Hidden Winstart.bat found in non-os drive  


  1. Posts : 434
    Windows 10 Pro x64
       #1

    Hidden Winstart.bat found in non-os drive


    Hi all. I found this hidden file Winstart.bat on my H: drive. I think I've seen it on my C: drive as well some time ago. I deleted it immediately, dumb move or not, before knowing anything about it.

    Opened it with notepad, but nothing was there. What can this be? Never seen it before. I have pagefile.sys on the same drive because I turned off pagefile for every other drive and only use H: drive for pagefile. Does that have anything to do with it? Something tells me that it does not.

    Windows 10 Pro x64 22H2 up to date
      My Computer


  2. Posts : 2,181
    Windows 10 Pro for the Bro
       #2

    You can open it in Notepad? Nothing saying anything about Permissions?

    Right click the file -> Properties. How big is it?



    (edit 11:08 am local time)
    That bat file has nothing to do with the PageFile.
    (btw, what is the bat file's Modification date / time?)
      My Computer


  3. Posts : 17,436
    Win 10 Pro 64-bit v1909 - Build 18363 Custom ISO Install
       #3

    Hello @BlackVen0m,

    I just searched my computer for it and it was NOT found, if that helps !
      My Computer


  4. NTN
    Posts : 976
    W10 19045.2546
       #4

    I read:

    winstart.bat is a batch file that contains a set of system commands, which can be used by a particular parasite to manipulate files, corrupt installed software, alter system configuration or launch other pest components. winstart.bat is actually a specific text file that acts in a similar way to a regular executable. However, it contains no malicious code, but only commands and therefore cannot run own processes.
    The winstart.bat file is installed and used by worm Emmapeel PIF Worm. It is also related to other parasites such as worm IRC-Worm.Ceyda.6574, worm IRC-Worm.Ceyda.6953, worm IRC-Worm.Ceyda.6966, trojan BAT.Winstart and Memory Manager 2.6. These threats can use winstart.bat for different purposes, as the files functionality depends on a particular parasite it belongs to.


    I think you should engage Chuck Norris for the job...
    https://www.malwarebytes.com/adwcleaner
      My Computers


  5. Posts : 434
    Windows 10 Pro x64
    Thread Starter
       #5

    NTN said:
    I read:

    winstart.bat is a batch file that contains a set of system commands, which can be used by a particular parasite to manipulate files, corrupt installed software, alter system configuration or launch other pest components. winstart.bat is actually a specific text file that acts in a similar way to a regular executable. However, it contains no malicious code, but only commands and therefore cannot run own processes.
    The winstart.bat file is installed and used by worm Emmapeel PIF Worm. It is also related to other parasites such as worm IRC-Worm.Ceyda.6574, worm IRC-Worm.Ceyda.6953, worm IRC-Worm.Ceyda.6966, trojan BAT.Winstart and Memory Manager 2.6. These threats can use winstart.bat for different purposes, as the file’s functionality depends on a particular parasite it belongs to.


    I think you should engage Chuck Norris for the job...
    https://www.malwarebytes.com/adwcleaner
    I deleted it manually, I should have had saved it maybe? But I was scared to have it around. Do you think it will find anything when i deleted it?
      My Computer


  6. NTN
    Posts : 976
    W10 19045.2546
       #6

    Have you tried to run AdwCleaner?

    Go for Hitman too...
    Download HitmanPro: Scan and Remove Malware
    I'm not sure, but you may get 30d free trial.
      My Computers


  7. Posts : 434
    Windows 10 Pro x64
    Thread Starter
       #7

    NTN said:
    Have you tried to run AdwCleaner?

    Go for Hitman too...
    Download HitmanPro: Scan and Remove Malware
    I'm not sure, but you may get 30d free trial.
    Yes and they did not find anything
      My Computer


  8. NTN
    Posts : 976
    W10 19045.2546
       #8

      My Computers


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 02:27.
Find Us




Windows 10 Forums