Re: Bat To Exe Converter - Trojan.VkHost creator?

Discuss anything related to portable freeware here.
Message
Author
jxf011
Posts: 7
Joined: Mon Nov 02, 2009 7:24 am

Re: Bat To Exe Converter - Trojan.VkHost creator?

#1 Post by jxf011 » Fri Mar 05, 2010 10:33 am

[Moderator note: author self-edited posts]

---

a
Last edited by jxf011 on Mon May 27, 2013 4:56 pm, edited 1 time in total.

User avatar
Napiophelios
Posts: 610
Joined: Sun Mar 01, 2009 5:48 pm

Re: Bat To Exe Converter - Trojan.VkHost creator?

#2 Post by Napiophelios » Fri Mar 05, 2010 1:28 pm

Can you share one of your custom invisible exe files here for study?

-.-
Posts: 325
Joined: Mon Oct 06, 2008 4:32 pm

Re: Bat To Exe Converter - Trojan.VkHost creator?

#3 Post by -.- » Fri Mar 05, 2010 3:58 pm

ones i made doesnt trigger anything from avira

jxf011
Posts: 7
Joined: Mon Nov 02, 2009 7:24 am

a

#4 Post by jxf011 » Fri Mar 05, 2010 5:16 pm

a
Last edited by jxf011 on Mon May 27, 2013 4:56 pm, edited 1 time in total.

-.-
Posts: 325
Joined: Mon Oct 06, 2008 4:32 pm

Re: Bat To Exe Converter - Trojan.VkHost creator?

#5 Post by -.- » Fri Mar 05, 2010 8:10 pm

try to put in some information under version information

I think I had this happen before since some scanners doesn't like nameless programs. put in a company and description and see if it still triggers alert

also your thing didnt trigger avira for me, so its probably just your program settings

User avatar
MiDoJo
Posts: 282
Joined: Thu Apr 17, 2008 2:36 pm

Re: Bat To Exe Converter - Trojan.VkHost creator?

#6 Post by MiDoJo » Fri Mar 05, 2010 9:30 pm

[offtopic]I wish people'd use Drop.io or other free no wait service instead of either making me wait on a countdown or bust out FF with it's skipscreen plugin and then hope it works[/offtopic]
my 7zipportable (latest version) didn't much care for your 7z file.
Image

User avatar
Napiophelios
Posts: 610
Joined: Sun Mar 01, 2009 5:48 pm

Re: Bat To Exe Converter - Trojan.VkHost creator?

#7 Post by Napiophelios » Sat Mar 06, 2010 2:33 am

VirusTotal Results 11/42 scanners
Jotti Results 3/20 scanners

Uncompressed file:

VirusTotal Results 11/42 scanners
Jotti's Results 2/20 scanners

These scanners use heuristic settings which will almost always find something
if you use upx or write your own bat files or make silent installers.

I seriously doubt this program adds viruses to your batch files.
If you wrote the bat file yourself I wouldnt worry too much over this

...of course I aint gonna click that exe either :lol:


MiDojo are you using the 7Zip 9.11beta? I have heard it doesnt always extract files properly.

Me personally,I dont like to download from MediaFire it takes so long to load the page and the ads and popups drive me nuts...but I use it to store files cuz my files upload almost instantly.
Maybe thats why people use filehosting services that make you wait,
not so much for your convenience,but maybe their own. :lol:

User avatar
m^(2)
Posts: 890
Joined: Sat Mar 31, 2007 2:38 am
Location: Kce,PL
Contact:

Re: Bat To Exe Converter - Trojan.VkHost creator?

#8 Post by m^(2) » Sat Mar 06, 2010 11:42 am

- Most likely it's not a false positive
- (Most likely) It does *not* add any crapware to the batches and is 100% safe to use.

So why is it considered insecure?
Because you can write crapware in any language, including MS Batch. I guess that sb. did it and packed with this converter.
The converter encrypted it and hidden in own internals (as such converters usually do) and for AV it's much easier to flag all such exes than reverse the encrypting procedures and look into the batches.
From AV perspective wrapping encrypted program code in a kind of stub is flawed procedure.

AutoHotKey compiler had (has?) this issue. Both programs work mostly the same way. It doesn't mean the reason for flagging is the same, the converter's author might have his computer infected, but this is just much less likely.

User avatar
MiDoJo
Posts: 282
Joined: Thu Apr 17, 2008 2:36 pm

Re: Bat To Exe Converter - Trojan.VkHost creator?

#9 Post by MiDoJo » Sun Mar 07, 2010 5:28 pm

Nope, using 7Zip 4.65 wrapped in PortableApps (blech ;) wrapper). Why is Portableapps at 4.x when beta is 9.x?

jxf011
Posts: 7
Joined: Mon Nov 02, 2009 7:24 am

a

#10 Post by jxf011 » Wed Mar 10, 2010 7:29 am

a
Last edited by jxf011 on Mon May 27, 2013 4:56 pm, edited 1 time in total.

User avatar
Cornflower
Posts: 227
Joined: Fri Aug 31, 2007 7:58 am
Location: Canada's capital

Re: Bat To Exe Converter - Trojan.VkHost creator?

#11 Post by Cornflower » Wed Mar 10, 2010 9:39 am

I sent the Norton report to the Contact email at f2ko.de, and also asked that he/she look at invisible compiled batch files.

User avatar
webfork
Posts: 10556
Joined: Wed Apr 11, 2007 8:06 pm
Location: US, Texas
Contact:

Re: Bat To Exe Converter - Trojan.VkHost creator?

#12 Post by webfork » Thu Mar 11, 2010 6:23 am

If I'm understanding this thread, some folks here are looking to get a batch-to-exe converter off of anti-virus programs watch list because its a false positive. The problem I see with this is that any batch file can be essentially made into a trojan. You just create a bat file with "del /s C:\WINDOWS" (a simple dos command for deleting the contents of a folder) turn it into an EXE and suddenly you have a trojan.

Since a batch file can easily be turned into something dangerous, if I were an anti-virus company, I'd want to err on the side of caution and list it as a trojan. Then, if the user wants to take the risk, that's up to them.

User avatar
MiDoJo
Posts: 282
Joined: Thu Apr 17, 2008 2:36 pm

Re: Bat To Exe Converter - Trojan.VkHost creator?

#13 Post by MiDoJo » Thu Mar 11, 2010 6:37 pm

I agree with WebFork on this one

User avatar
Cornflower
Posts: 227
Joined: Fri Aug 31, 2007 7:58 am
Location: Canada's capital

Re: Bat To Exe Converter - Trojan.VkHost creator?

#14 Post by Cornflower » Fri Mar 12, 2010 6:56 am

I agree that the real danger with batch files are the commands that are put into them.

There are actually two technical issues that I read here; one being the caution that scanners have towards compiled batch files, launchers, etc., because of the potential payload the ease of adding that payload, and the other being the products of f2ko.

The Web scan report sent to f2ko (still awaiting a response) listed four products coming up, none of which was the Bat To Exe Converter. They were all mini utilities in the CmdTools section of the web site. The topic here is whether these are false positives or infected.

The original question is whether benign batch files compiled with Bat To Exe Converter in "invisible" mode" introduced a trojan (because of some "value added" by the converter) or a false positive, as I understand it.

I have been using the converter for some time at 1.4.0, 1.4.1, and 1.5 version levels, and have occasionally found false positives in controlled situations. I determined that invisible AND properties data in 1.4.x very often came up with false positives. I verified to my satisfaction these were not trojans by watching process, temporary or created files, and modifications of registry entries during these tests. Of the limited tests I have done with 1.5, I found I could usually get rid of false positives by changing inconsequential lines in batch files and recompiling. My batch files are usually installer mechanisms that modify registry and config files before copying files, etc., and usually invisible.

So I don't have definitive answers to the queries, but have been able to make the Bat To Exe Converter work for me. So far.

jxf011
Posts: 7
Joined: Mon Nov 02, 2009 7:24 am

a

#15 Post by jxf011 » Fri Mar 12, 2010 9:56 am

a
Last edited by jxf011 on Mon May 27, 2013 4:56 pm, edited 1 time in total.

Post Reply