Just wonderin' :-)

Ooops! Sorry about that - I was deep in thought and sent the blank response
in error.

Perhaps it was Divine intervention - I then saw the post from Kerry Brown.
Or, as he's known elsewhere, TechB.

What you couldn't know, gls858, is that my younger son, Nick, who would have
been 36 tomorrow, tragically collapsed and died almost 8 years ago. No cause
for his death was found. He was a computer guru, with a first class degree
in Physics, and worked for ICL. He could *always* answer my queries ........
and I miss him.

I appreciate *your* help. Thank you.

My basic understanding now is that, as a 'bat' file is not a 'virus' per se,
it would (probably) not be picked up by an anti-virus programme. However, I
suspect that if such a file was surepticiously placed on one's PC, it could
issue commands to make one's PC do just about anything, including being able
to make adjustments to, in my case, NIS 2006.

If I'm right about this (and I recognise that I may have got it wrong yet
again!) unless one specifically seeks out a suspicious 'bat' file, one's PC
could apparently be working normally whilst, at the same time, be acting as
a 'zombie' for unscrupulous persons unknown. (Perhaps that is what my
'script kiddie' meant - he's no academic, that's for sure!)

Referring to the post from KB, I'd just mention that he 'advises' on the N/g
to which I was lured (by email) following posts I made here with MS back in
February. I was highly suspicious then, and still feel that there may be
those with malicious intent residing there (perhaps using the PC's of other
newsgroup members as zombies too - just my theory!). I'm aware that some
'members' there scan these MS newsgroups - perhaps looking for other
vulnerable 'clients' - I could determine no other reason.

I didn't know what a 'Troll' was this time last year. All I've been trying
to do is identify just how the 'bad guys' wreak havoc on the 'Net, not
simply 'clean' my own machine.

FWIW (and I didn't know what that meant either, then! g)

David
__________________________________________________ ____


"gls858" wrote in message
...

It's not the fact that's it's a .bat file that makes it good or bad
it's the commands that it contains. A .bat is simply a series of commands.
If you want to see the contents of a .bat file simply right click and
select edit. If you or your so called "script kiddie" don't understand the
commands contained in the batch file I would suggest you find a real
computer programmer to explain to you what the file is intended to do.
Batch files are commonly used to perform redundant tasks on a schedule.

gls858

Kerry Brown wrote:
BoaterDave is a troll. He has been told that .bat files are not
inherently more harmful than any other executable file many times in
other newsgroups. He ignores everyone's advice and attempts to get
unsuspecting computer users to scan their computers for .bat files and
delete any they find. He has caused a lot of unnecessary worry by
telling people they are infected and urging them to do many different
anti-malware scans. When the scans come up empty he insists they are
still infected and points them to yet another online scanning engine. At
best he is a very sophistcated troll. At worst he is a very paranoid
person who needs professional help. In any case he can be safely ignored.


I suspected that from what others had posted. Especially the part about
needing professional help :-)

gls858

BoaterDave wrote:
My thanks to both Frank and Shenan. I appreciate your comments.

I've spent hundreds of hours 'experimenting'over the last 12 months,
culminating with a discussion with a young man (mid 20's) who is
employed in a local computer shop. He is a self-confessed ex
'script kiddie' hacker who has now reformed and spends most of his
time helping others by repairing PC's and ridding them of
'nasties'. He is real and not just a 'virtual' entity. I believe
what he tells me. Perhaps that is because he is getting married
soon and has introduced me to his fiance.
One thing he mentioned recently was '.bat' files. He was absolutely
adamant that, with only two exceptions, other such files indicate
that a PC has been compromised, often without the knowledge of the
user. I have tried to convince others of this, but none believe me.

I was concerned about the web site because of the utilisation of
'.bat' files
if one follows the use of a HOSTS file, he
http://mvps.org/winhelp2002/hosts.htm

Anyway, thanks for the 'thumbs-up'!

Hmmmm...

I cannot say I agree that the mere presence of *.bat or *.cmd files (similar
in most aspects) denotes that the PC has been compromised. I still use
batch scripts and VBSscripts every day - literally.

A batch script alone cannot tell you if a machine has been compromised. The
contents of said batch script can, but just its prescence tells you little
to nothing. After all - just because my car is in the driveway doesn't mean
I am home. Neither do the lights on in the house.

In other words - a batch script is not 'just because it is there' scenarios.
=)

Yes - batch scripts can be used for bad things. So can a lot of other
files. Doesn't mean they are.

--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html

Frank Saunders, MS-MVP OE/WM wrote:

"BoaterDave" wrote in message
...
Thank you, Shenan. I understand.

Now that you are here, is it your considered view that the web site I
mentioned is safe to use?


Yes, it's safe as in won't give you malware. For the most part the
information various MVPs post there is well tested. I can't vouch
for every single thing that's there because there's too much for me
to read and keep track of all of it. Fixes are always correct but
may not be appropriate or work in every situation because of the
"other program or hardware" complication. Advice is always
knowledgeable but not everyone will always agree with any particular
piece. We are individuals and don't necessarily agree with each
other about everything. As with any advice, consider the individual
giving it and their reputation.


To BoaterDave: I just wanted to echo Frank's very good advice above. MVPs
can almost always be trusted, but that doesn't mean that any one of us will
automatically agree with everything some other MVP says. We are individuals,
and although we may agree on lots of things, we are also likely to disagree
on others.

--
Ken Blake - Microsoft MVP Windows: Shell/User
Please reply to the newsgroup

BoaterDave wrote:

My thanks to both Frank and Shenan. I appreciate your comments.

I've spent hundreds of hours 'experimenting'over the last 12 months,
culminating with a discussion with a young man (mid 20's) who is
employed in a local computer shop. He is a self-confessed ex 'script
kiddie' hacker who has now reformed and spends most of his time
helping others by repairing PC's and ridding them of 'nasties'. He is
real and not just a 'virtual' entity. I believe what he tells me.
Perhaps that is because he is getting married soon and has introduced
me to his fiance.
One thing he mentioned recently was '.bat' files. He was absolutely
adamant that, with only two exceptions, other such files indicate
that a PC has been compromised, often without the knowledge of the
user. I have tried to convince others of this, but none believe me.


I certainly don't believe you. The statement is complete nonsense. Your
young man has no idea what he's talking about. A bat file is simply a text
file containing one or more commands. Although it's possible that such
commands *could* be mailicious, there's nothing about their being in a bat
file that makes them so, and most bat files by far are completely
innoucuous. I have many bat files on this computer--some written by me, some
by others--and none of them are malicious.

--
Ken Blake - Microsoft MVP Windows: Shell/User
Please reply to the newsgroup

I guess I will join this thread and post my 2 cents in as well. Let us
start with the basics: What is a virus? According to Microsoft, a
viruses are, "(Computer viruses are) software programs that are
deliberately designed to interfere with computer operation, record,
corrupt, or delete data, or spread themselves to other computers and
throughout the Internet." This includes *.bat files. So can *.bat files
be viruses? Of course. It is a possibility. However, *.bat files are old
technology (but that is still in use today). The probability of a *.bat
virus spreading on the internet is slim; at least one that is spreading
quickly in the wild. A batch file is a collection of commands; although
not as sophisticated as today's scripts.

I remember old batch files that would reboot your computer and format
your c:\ drive or worse fdisk the whole drive. To knock on wood, I have
not run across many viruses nowadays that do this. IMHO, I worry about
spyware 10x more than viruses.

I feel as if I have digressed, so I will stop now. :-) I hope that helps


--
Michael D. Alligood
MCSA, MCDST, MCP, A+,
Network+, i-Net+, CIW Assoc.,
CIW Certified Instructor



"BoaterDave" wrote in message
:

Ooops! Sorry about that - I was deep in thought and sent the blank response
in error.

Perhaps it was Divine intervention - I then saw the post from Kerry Brown.
Or, as he's known elsewhere, TechB.

What you couldn't know, gls858, is that my younger son, Nick, who would have
been 36 tomorrow, tragically collapsed and died almost 8 years ago. No cause
for his death was found. He was a computer guru, with a first class degree
in Physics, and worked for ICL. He could *always* answer my queries ........
and I miss him.

I appreciate *your* help. Thank you.

My basic understanding now is that, as a 'bat' file is not a 'virus' per se,
it would (probably) not be picked up by an anti-virus programme. However, I
suspect that if such a file was surepticiously placed on one's PC, it could
issue commands to make one's PC do just about anything, including being able
to make adjustments to, in my case, NIS 2006.

If I'm right about this (and I recognise that I may have got it wrong yet
again!) unless one specifically seeks out a suspicious 'bat' file, one's PC
could apparently be working normally whilst, at the same time, be acting as
a 'zombie' for unscrupulous persons unknown. (Perhaps that is what my
'script kiddie' meant - he's no academic, that's for sure!)

Referring to the post from KB, I'd just mention that he 'advises' on the N/g
to which I was lured (by email) following posts I made here with MS back in
February. I was highly suspicious then, and still feel that there may be
those with malicious intent residing there (perhaps using the PC's of other
newsgroup members as zombies too - just my theory!). I'm aware that some
'members' there scan these MS newsgroups - perhaps looking for other
vulnerable 'clients' - I could determine no other reason.

I didn't know what a 'Troll' was this time last year. All I've been trying
to do is identify just how the 'bad guys' wreak havoc on the 'Net, not
simply 'clean' my own machine.

FWIW (and I didn't know what that meant either, then! g)

David
__________________________________________________ ____


"gls858" wrote in message
...

It's not the fact that's it's a .bat file that makes it good or bad
it's the commands that it contains. A .bat is simply a series of commands.
If you want to see the contents of a .bat file simply right click and
select edit. If you or your so called "script kiddie" don't understand the
commands contained in the batch file I would suggest you find a real
computer programmer to explain to you what the file is intended to do.
Batch files are commonly used to perform redundant tasks on a schedule.

gls858

Hello Michael,

Thank you for responding. Your comments were rather supportive of my theory.

I haven't (or so I thought!) intimated that *.bat files are spreading 'in
the wild', rather that I feel that they may be being utilised by (probably)
a small number of 'bad guys' who are hiding within a specific newsgroup, the
purpose of which is supposed to help others with their PC problems (*still*
no concrete proof, which is highly frustrating!). There are, though,
hundreds of users of the 'host' server, so many users may be compromised.

When I discussed the threat I received with our Police (once I had recovered
funds fraudulently taken from my bank account by PayPal last year) I
discovered just how massive Cybercrime has become. Discussion with their
Hi-Tech crime unit then led me to investigate further, and I discovered
findings by Sunbelt Software which, in turn, made me realise that no-one
really knows just *how* such crime is growing. So, perhaps in memory of my
son, I've done my best to identify how it *may* be being done (at least in
part).

I feel that I can take the matter little further on my own.

Thanks again.

David

PS You will find many posts I've made before if you 'Google' for BoaterDave,
but find out just who *I* am if you 'Google' for BoaterDaveTJ
__________________________________________________ __

"Michael D. Alligood" wrote in message
...
I guess I will join this thread and post my 2 cents in as well. Let us
start with the basics: What is a virus? According to Microsoft, a viruses
are, "(Computer viruses are) software programs that are deliberately
designed to interfere with computer operation, record, corrupt, or delete
data, or spread themselves to other computers and throughout the Internet."
This includes *.bat files. So can *.bat files be viruses? Of course. It is
a possibility. However, *.bat files are old technology (but that is still
in use today). The probability of a *.bat virus spreading on the internet
is slim; at least one that is spreading quickly in the wild. A batch file
is a collection of commands; although not as sophisticated as today's
scripts.

I remember old batch files that would reboot your computer and format your
c:\ drive or worse fdisk the whole drive. To knock on wood, I have not run
across many viruses nowadays that do this. IMHO, I worry about spyware 10x
more than viruses.

I feel as if I have digressed, so I will stop now. :-) I hope that helps


--
Michael D. Alligood
MCSA, MCDST, MCP, A+,
Network+, i-Net+, CIW Assoc.,
CIW Certified Instructor



"BoaterDave" wrote in message
:

Ooops! Sorry about that - I was deep in thought and sent the blank
response
in error.

Perhaps it was Divine intervention - I then saw the post from Kerry
Brown.
Or, as he's known elsewhere, TechB.

What you couldn't know, gls858, is that my younger son, Nick, who would
have
been 36 tomorrow, tragically collapsed and died almost 8 years ago. No
cause
for his death was found. He was a computer guru, with a first class
degree
in Physics, and worked for ICL. He could *always* answer my queries
........
and I miss him.

I appreciate *your* help. Thank you.

My basic understanding now is that, as a 'bat' file is not a 'virus' per
se,
it would (probably) not be picked up by an anti-virus programme. However,
I
suspect that if such a file was surepticiously placed on one's PC, it
could
issue commands to make one's PC do just about anything, including being
able
to make adjustments to, in my case, NIS 2006.

If I'm right about this (and I recognise that I may have got it wrong yet
again!) unless one specifically seeks out a suspicious 'bat' file, one's
PC
could apparently be working normally whilst, at the same time, be acting
as
a 'zombie' for unscrupulous persons unknown. (Perhaps that is what my
'script kiddie' meant - he's no academic, that's for sure!)

Referring to the post from KB, I'd just mention that he 'advises' on the
N/g
to which I was lured (by email) following posts I made here with MS back
in
February. I was highly suspicious then, and still feel that there may be
those with malicious intent residing there (perhaps using the PC's of
other
newsgroup members as zombies too - just my theory!). I'm aware that some
'members' there scan these MS newsgroups - perhaps looking for other
vulnerable 'clients' - I could determine no other reason.

I didn't know what a 'Troll' was this time last year. All I've been
trying
to do is identify just how the 'bad guys' wreak havoc on the 'Net, not
simply 'clean' my own machine.

FWIW (and I didn't know what that meant either, then! g)

David
__________________________________________________ ____


"gls858" wrote in message
...

It's not the fact that's it's a .bat file that makes it good or bad
it's the commands that it contains. A .bat is simply a series of
commands.
If you want to see the contents of a .bat file simply right click and
select edit. If you or your so called "script kiddie" don't understand
the
commands contained in the batch file I would suggest you find a real
computer programmer to explain to you what the file is intended to do.
Batch files are commonly used to perform redundant tasks on a schedule.

gls858

Thanks Shenan.

............... but they *could* be? Please see my response to Michael.

David
_________________________________________________
"Shenan Stanley" wrote in message
...
Yes - batch scripts can be used for bad things. So can a lot of other
files. Doesn't mean they are.

--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html

Thank you for your view, Ken.

.............. so if they *could* be, would they be identified by an
anti-virus scan?

I think not. You may know different - I'm still willing to learn!

Please see my response to Michael. Thank you.

David
_________________________________________________
"Ken Blake, MVP" wrote in message
...
Although it's possible that such
commands *could* be mailicious, there's nothing about their being in a bat
file that makes them so, and most bat files by far are completely
innoucuous.

Ken Blake - Microsoft MVP Windows: Shell/User
Please reply to the newsgroup

BoaterDave wrote:
Thanks Shenan.

.............. but they *could* be? Please see my response to

*.jpgs can have viruses.
*.doc files can contain macro viruses.
You can be infested with a LOT of malware just by visiting the wrong web
page.

I never said they could not be bad - matter of fact - I said they could be
bad. What I was disagreeing with was the assertion your young friend made
that you stated, "... One thing he mentioned recently was '.bat' files. He
was absolutely adamant that, with only two exceptions, other such files
indicate that a PC has been compromised, often without the knowledge of the
user. I have tried to convince others of this, but none believe me ..." -
it's simply not true as stated. It does *not* indicate an infested/infected
machine at all - and in the majority of cases is 100% benign.

--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html

Shenan - I appreciate you coming back to me yet again (I'm sure you must be
busy with other things, so thanks)

Perhaps you didn't read my response to Michael where I said:-

"My basic understanding now is that, as a 'bat' file is not a 'virus' per
se,
it would (probably) not be picked up by an anti-virus programme. However, I
suspect that if such a file was surepticiously placed on one's PC, it could
issue commands to make one's PC do just about anything, including being able
to make adjustments to, in my case, NIS 2006.

If I'm right about this (and I recognise that I may have got it wrong yet
again!) unless one specifically seeks out a suspicious 'bat' file, one's PC
could apparently be working normally whilst, at the same time, be acting as
a 'zombie' for unscrupulous persons unknown. (Perhaps that is what my
'script kiddie' meant - he's no academic, that's for sure!)"

I DO understand what you have explained to me. Thank you again.

HTH

David
____________________________________________
"Shenan Stanley" wrote in message
...
BoaterDave wrote:
Thanks Shenan.

.............. but they *could* be? Please see my response to

*.jpgs can have viruses.
*.doc files can contain macro viruses.
You can be infested with a LOT of malware just by visiting the wrong web
page.

I never said they could not be bad - matter of fact - I said they could be
bad. What I was disagreeing with was the assertion your young friend made
that you stated, "... One thing he mentioned recently was '.bat' files. He
was absolutely adamant that, with only two exceptions, other such files
indicate that a PC has been compromised, often without the knowledge of
the user. I have tried to convince others of this, but none believe me
..."
-
it's simply not true as stated. It does *not* indicate an
infested/infected machine at all - and in the majority of cases is 100%
benign.

--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html

Almost all AV programs now have heuristics scanning. To further explain,
heuristics scanning "is similar to signature scanning, except that
instead of looking for specific signatures, heuristic scanning looks for
certain instructions or commands within a program that are not found in
typical application programs. As a result, a heuristic engine is able to
detect potentially malicious functionality in new, previously
unexamined, malicious functionality such as the replication mechanism of
a virus, the distribution routine of a worm or the payload of a trojan."
(Markus Schmall).

So along with detecting viruses by using "virus signatures", AV programs
also look for "certain instructions or commands within a program that
are not found in typical application programs." Possibly detecting your
*.bat files. While there is no golden AV program that detect all
suspicious programs, files and scripts -- and I do not want to continue
this thread with the "Best AV program" on the market, it should perform
heuristic scans to help locate these suspicious files/programs.

I hope this clears things up.

--
Michael D. Alligood
MCSA, MCDST, MCP, A+,
Network+, i-Net+, CIW Assoc.,
CIW Certified Instructor



"BoaterDave" wrote in message
:

Thank you for your view, Ken.

.............. so if they *could* be, would they be identified by an
anti-virus scan?

I think not. You may know different - I'm still willing to learn!

Please see my response to Michael. Thank you.

David
_________________________________________________
"Ken Blake, MVP" wrote in message
...
Although it's possible that such
commands *could* be mailicious, there's nothing about their being in a bat
file that makes them so, and most bat files by far are completely
innoucuous.

Ken Blake - Microsoft MVP Windows: Shell/User
Please reply to the newsgroup

BoaterDave wrote:

Thank you for your view, Ken.

.............. so if they *could* be, would they be identified by an
anti-virus scan?

I think not. You may know different - I'm still willing to learn!


Others here have called you a troll. I don't know anything of your past
postings, so I am willing to give you the benefit of the doubt, unless or
until you convince me that you are trolling. You are close to convincing me
of that, but I thought I would invest one more message before being sure.

So here's the story:

It's likely that many kinds of malicious statements in a bat file would not
be caught by a an anti-virus program. There are many kinds of malicious
software, and the kind you might find in a bat file would not be a virus,
and might not be caught. Anti-virus software does not catch everything, and
if you rely solely on anti-virus osftware for protection for security, you
are kidding yourself.

Let's say, for the sake of argument, that I want to create a file that would
delete the contents of an important folder like c:\program files. I could
write a batch file to do this, I could create an exe file to do this, I
could create a file that masqueraded as a jpg file (or any other type) to do
this. Regardless of how I did it, a virus checker might not catch it.

The point is that all of the various ways I might write something to perform
this malicious act are equivalent. There's nothing special about the bat
file, and that particular kind of file is no more risky than any other type
of file.

Over and above the points made above, you said "One thing he mentioned
recently was '.bat' files. He was absolutely adamant that, with only two
exceptions, other such files indicate that a PC has been compromised, often
without the knowledge of the user. I have tried to convince others of this,
but none believe me. "

Your young man's statement is *completely* false. There is risk in bat
files, as there is risk with any kind of files. With bat files, as with all
other files, you need to know what they are and where they came form before
you can trust them. The risk is not greater with bat files and the statement
that "with only two exceptions, other such files indicate that a PC has been
compromised" is complete and utter nonsense. If you are putting your trust
in someone who says that, you are very clearly trusting the wrong person. He
has no idea what he is talking about.

Feel free to disbelieve everything I, and everyone else here, has told you,
and trust your young man instead. It's entirely your choice.

--
Ken Blake - Microsoft MVP Windows: Shell/User
Please reply to the newsgroup



_________________________________________________
"Ken Blake, MVP" wrote in message
...
Although it's possible that such
commands *could* be mailicious, there's nothing about their being in
a bat file that makes them so, and most bat files by far are
completely innoucuous.

Ken Blake - Microsoft MVP Windows: Shell/User
Please reply to the newsgroup

Mr. BoaterDave, have you ever heard of the saying that it is better to have
others wonder if you are an idiot than to open your mouth and remove all
doubt?



"BoaterDave" wrote in message
...
Hello TechB - nice to see you here! :-)

I think you already know the danger of '.bat' files to us mere mortals.
My real, 'in-the-flesh', ex 'script kiddie' hacker turned PC consultant has
told
me so face-to-face. I'd rather trust him than you, I'm afraid.

David
__________________________________________________
"Kerry Brown" *a*m wrote in message
...
Trolling over here now David? Are you going to warn us all about the
dangers of .bat files? There are a lot of them available for download from
many MVP's sites, along with .cmd. .reg, etc..

--
Kerry Brown
Microsoft MVP - Shell/User
www.vistahelp.ca/phpBB2

"BoaterDave" wrote in message
...
My thanks to both Frank and Shenan. I appreciate your comments.

I've spent hundreds of hours 'experimenting'over the last 12 months,
culminating with a discussion with a young man (mid 20's) who is employed
in
a local computer shop. He is a self-confessed ex 'script kiddie' hacker
who
has now reformed and spends most of his time helping others by repairing
PC's and ridding them of 'nasties'. He is real and not just a 'virtual'
entity. I believe what he tells me. Perhaps that is because he is getting
married soon and has introduced me to his fiance.

One thing he mentioned recently was '.bat' files. He was absolutely
adamant
that, with only two exceptions, other such files indicate that a PC has
been
compromised, often without the knowledge of the user. I have tried to
convince others of this, but none believe me.

I was concerned about the web site because of the utilisation of '.bat'
files
if one follows the use of a HOSTS file, he
http://mvps.org/winhelp2002/hosts.htm


That particular site is one I will vouch for. The BAT files there are not
harmful and can be quite useful. They are also quite well known. If I were
to use them I would change the names, however, but to something I was sure I
could remember. The reason is that they are so well known that malware
might look for them and try to change them to do something nasty.

--
Frank Saunders, MS-MVP OE/WM
http://www.fjsmjs.com
Answer in newsgroup. Don't send mail.