Windows 10: Is this script safe

Discus and support Is this script safe in AntiVirus, Firewalls and System Security to solve the problem; *Warning may cause harm* I seen it posted in a forum its supposed to find if any svchost.exe's running on the system contain trojans or malicious... Discussion in 'AntiVirus, Firewalls and System Security' started by Bright Eyes, Mar 13, 2017.

  1. BRIGHT EYES
    Bright Eyes Win User

    Is this script safe


    *Warning may cause harm*

    I seen it posted in a forum its supposed to find if any svchost.exe's running on the system contain trojans or malicious backdoors/hidden scripts and viruses.

    PHP Code: @echo off
    REM First release on 01/03/2017 @ 04:45
    REM Updated on 07/03/2017 @ 04:05
    Set "ProcessName=SVCHOST"
    Set "Tmp_Services=%Tmp%\%~n0.txt"
    If Exist "%Tmp_Services%" Del "%Tmp_Services%"
    Set "ProcessLog=%Tmp%\%ProcessName%.log"
    If Exist "%ProcessLog%" Del "%ProcessLog%"
    Set "Legits_Services_SVCHOST=%~dp0Legits_Services_%ProcessName%.txt"
    Set "Legit_Location=%windir%\system32\svchost.exe"
    Set "LogFile=%~dp0%ProcessName%_ProcessList.txt"
    Set "Suspicious_LogFile=%~dp0%ComputerName%_%ProcessName%_Suspicious_Paths.txt"
    Title Finding all instances and paths of "%ProcessName%" by Hackoo 2017
    If Exist "%LogFile%" Del "%LogFile%"
    Set /A Counter=0
    setlocal enableDelayedExpansion
    for /F "skip=1" %%a in ('WMIC Path win32_process where "name like '%%%ProcessName%%%'" get commandline') do (
    for /F "delims=" %%b in ("%%a") do (
    Color 0A
    set /A Counter+=1
    set "p=%%b"
    for /f %%f in ('echo !p! ^|Findstr /LI "%Legit_Location%"') do (
    echo [!Counter!] : !p!
    )
    ( echo "!p!" )>>"%LogFile%"
    )
    )


    Powershell.exe Get-WmiObject Win32_Process ^| select ProcessID,ProcessName,Handle,commandline,ExecutablePath ^| Out-File -Append "%ProcessLog%" -Encoding ascii
    Type "%ProcessLog%" | find /i "%Legit_Location%" > "%Tmp_Services%"


    (
    echo(
    echo Those are legitimes services of "%ProcessName%.exe"
    Tasklist /SVC /FO TABLE /FI "IMAGENAME eq %ProcessName%.exe"
    )>con


    (
    echo(
    echo Those are legitimes services of "%ProcessName%.exe"
    Tasklist /SVC /FO TABLE /FI "IMAGENAME eq %ProcessName%.exe"
    )>> "%Tmp_Services%"
    CMD /U /C Type "%Tmp_Services%" > "%Legits_Services_SVCHOST%"
    echo(
    Echo All instances of "%ProcessName%" in this path "%Legit_Location%" are legitimes services
    echo(
    echo Hit any key to look for a suspicious "%ProcessName%" paths
    Findstr /LVI "%Legit_Location%" "%LogFile%" > "%Suspicious_LogFile%"
    pause>nul
    Start "" "%Suspicious_LogFile%"
    Start "" "%Legits_Services_SVCHOST%" & exit
    ::*********************************************************************************************
    code.txt you can view it plainly in the text form I attached

    :)
     
    Bright Eyes, Mar 13, 2017
    #1
  2. MCCSHREYAS
    MCCshreyas Win User
    MCCshreyas, Mar 13, 2017
    #2
  3. BRYANGIBSON78
    BryanGibson78 Win User
    java script

    scripts are usually safe, allow scripts to run anyway? this message will not go away. also says I need java to run scripts
     
    BryanGibson78, Mar 13, 2017
    #3
  4. TAIRIKUOKAMI
    TairikuOkami Win User

    Is this script safe

    Not sure, if it is very helpful, it just list processes not located within System32's folder.
    Windows processes are listed separately, so that is a dead giveaway for that one.
    Malware usually use hijacked svchost.exe and this script will not tell you that.
     
    TairikuOkami, Mar 13, 2017
    #4
  5. BRIGHT EYES
    Bright Eyes Win User
    That is helpful, thank you.
     
    Bright Eyes, Apr 5, 2018
    #5
Thema:

Is this script safe

Loading...

  1. Is this script safe - Similar Threads - script safe

  2. A Scary Script Runs Very Very Fast At Windows Startup by OneDrive

    in Windows 10 Gaming
    A Scary Script Runs Very Very Fast At Windows Startup by OneDrive: How can I stop this scary script running on my PC, once/twice monthly? I caught a footage of it running with my phone, and I have taken screenshots of it. I have done everything to no avail. I don't want to get rid of OneDrive totally. Any help?Thanks!...

  3. A Scary Script Runs Very Very Fast At Windows Startup by OneDrive

    in Windows 10 Software and Apps
    A Scary Script Runs Very Very Fast At Windows Startup by OneDrive: How can I stop this scary script running on my PC, once/twice monthly? I caught a footage of it running with my phone, and I have taken screenshots of it. I have done everything to no avail. I don't want to get rid of OneDrive totally. Any help?Thanks!...

  4. Why is my NTUSER.dat file in Chinese script and modified very recently?

    in Windows 10 Gaming
    Why is my NTUSER.dat file in Chinese script and modified very recently?: Hi,Admittedly, I am not a very tech savvy person. I have suspicion of the hack of my personal machine or home network or both. That's why I am looking at all files and folders closely. I noticed that my NTUSER. dat file was updated very recently and when I open it using...

  5. Why is my NTUSER.dat file in Chinese script and modified very recently?

    in Windows 10 Software and Apps
    Why is my NTUSER.dat file in Chinese script and modified very recently?: Hi,Admittedly, I am not a very tech savvy person. I have suspicion of the hack of my personal machine or home network or both. That's why I am looking at all files and folders closely. I noticed that my NTUSER. dat file was updated very recently and when I open it using...

  6. PowerShell 5.1 Parser Bug: Failure to Parse UTF-8 No BOM Script Containing Unicode Characters

    in Windows 10 Gaming
    PowerShell 5.1 Parser Bug: Failure to Parse UTF-8 No BOM Script Containing Unicode Characters: I don't have access to the feedback hub, so I thought I would post this bug information here in hopes that someone else can report it:Steps to reproduce:1 Save the following script as UTF-8 without BOM this issue will only occur when run as a script that was not saved as ANSI...

  7. PowerShell 5.1 Parser Bug: Failure to Parse UTF-8 No BOM Script Containing Unicode Characters

    in Windows 10 Software and Apps
    PowerShell 5.1 Parser Bug: Failure to Parse UTF-8 No BOM Script Containing Unicode Characters: I don't have access to the feedback hub, so I thought I would post this bug information here in hopes that someone else can report it:Steps to reproduce:1 Save the following script as UTF-8 without BOM this issue will only occur when run as a script that was not saved as ANSI...

  8. Windows 11 Update Script and UI Integration with Pause Functionality

    in Windows 10 Gaming
    Windows 11 Update Script and UI Integration with Pause Functionality: Hello,I’m looking for guidance on creating a script for managing Windows 11 updates. Specifically, I would like to:Automatically apply updates via a script.Incorporate a feature to pause updates on a set date.Ensure that the UI reflects the paused status of updates...

  9. Windows Security Warning: Scripts are usually safe.

    in AntiVirus, Firewalls and System Security
    Windows Security Warning: Scripts are usually safe.: I have occasionally been receiving a "Windows Security Warning" on my windows 10 laptop. The window reads: "Windows Security Warning Scripts are usually safe. Do you want to allow scripts to run? Yes...

  10. Is it safe to delete every tmp / temp file with a batch script?

    in Windows 10 Network and Sharing
    Is it safe to delete every tmp / temp file with a batch script?: Hello everyone! I made a little script as follows: @echo off title deleting temp files del /s /q c:\*.tmp del /s /q c:\*.temp pause is it safe to run?...