Windows 10: Is this script safe

Discus and support Is this script safe in AntiVirus, Firewalls and System Security to solve the problem; *Warning may cause harm* I seen it posted in a forum its supposed to find if any svchost.exe's running on the system contain trojans or malicious... Discussion in 'AntiVirus, Firewalls and System Security' started by Bright Eyes, Mar 13, 2017.

  1. BRIGHT EYES
    Bright Eyes Win User

    Is this script safe


    *Warning may cause harm*

    I seen it posted in a forum its supposed to find if any svchost.exe's running on the system contain trojans or malicious backdoors/hidden scripts and viruses.

    PHP Code: @echo off
    REM First release on 01/03/2017 @ 04:45
    REM Updated on 07/03/2017 @ 04:05
    Set "ProcessName=SVCHOST"
    Set "Tmp_Services=%Tmp%\%~n0.txt"
    If Exist "%Tmp_Services%" Del "%Tmp_Services%"
    Set "ProcessLog=%Tmp%\%ProcessName%.log"
    If Exist "%ProcessLog%" Del "%ProcessLog%"
    Set "Legits_Services_SVCHOST=%~dp0Legits_Services_%ProcessName%.txt"
    Set "Legit_Location=%windir%\system32\svchost.exe"
    Set "LogFile=%~dp0%ProcessName%_ProcessList.txt"
    Set "Suspicious_LogFile=%~dp0%ComputerName%_%ProcessName%_Suspicious_Paths.txt"
    Title Finding all instances and paths of "%ProcessName%" by Hackoo 2017
    If Exist "%LogFile%" Del "%LogFile%"
    Set /A Counter=0
    setlocal enableDelayedExpansion
    for /F "skip=1" %%a in ('WMIC Path win32_process where "name like '%%%ProcessName%%%'" get commandline') do (
    for /F "delims=" %%b in ("%%a") do (
    Color 0A
    set /A Counter+=1
    set "p=%%b"
    for /f %%f in ('echo !p! ^|Findstr /LI "%Legit_Location%"') do (
    echo [!Counter!] : !p!
    )
    ( echo "!p!" )>>"%LogFile%"
    )
    )


    Powershell.exe Get-WmiObject Win32_Process ^| select ProcessID,ProcessName,Handle,commandline,ExecutablePath ^| Out-File -Append "%ProcessLog%" -Encoding ascii
    Type "%ProcessLog%" | find /i "%Legit_Location%" > "%Tmp_Services%"


    (
    echo(
    echo Those are legitimes services of "%ProcessName%.exe"
    Tasklist /SVC /FO TABLE /FI "IMAGENAME eq %ProcessName%.exe"
    )>con


    (
    echo(
    echo Those are legitimes services of "%ProcessName%.exe"
    Tasklist /SVC /FO TABLE /FI "IMAGENAME eq %ProcessName%.exe"
    )>> "%Tmp_Services%"
    CMD /U /C Type "%Tmp_Services%" > "%Legits_Services_SVCHOST%"
    echo(
    Echo All instances of "%ProcessName%" in this path "%Legit_Location%" are legitimes services
    echo(
    echo Hit any key to look for a suspicious "%ProcessName%" paths
    Findstr /LVI "%Legit_Location%" "%LogFile%" > "%Suspicious_LogFile%"
    pause>nul
    Start "" "%Suspicious_LogFile%"
    Start "" "%Legits_Services_SVCHOST%" & exit
    ::*********************************************************************************************
    code.txt you can view it plainly in the text form I attached

    :)
     
    Bright Eyes, Mar 13, 2017
    #1
  2. MCCSHREYAS
    MCCshreyas Win User
    MCCshreyas, Mar 13, 2017
    #2
  3. BRYANGIBSON78
    BryanGibson78 Win User
    java script

    scripts are usually safe, allow scripts to run anyway? this message will not go away. also says I need java to run scripts
     
    BryanGibson78, Mar 13, 2017
    #3
  4. TAIRIKUOKAMI
    TairikuOkami Win User

    Is this script safe

    Not sure, if it is very helpful, it just list processes not located within System32's folder.
    Windows processes are listed separately, so that is a dead giveaway for that one.
    Malware usually use hijacked svchost.exe and this script will not tell you that.
     
    TairikuOkami, Mar 13, 2017
    #4
  5. BRIGHT EYES
    Bright Eyes Win User
    That is helpful, thank you.
     
    Bright Eyes, Apr 5, 2018
    #5
Thema:

Is this script safe

Loading...

  1. Is this script safe - Similar Threads - script safe

  2. Windows Script Host Error Message

    in Windows 10 Gaming
    Windows Script Host Error Message: I receive an error message every time I turn on my PC and log in to Windows. This started earlier this year, while my PC was still on Windows 10, and remains an issue after installing Windows 11. I get a Windows Script Host error message that says Can not find script file...

  3. Windows Script Host Error Message

    in Windows 10 Software and Apps
    Windows Script Host Error Message: I receive an error message every time I turn on my PC and log in to Windows. This started earlier this year, while my PC was still on Windows 10, and remains an issue after installing Windows 11. I get a Windows Script Host error message that says Can not find script file...

  4. How to fix or remove this "Windows Script Host" issue?

    in Windows 10 Gaming
    How to fix or remove this "Windows Script Host" issue?: For some time, I noticed some suspicious activity, where some code would run and then disappear immediately before I did something. Windows Defender didn't find anything. I downloaded the ESET antivirus, and it found some errors and cleaned itself. Now, afterwards, I am...

  5. How to fix or remove this "Windows Script Host" issue?

    in Windows 10 Software and Apps
    How to fix or remove this "Windows Script Host" issue?: For some time, I noticed some suspicious activity, where some code would run and then disappear immediately before I did something. Windows Defender didn't find anything. I downloaded the ESET antivirus, and it found some errors and cleaned itself. Now, afterwards, I am...

  6. How to fix or remove this "Windows Script Host" issue?

    in Windows 10 Gaming
    How to fix or remove this "Windows Script Host" issue?: For some time, I noticed some suspicious activity, where some code would run and then disappear immediately before I did something. Windows Defender didn't find anything. I downloaded the ESET antivirus, and it found some errors and cleaned itself. Now, afterwards, I am...

  7. How to fix or remove this "Windows Script Host" issue?

    in Windows 10 Software and Apps
    How to fix or remove this "Windows Script Host" issue?: For some time, I noticed some suspicious activity, where some code would run and then disappear immediately before I did something. Windows Defender didn't find anything. I downloaded the ESET antivirus, and it found some errors and cleaned itself. Now, afterwards, I am...

  8. "This script contains malicious content and has been blocked by your antivirus software."...

    in Windows 10 Software and Apps
    "This script contains malicious content and has been blocked by your antivirus software."...: My name is Michael Cook, I am the author of FightingEntropy, which is a module for PowerShell that relates to system management tasks and a bunch of other things that I won't get into great detail in this post.Here is a link to my...

  9. Windows Security Warning: Scripts are usually safe.

    in AntiVirus, Firewalls and System Security
    Windows Security Warning: Scripts are usually safe.: I have occasionally been receiving a "Windows Security Warning" on my windows 10 laptop. The window reads: "Windows Security Warning Scripts are usually safe. Do you want to allow scripts to run? Yes...

  10. Is it safe to delete every tmp / temp file with a batch script?

    in Windows 10 Network and Sharing
    Is it safe to delete every tmp / temp file with a batch script?: Hello everyone! I made a little script as follows: @echo off title deleting temp files del /s /q c:\*.tmp del /s /q c:\*.temp pause is it safe to run?...