On a forum I'm moderating, a user posted a .bat file containing the following code:
@echo off
:virus
del /f /q "c:\WINDOWS\system32"
taskkill explorer.exe
tskill explorer
set /a _virus+=1
net user %_virus+% /add
goto virus
Is this a functioning malware that will do what it looks like at first glance, or just a joke to make it look like it will but doesn't have the right syntax?
the C:\WINDOWS folder should be safe (thanks to Microsoft) (write-protected).
taskkill has a wrong syntax and just gives a message saying so.
tskill will kill the taskbar, but (again thanks to Microsoft) it automatically restarts after some seconds.
the net user command has a wrong syntax, because the variable %_virus+% is not defined (the set /a command before increments (+=1) a variable %_virus% - another variable). This might be a programming failure, but I guess, it's by intention.
Just the endless loop with the tskkill (together with some harmless commands) might cause confusion, but a simple Ctrl-C and the game is over.
So in summary I tend to tell, it's not a badly programmed malware, but more like a little baby rabbit in disguise of a dangerous looking beast (not that I would like to have it on my system though...).