On a forum I'm moderating, a user posted a .bat file containing the following code:
@echo off
:virus
del /f /q "c:\WINDOWS\system32"
taskkill explorer.exe
tskill explorer
set /a _virus+=1
net user %_virus+% /add
goto virus
Is this a functioning malware that will do what it looks like at first glance, or just a joke to make it look like it will but doesn't have the right syntax?
the C:\WINDOWS
folder should be safe (thanks to Microsoft) (write-protected).
taskkill
has a wrong syntax and just gives a message saying so.
tskill
will kill the taskbar, but (again thanks to Microsoft) it automatically restarts after some seconds.
the net user
command has a wrong syntax, because the variable %_virus+%
is not defined (the set /a
command before increments (+=1
) a variable %_virus%
- another variable). This might be a programming failure, but I guess, it's by intention.
Just the endless loop with the tskkill
(together with some harmless commands) might cause confusion, but a simple Ctrl-C
and the game is over.
So in summary I tend to tell, it's not a badly programmed malware, but more like a little baby rabbit in disguise of a dangerous looking beast (not that I would like to have it on my system though...).