Is this legit file?

1) Is this unxxx.bat legit system file or need be removed? (has created
recently):

C:\WINDOWS\system32\unxxx.bat

and it code(in notepad):

p
del "C:\DOCUME~1\User\LOCALS~1\Temp\orz.exe"
if exist "C:\DOCUME~1\User\LOCALS~1\Temp\orz.exe" goto pp
del "C:\WINDOWS\system32\unxxx.bat"


2) is this Jview.dll legit system file or need be removed? (with
corresponding registry key)

C:\WINDOWS\AppPatch\Jview.dll

If you google both of those files, you'll find they are not legit, but that
your machine is infected.

"SANTANDER" <santander@microsoft.news> wrote in message
news:%23tdJe041IHA.5944@TK2MSFTNGP04.phx.gbl...
: 1) Is this unxxx.bat legit system file or need be removed? (has created
: recently):
:
: C:\WINDOWS\system32\unxxx.bat
:
: and it code(in notepad):
:
:p
: del "C:\DOCUME~1\User\LOCALS~1\Temp\orz.exe"
: if exist "C:\DOCUME~1\User\LOCALS~1\Temp\orz.exe" goto pp
: del "C:\WINDOWS\system32\unxxx.bat"
:
:
: 2) is this Jview.dll legit system file or need be removed? (with
: corresponding registry key)
:
: C:\WINDOWS\AppPatch\Jview.dll
:

Unexplained computer behavior may be caused by deceptive software
http://support.microsoft.com/kb/827315

Run a /thorough/ check for hijackware, including posting your hijackthis log
to an appropriate forum.

Checking for/Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://aumha.net/viewtopic.php?t=5878
http://wiki.castlecops.com/Malware_R...:_Introduction
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://defendingyourmachine2.blogspot.com/
http://www.elephantboycomputers.com/...moving_Malware

When all else fails, HijackThis v2.0.2
(http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware with
assistance from an expert. **Post your log to
http://aumha.net/viewforum.php?f=30,
http://forums.spybot.info/forumdisplay.php?f=22,
http://castlecops.com/forum67.html, or other appropriate forums for review
by an expert in such matters, not here.**

If the procedures look too complex - and there is no shame in admitting this
isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA) computer repair shop.

--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
AumHa VSOP & Admin http://aumha.net
DTS-L http://dts-l.net/

SANTANDER wrote:
> 1) Is this unxxx.bat legit system file or need be removed? (has created
> recently):
>
> C:\WINDOWS\system32\unxxx.bat
>
> and it code(in notepad):
>
>> pp
> del "C:\DOCUME~1\User\LOCALS~1\Temp\orz.exe"
> if exist "C:\DOCUME~1\User\LOCALS~1\Temp\orz.exe" goto pp
> del "C:\WINDOWS\system32\unxxx.bat"
>
>
> 2) is this Jview.dll legit system file or need be removed? (with
> corresponding registry key)
>
> C:\WINDOWS\AppPatch\Jview.dll

On Thu, 26 Jun 2008 16:04:04 +0300, SANTANDER wrote:

> 1) Is this unxxx.bat legit system file or need be removed? (has created
> recently):
>
> C:\WINDOWS\system32\unxxx.bat
>
> and it code(in notepad):
>
> p
> del "C:\DOCUME~1\User\LOCALS~1\Temp\orz.exe"
> if exist "C:\DOCUME~1\User\LOCALS~1\Temp\orz.exe" goto pp
> del "C:\WINDOWS\system32\unxxx.bat"
>
>
> 2) is this Jview.dll legit system file or need be removed? (with
> corresponding registry key)
>
> C:\WINDOWS\AppPatch\Jview.dll

1. CCleaner - Free
Cleans temporary internet files, cookies, history, recent urls, application
MRUs, etc. ...
http://www.filehippo.com/download_ccleaner/
If Windows Defender is utilized go to Applications, under Utilities
uncheck "Windows Defender".

2. Download David H. Lipman's MULTI_AV.EXE from the URL:
http://www.pctipp.ch/ds/28400/28470/Multi_AV.exe
http://www.pctipp.ch/downloads/dl/35905.asp
English:
http://www.raymond.cc/blog/archives/...irus-for-free/

To use this utility, perform the following...
Execute; Multi_AV.exe {Note: You must use the default folder C:\AV-CLS}
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{or Double-click on 'Start Menu' in C:\AV-CLS}

NOTE: You may have to disable your software FireWall or allow WGET.EXE to
go through your FireWall to allow it to download the needed AV vendor
related files.

C:\AV-CLS\StartMenu.BAT -- {or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in
Normal Mode.
This way all the components can be downloaded from each AV vendor's web
site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and
Reboot the PC.

You can choose to go to each menu item and just download the needed files
or you can download the files and perform a scan in Normal Mode. Once you
have downloaded the files needed for each scanner you want to use, you
should reboot the PC into Safe Mode [F8 key during boot] and re-run the
menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal
Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more
comprehensive PDF help file.

Additional Instructions:
http://pcdid.com/Multi_AV.htm

"PA Bear [MS MVP]" <PABearMVP@gmail.com> wrote in message
news:%23EFvdp51IHA.5664@TK2MSFTNGP02.phx.gbl...
> Unexplained computer behavior may be caused by deceptive software
> http://support.microsoft.com/kb/827315
>
> Run a /thorough/ check for hijackware, including posting your hijackthis
> log to an appropriate forum.
>
> Checking for/Help with Hijackware
> http://aumha.org/a/parasite.htm
> http://aumha.org/a/quickfix.htm
> http://aumha.net/viewtopic.php?t=5878
> http://wiki.castlecops.com/Malware_R...:_Introduction
> http://mvps.org/winhelp2002/unwanted.htm
> http://inetexplorer.mvps.org/data/prevention.htm
> http://inetexplorer.mvps.org/tshoot.html
> http://www.mvps.org/sramesh2k/Malware_Defence.htm
> http://defendingyourmachine2.blogspot.com/
> http://www.elephantboycomputers.com/...moving_Malware
>
> When all else fails, HijackThis v2.0.2
> (http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use.
> It will help you to both identify and remove any hijackware/spyware with
> assistance from an expert. **Post your log to
> http://aumha.net/viewforum.php?f=30,
> http://forums.spybot.info/forumdisplay.php?f=22,
> http://castlecops.com/forum67.html, or other appropriate forums for review
> by an expert in such matters, not here.**
>
> If the procedures look too complex - and there is no shame in admitting
> this isn't your cup of tea - take the machine to a local, reputable and
> independent (i.e., not BigBoxStoreUSA) computer repair shop.
>
> --
> ~Robear Dyer (PA Bear)
> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
> AumHa VSOP & Admin http://aumha.net
> DTS-L http://dts-l.net/
>
> SANTANDER wrote:
>> 1) Is this unxxx.bat legit system file or need be removed? (has created
>> recently):
>>
>> C:\WINDOWS\system32\unxxx.bat
>>
>> and it code(in notepad):
>>
>>> pp
>> del "C:\DOCUME~1\User\LOCALS~1\Temp\orz.exe"
>> if exist "C:\DOCUME~1\User\LOCALS~1\Temp\orz.exe" goto pp
>> del "C:\WINDOWS\system32\unxxx.bat"
>>
>>
>> 2) is this Jview.dll legit system file or need be removed? (with
>> corresponding registry key)
>>
>> C:\WINDOWS\AppPatch\Jview.dll
-----------

I already checked with antivirus and HijackThis v2.0.2, antiviris detected
Jview.dll as virus, but I wanted know was it this legit system file or just
malware.
As to unxxx.bat, it has not been detected by antivirus, and not marked by
HijackThis, but Deckard's System Scanner just specified it as recentrly
created, and it looks suspicious.

Thanks

SANTANDER wrote:
> As to unxxx.bat, it has not been detected by antivirus, and not marked
> by HijackThis, but Deckard's System Scanner just specified it as
> recentrly created, and it looks suspicious.

A batch file (by itself) can't be a virus because it contains only
text. But a virus could create a batch file that could use other
scripts or system commands to wreak havoc.

--
Jordon

Post your HJT log in an appropriate forum for review.

SANTANDER wrote:
> "PA Bear [MS MVP]" <PABearMVP@gmail.com> wrote in message
> news:%23EFvdp51IHA.5664@TK2MSFTNGP02.phx.gbl...
>> Unexplained computer behavior may be caused by deceptive software
>> http://support.microsoft.com/kb/827315
>>
>> Run a /thorough/ check for hijackware, including posting your hijackthis
>> log to an appropriate forum.
>>
>> Checking for/Help with Hijackware
>> http://aumha.org/a/parasite.htm
>> http://aumha.org/a/quickfix.htm
>> http://aumha.net/viewtopic.php?t=5878
>> http://wiki.castlecops.com/Malware_R...:_Introduction
>> http://mvps.org/winhelp2002/unwanted.htm
>> http://inetexplorer.mvps.org/data/prevention.htm
>> http://inetexplorer.mvps.org/tshoot.html
>> http://www.mvps.org/sramesh2k/Malware_Defence.htm
>> http://defendingyourmachine2.blogspot.com/
>> http://www.elephantboycomputers.com/...moving_Malware
>>
>> When all else fails, HijackThis v2.0.2
>> (http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use.
>> It will help you to both identify and remove any hijackware/spyware with
>> assistance from an expert. **Post your log to
>> http://aumha.net/viewforum.php?f=30,
>> http://forums.spybot.info/forumdisplay.php?f=22,
>> http://castlecops.com/forum67.html, or other appropriate forums for
>> review
>> by an expert in such matters, not here.**
>>
>> If the procedures look too complex - and there is no shame in admitting
>> this isn't your cup of tea - take the machine to a local, reputable and
>> independent (i.e., not BigBoxStoreUSA) computer repair shop.
>>
>> --
>> ~Robear Dyer (PA Bear)
>> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
>> AumHa VSOP & Admin http://aumha.net
>> DTS-L http://dts-l.net/
>>
>> SANTANDER wrote:
>>> 1) Is this unxxx.bat legit system file or need be removed? (has created
>>> recently):
>>>
>>> C:\WINDOWS\system32\unxxx.bat
>>>
>>> and it code(in notepad):
>>>
>>>> pp
>>> del "C:\DOCUME~1\User\LOCALS~1\Temp\orz.exe"
>>> if exist "C:\DOCUME~1\User\LOCALS~1\Temp\orz.exe" goto pp
>>> del "C:\WINDOWS\system32\unxxx.bat"
>>>
>>>
>>> 2) is this Jview.dll legit system file or need be removed? (with
>>> corresponding registry key)
>>>
>>> C:\WINDOWS\AppPatch\Jview.dll
> -----------
>
> I already checked with antivirus and HijackThis v2.0.2, antiviris detected
> Jview.dll as virus, but I wanted know was it this legit system file or
> just
> malware.
> As to unxxx.bat, it has not been detected by antivirus, and not marked by
> HijackThis, but Deckard's System Scanner just specified it as recentrly
> created, and it looks suspicious.
>
> Thanks