Do you convert bats to exes with the invisible setting?
Here's how I reproduce the problem ...
1. download Bat To Exe Converter 1.5 and run it
2. create a batch file with 2 lines: dir, pause
3. convert it with Bat to Exe with the invisible
4. scan it the test.exe:
Malwarebytes' Anti-Malware 1.44, Database version: 3826
c:\Download\portable updates\bat_to_exe_converter\test-dir-pause.exe (Trojan.VkHost) -> No action taken.
The symptom I experienced was random web browser redirects with Google search results. I real time up to date Avast and Windows Defender doesn't catch this. Malwarebytes catches it though! Note, it's the exe *created* but the program but not the program itself.
I was running an invisible exe that was a 3 line batch:
xcopy D:\MyDocs\Thunderbird\contacts\abook.mab C:\Portable\ThunderbirdPortable\Data\profile /Y
move C:\Portable\ThunderbirdPortable\Data\profile\abook.mab D:\MyDocs\Thunderbird\contacts
This ensures my address book is backed up with my MyDocs folder along with my Tbird account folders. If portable Tbird allowed me to specify my address book location, this wouldn't be needed. And, I don't want to see a dos window in the task bar while I run Tbird.
Anyway, since I've stopped running ThunderbirdBatch.exe which I created with Bat To Exe Converter I've had no redirects with Google search results.
Here's the PASSWORD protected 7z file with the test batch file, test.exe, and Malwarebytes output (truncated):http://www.megaupload.com/?d=KJXESB76
I'll drop a note in the Avast forums and see what they think. (Avast is great, my fave BTW despite not catching this)