisoft-program are using ?
if you are using a-squared, then add those 2 detected programs to the "whitelist".
problem solved...

malexous: "Emsisoft are known for their very high detection rate at a cost to a high false positive rate."

yes, a-squared has a very good detection-rate.
but where did you read about "high false positive rate" ?

on my computer a-squared has a very low false positive detection-rate, it only detected 1 single false positive,
my other A/V-programs detects a lot more.
i have some (safe) securitytest-programs in a folder that fx. makes MSE scream...

if you get too many false positives, then you can reduce the sensitivity,
and if you are worried it misses something, then you can also enhance the sensitivity.
Because MSE and MBAM are better.

Tom
My System SpecsSystem Spec
Reply

 Emsisoft detected Trojan.BAT.Delete!IK




Thread Tools



Similar help and support threads for2: Emsisoft detected Trojan.BAT.Delete!IK
Thread Forum
Solved Trojan Alureon.A Detected After Clean Win7 Install System Security
Solved Can't delete reg trojan.agent (Malwarebytes) System Security
Emsisoft AM vs MBAM System Security
Kaspersky: Trojan.Win32.AutoRun.atq. Has it been detected on MSE yet? System Security
Trojan: Win32/Bumat!rts detected from ImgBurn System Security
Emsisoft Emergency Kit 1.0 NEW!! System Security
Solved SuperAntiSpyware detected Trojan.Dropper/Win-NV System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Đ Designer Media Ltd

All times are GMT -5. The time now is 02:54 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33