Spyware, Viruses, & Security

General discussion

Bat to Exe-- virus?

by summerian / August 28, 2007 10:19 AM PDT

While I was browsing the reviews on "Bat to Exe Converter"
by f2ko, I noticed many people referred to it as being detected as a virus. I have used this program for a some time know and
Mcafee hasn't picked anything up. I am currently torn apart on whether or not I should continue using this program to convert my batch files into executables.

Its the only freeware program that does this to my knowledge.
I have spent literally hours attempting to find an equivalent.
Any recommendations/ideas on whether or not this is a safe program?
Thanks in advance.
joe

Post a reply
Discussion is locked
You are posting a reply to: Bat to Exe-- virus?
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Bat to Exe-- virus?
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Bat to Exe
by summerian / August 28, 2007 11:32 AM PDT
In reply to: Upload the file to

I am planning to run the file(s) through the links you gave me.
Thanks for those.
So, if all the program files go positive on the tests/scans, should I assume this program is safe?
Thanks again.

Collapse -
Result Jotti scan
by Marianna Schmudlach / August 28, 2007 11:43 AM PDT
In reply to: link to Bat to exe:

File: Bat_To_Exe_Converter.zip
Status:
INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5: 6ba0370e148519de381b94ccd1eeb31a
Packers detected:
PE_PATCH, UPACK

Scan taken on 29 Aug 2007 01:27:30 (GMT)
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found Heur.Win32
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found W32/Suspicious_U.gen
Panda Antivirus
Found nothing
Rising Antivirus
Found nothing
Sophos Antivirus
Found Mal/Packer
VirusBuster
Found nothing
VBA32
Found nothing

.......

VIRUS TOTAL scan:

File Bat_To_Exe_Converter.zip received on 08.29.2007 03:32:04 (CET)


Antivirus Version Last Update Result

AhnLab-V3 2007.8.29.0 2007.08.28 -
AntiVir 7.4.1.63 2007.08.28 -
Authentium 4.93.8 2007.08.28 -
Avast 4.7.1029.0 2007.08.28 -
AVG 7.5.0.484 2007.08.28 -
BitDefender 7.2 2007.08.29 -
CAT-QuickHeal 9.00 2007.08.25 (Suspicious) - DNAScan
ClamAV 0.91.2 2007.08.29 -
DrWeb 4.33 2007.08.29 -
eSafe 7.0.15.0 2007.08.28 Suspicious Trojan/Worm
eTrust-Vet 31.1.5092 2007.08.28 -
Ewido 4.0 2007.08.28 -
FileAdvisor 1 2007.08.29 -
Fortinet 3.11.0.0 2007.08.29 -
F-Prot 4.3.2.48 2007.08.28 -
F-Secure 6.70.13030.0 2007.08.29 -
Ikarus T3.1.1.12 2007.08.28 Trojan-Downloader.Win32.Zlob.and
Kaspersky 4.0.2.24 2007.08.29 -
McAfee 5107 2007.08.28 -
Microsoft 1.2803 2007.08.29 -
NOD32v2 2489 2007.08.28 -
Norman 5.80.02 2007.08.28 W32/Suspicious_U.gen
Panda 9.0.0.4 2007.08.28 -
Prevx1 V2 2007.08.29 Generic.Malware
Rising 19.38.12.00 2007.08.28 -
Sophos 4.21.0 2007.08.29 Mal/Packer
Sunbelt 2.2.907.0 2007.08.25 VIPRE.Suspicious
Symantec 10 2007.08.29 -
TheHacker 6.1.9.175 2007.08.28 -
VBA32 3.12.2.3 2007.08.28 -
VirusBuster 4.3.26:9 2007.08.28 -
Webwasher-Gateway 6.0.1 2007.08.28 Win32.Malware.gen (suspicious)

dditional information
File size: 455475 bytes
MD5: 6ba0370e148519de381b94ccd1eeb31a
SHA1: 2c34b03e767154e4ee06c1993dd064f209490666
packers: UPACK
packers: UPack
Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PX5=800AD1B0A41BD260CBB906A766E8AE0030A57D71
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

ATENTION ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.

.....

Scanner Virus.org

Results from the virus scan of uploaded sample

File: Bat_To_Exe_Converter.zip
SHA-1 Digest: 2c34b03e767154e4ee06c1993dd064f209490666
Packers: Unknown
Status: Infected or Malware




Scanner Scanner Version Result Scan Time
ArcaVir 1.0.4 Heur.Win32 3.51641 secs
ClamAV 0.90/4040 Clean 2.85262 secs
F-PROT 4.6.7 Clean 18.0044 secs
H+BEDV AntiVir 2.1.10-68 Clean 8.0486 secs
McAfee Virusscan 5.10.0 Clean 3.10284 secs
Sophos Sweep 4.19.0 Mal/Packer 7.0768 secs

.....

Kaspersky Virus file scanner:

You're clean!

Scanned file: Bat_To_Exe_Converter.zip
Bat_To_Exe_Converter.zip/Bat_To_Exe_Converter.exe - OK
Bat_To_Exe_Converter.zip/Bat_To_Exe_Converter.exe - OK
Bat_To_Exe_Converter.zip/Bat_To_Exe_Converter.exe - OK
Bat_To_Exe_Converter.zip/LGPL - OK
Bat_To_Exe_Converter.zip/Readme.html - OK
Bat_To_Exe_Converter.zip/FASM - OK

Collapse -
The clue is there...
by R. Proffitt Forum moderator / August 28, 2007 12:15 PM PDT
In reply to: Result Jotti scan

"Packers detected:
PE_PATCH, UPACK"

Sorry if I can't write this proper but such packers are needed to compile batch files. Its a shame that some scans will call it as malware. It's not unlike those tools we use to scan for Alternate Data Streams or change system password tools. Those can set off the alarms during a scan as well.

In other words a False Positive.

Bob

Collapse -
Thanks, but how should I remove the virus now?
by summerian / August 28, 2007 12:18 PM PDT
In reply to: Result Jotti scan

Now I know, thanks to your help, that "Bat to Exe" is unsafe to use.
So there is a good chance that the virus was installed on my computer when I ran the program. How should I go about removing the virus from my computer if my current virus scanner and trend micro housecall doesn't even pick it up?

Thanks in advance.
joe

Collapse -
(NT) Is NO virus - pls. read Bob's reply !
by Marianna Schmudlach / August 28, 2007 3:04 PM PDT
Collapse -
Sorry about that...
by summerian / August 28, 2007 3:08 PM PDT

I had been working on my response and forgotten to submit it.
I came back to it later and submitted it [which is obviously when bob's reply came in]. Thanks for all the help you guys have provided.

joe

Collapse -
(NT) You Are Welcome - Glad WE could help :)
by Marianna Schmudlach / August 28, 2007 3:17 PM PDT
In reply to: Sorry about that...
Collapse -
Bat to Exe Converter
by jackyc973 / January 2, 2008 12:11 AM PST

Bat to Exe Converter is a wonderful software provided by f2ko for free. I loved it at first and doubted about it as a piece of malware later. Even with many of the positive findings in different virus scanners, it doesn't convince me to continue to use it. The reason is simple. It does has adware/malware/virus characteristics. Here is how I confirmed:
1. Before I compile any file and run it, I checked all processes in Task Manager, all processes looked normal.
2. I then compiled a test batch file and ran the resulting EXE file. Other than the EXE file showed up in the process for a few seconds, a new process with random name (such as 1E.tmp, 4F.tmp, XX.tmp etc.)showed and stayed in the process list.
3. I ended the process and compiled another batch file then ran it. Another XX.tmp showed up in the process list.
I could not confirm the XX.tmp process is harmful or not, but definitely don't want a program run without knowing what exactly it is doing. After that, I checked my computer with Symantec Antivirus, Windows Defender and Spyware Doctor, nothing is found.
Someone asked the f2ko webmaster and they replied with software bug which doesn't convince me at all.
Guys, unless there is a better explanation to it, otherwise, we may be spreading germs by using it without knowing the detail.
Would like to hear more from you folks. Thanks.

Collapse -
"packers are needed to compile batch files."
by R. Proffitt Forum moderator / January 2, 2008 12:34 AM PST
In reply to: Bat to Exe Converter

Sorry if you missed that or didn't understand that. The reasons are fairly technical and will not fit in the text box here.

Bob

Collapse -
Bat to Exe converter
by jackyc973 / January 2, 2008 12:49 AM PST

Sorry Bob, I only see a short message below:
Sorry if you missed that or didn't understand that. The reasons are fairly technical and will not fit in the text box here.

Is it technical enough that I should read the source code to understand? I just want to know what exactly is the random process (XX.tmp) doing and why it has to stay in the process and doesn't go away. If I have to read the source code and if there is one out there, I will try. Thank you for your prompt reply.

Collapse -
Good luck.
by R. Proffitt Forum moderator / January 2, 2008 2:32 AM PST
In reply to: Bat to Exe converter

Sorry, the full answer will not fit in this small space. You would have to have some background in assembler and other programming and maybe compiler language construction to start. But the usual bat compiler must have this "packer" in order to compile the bat file.

If this answer is not enough then you need to look to places that will post the rather voluminous information needed to explain how this works. Sadly I must stop here.

Bob

Collapse -
f2ko
by jackyc973 / January 2, 2008 3:46 AM PST
In reply to: Good luck.

Other than this suspicious behavior and if everything comes out positive, we should appreciate Faith Kodak (webmaster of F2KO)did a great job. If it is really a software bug, I hope he can fix it with new release. Happy New Year, guys! Will check back later.

Collapse -
Bat to Exe Converter
by jackyc973 / January 2, 2008 3:28 AM PST
http://www.av-comparatives.org/seiten/ergebnisse/report16.pdf

This is a very nice article. Scan on Bat to Exe Converter is identified as false positive. I love to hear that. But I still have no clue why EXE file compiled with Bat to Exe Converter need to generate a XX.tmp file to run and that XX.tmp sitting there in the process even the compiled EXE file is finished running in a few seconds. What is XX.tmp doing? Or may be doing nothing. I will keep monitor the network packets and put on firewalls see if it sents out information. It's good to play safe than to regret. If I find anything, I will keep you guys posted. Thanks.
Collapse -
1.4 vs 1.5
by rdunn / July 5, 2009 9:54 AM PDT
In reply to: Bat to Exe Converter

Well... I have to say version 1.4 works fine on my Vista notebook... but v1.5 gives me the annoying 'side-by-side configuration is incorrect' error. So, for now, I'll stick with 1.4... because hunting down that side-by-side business is to much hassle.

Collapse -
correction
by rdunn / July 5, 2009 10:12 AM PDT
In reply to: 1.4 vs 1.5

Never mind... bad unzipper. 1.5 works now

(isn't there an edit/delete post?)

Collapse -
That answer in the Feedback forum.
by R. Proffitt Forum moderator / July 5, 2009 11:52 AM PDT
In reply to: correction

It's why we have a preview button. This way you can read it before you commit it.

Collapse -
Not pertinent
by rdunn / July 5, 2009 12:05 PM PDT
In reply to: correction

Previewing would not help the fact that I found out afterward that the problem was my unzipping program... and then returning later, I had no option but to post again for correction.

If I could edit or delete, then I'd have done so.

Sorry, but suggesting that Preview is the answer to my query is a bit of a boilerplate and patronizing response.

good day

Collapse -
Pertinent.
by R. Proffitt Forum moderator / July 5, 2009 1:41 PM PDT
In reply to: correction

Why is answered. You can read the answer if you wish.

In short, if you need a delete, just ask and any moderator will do that for you. Editing is in the answer in the feedback forum.
Bob

Collapse -
Not
by rdunn / May 20, 2010 6:11 AM PDT
In reply to: correction

It would help to use full sentences... I have no idea what you're saying.

"Why is answered." (Did I ask "why"?) What?
"You can read the answer if you wish." (What answer to what question?)

Asking a mod to delete/edit is not very intuitive or user friendly. I'm merely remarking that other forum software allows for much easier correction of one's comments... here, you have to ask someone else for help to do it. It's not timely, easy, or obvious.

"Editing is in the answer in the feedback forum." (What answer? Where?) This makes no sense... are you saying that (somewhere) there is an explanation of how to edit, or lack of same? (other than asking a mod to do so.)

Your post did not help me understand post editing... your posts are over-brief. I'm a pc tech, but not a mind reader. (sorry)
So, what? I should search the "Feedback forum"? For answers elsewhere, I would generally link to such info.

----------------------------------------
Bob wrote:

Pertinent.
by R. Proffitt - 7/5/09 8:41 PM In reply to: correction by rdunn
Why is answered. You can read the answer if you wish.

In short, if you need a delete, just ask and any moderator will do that for you. Editing is in the answer in the feedback forum.
Bob

Popular Forums
icon
Computer Help 47,885 discussions
icon
Computer Newbies 10,322 discussions
icon
iPhones, iPods, & iPads 3,188 discussions
icon
Security 30,333 discussions
icon
TVs & Home Theaters 20,177 discussions
icon
HDTV Picture Setting 1,932 discussions
icon
Phones 15,713 discussions
icon
Windows 7 6,210 discussions
icon
Networking & Wireless 14,510 discussions

Tech for the holiday

Find recipes for July 4 with these foodie apps

The Fourth of July means fireworks, fun and food. If you're planning on a barbecue this weekend, we've got the apps to help you find holiday-inspired recipes.