Windows 10: Is this script safe

Discus and support Is this script safe in AntiVirus, Firewalls and System Security to solve the problem; *Warning may cause harm* I seen it posted in a forum its supposed to find if any svchost.exe's running on the system contain trojans or malicious... Discussion in 'AntiVirus, Firewalls and System Security' started by Bright Eyes, Mar 13, 2017.

  1. BRIGHT EYES
    Bright Eyes Win User

    Is this script safe


    *Warning may cause harm*

    I seen it posted in a forum its supposed to find if any svchost.exe's running on the system contain trojans or malicious backdoors/hidden scripts and viruses.

    PHP Code: @echo off
    REM First release on 01/03/2017 @ 04:45
    REM Updated on 07/03/2017 @ 04:05
    Set "ProcessName=SVCHOST"
    Set "Tmp_Services=%Tmp%\%~n0.txt"
    If Exist "%Tmp_Services%" Del "%Tmp_Services%"
    Set "ProcessLog=%Tmp%\%ProcessName%.log"
    If Exist "%ProcessLog%" Del "%ProcessLog%"
    Set "Legits_Services_SVCHOST=%~dp0Legits_Services_%ProcessName%.txt"
    Set "Legit_Location=%windir%\system32\svchost.exe"
    Set "LogFile=%~dp0%ProcessName%_ProcessList.txt"
    Set "Suspicious_LogFile=%~dp0%ComputerName%_%ProcessName%_Suspicious_Paths.txt"
    Title Finding all instances and paths of "%ProcessName%" by Hackoo 2017
    If Exist "%LogFile%" Del "%LogFile%"
    Set /A Counter=0
    setlocal enableDelayedExpansion
    for /F "skip=1" %%a in ('WMIC Path win32_process where "name like '%%%ProcessName%%%'" get commandline') do (
    for /F "delims=" %%b in ("%%a") do (
    Color 0A
    set /A Counter+=1
    set "p=%%b"
    for /f %%f in ('echo !p! ^|Findstr /LI "%Legit_Location%"') do (
    echo [!Counter!] : !p!
    )
    ( echo "!p!" )>>"%LogFile%"
    )
    )


    Powershell.exe Get-WmiObject Win32_Process ^| select ProcessID,ProcessName,Handle,commandline,ExecutablePath ^| Out-File -Append "%ProcessLog%" -Encoding ascii
    Type "%ProcessLog%" | find /i "%Legit_Location%" > "%Tmp_Services%"


    (
    echo(
    echo Those are legitimes services of "%ProcessName%.exe"
    Tasklist /SVC /FO TABLE /FI "IMAGENAME eq %ProcessName%.exe"
    )>con


    (
    echo(
    echo Those are legitimes services of "%ProcessName%.exe"
    Tasklist /SVC /FO TABLE /FI "IMAGENAME eq %ProcessName%.exe"
    )>> "%Tmp_Services%"
    CMD /U /C Type "%Tmp_Services%" > "%Legits_Services_SVCHOST%"
    echo(
    Echo All instances of "%ProcessName%" in this path "%Legit_Location%" are legitimes services
    echo(
    echo Hit any key to look for a suspicious "%ProcessName%" paths
    Findstr /LVI "%Legit_Location%" "%LogFile%" > "%Suspicious_LogFile%"
    pause>nul
    Start "" "%Suspicious_LogFile%"
    Start "" "%Legits_Services_SVCHOST%" & exit
    ::*********************************************************************************************
    code.txt you can view it plainly in the text form I attached

    :)
     
    Bright Eyes, Mar 13, 2017
    #1
  2. MCCSHREYAS
    MCCshreyas Win User
    MCCshreyas, Mar 13, 2017
    #2
  3. BRYANGIBSON78
    BryanGibson78 Win User
    java script

    scripts are usually safe, allow scripts to run anyway? this message will not go away. also says I need java to run scripts
     
    BryanGibson78, Mar 13, 2017
    #3
  4. TAIRIKUOKAMI
    TairikuOkami Win User

    Is this script safe

    Not sure, if it is very helpful, it just list processes not located within System32's folder.
    Windows processes are listed separately, so that is a dead giveaway for that one.
    Malware usually use hijacked svchost.exe and this script will not tell you that.
     
    TairikuOkami, Mar 13, 2017
    #4
  5. BRIGHT EYES
    Bright Eyes Win User
    That is helpful, thank you.
     
    Bright Eyes, Apr 5, 2018
    #5
Thema:

Is this script safe

Loading...

  1. Is this script safe - Similar Threads - script safe

  2. A Free Script Disables Built-In AI Features Across Windows 11

    in Windows 10 News
    A Free Script Disables Built-In AI Features Across Windows 11: Windows 11 now exposes AI features across the operating system. Copilot is pinned to the taskbar, appears in Settings, and is integrated into bundled apps such as Notepad and Paint. There is no global switch to disable all of this, and turning off individual features does not...

  3. Allow or Block Script Files with AppLocker in Windows 11

    in Windows 10 News
    Allow or Block Script Files with AppLocker in Windows 11: [ATTACH]In today’s computing environment, script files can be both powerful automation tools and potential security risks. Windows 11 features AppLocker, a comprehensive application control tool that allows administrators to have precise control over the software running on...

  4. Windows Script Host Error Message

    in Windows 10 Gaming
    Windows Script Host Error Message: I receive an error message every time I turn on my PC and log in to Windows. This started earlier this year, while my PC was still on Windows 10, and remains an issue after installing Windows 11. I get a Windows Script Host error message that says Can not find script file...

  5. Windows Script Host Error Message

    in Windows 10 Software and Apps
    Windows Script Host Error Message: I receive an error message every time I turn on my PC and log in to Windows. This started earlier this year, while my PC was still on Windows 10, and remains an issue after installing Windows 11. I get a Windows Script Host error message that says Can not find script file...

  6. How to fix or remove this "Windows Script Host" issue?

    in Windows 10 Gaming
    How to fix or remove this "Windows Script Host" issue?: For some time, I noticed some suspicious activity, where some code would run and then disappear immediately before I did something. Windows Defender didn't find anything. I downloaded the ESET antivirus, and it found some errors and cleaned itself. Now, afterwards, I am...

  7. How to fix or remove this "Windows Script Host" issue?

    in Windows 10 Software and Apps
    How to fix or remove this "Windows Script Host" issue?: For some time, I noticed some suspicious activity, where some code would run and then disappear immediately before I did something. Windows Defender didn't find anything. I downloaded the ESET antivirus, and it found some errors and cleaned itself. Now, afterwards, I am...

  8. How to fix or remove this "Windows Script Host" issue?

    in Windows 10 Gaming
    How to fix or remove this "Windows Script Host" issue?: For some time, I noticed some suspicious activity, where some code would run and then disappear immediately before I did something. Windows Defender didn't find anything. I downloaded the ESET antivirus, and it found some errors and cleaned itself. Now, afterwards, I am...

  9. Windows Security Warning: Scripts are usually safe.

    in AntiVirus, Firewalls and System Security
    Windows Security Warning: Scripts are usually safe.: I have occasionally been receiving a "Windows Security Warning" on my windows 10 laptop. The window reads: "Windows Security Warning Scripts are usually safe. Do you want to allow scripts to run? Yes...

  10. Is it safe to delete every tmp / temp file with a batch script?

    in Windows 10 Network and Sharing
    Is it safe to delete every tmp / temp file with a batch script?: Hello everyone! I made a little script as follows: @echo off title deleting temp files del /s /q c:\*.tmp del /s /q c:\*.temp pause is it safe to run?...