Batch Antivirus
As the previous thread was archived I'm creating this one because I'm doing some changes
60 Replies
Several bugs have been fixed in Deep Scanner which makes it more effective against malware
And I'm thinking of making a Batch Antivirus launcher, what do you think?
I've already made one but it's ugly asf
Let me know if you have any suggestion
seems like a neat idea, do you mean like a TUI?
yes
something like that
I can give you 45 million hashes.
Are they sha256?
@UEFI Ransomware
No I have only 700k in SHA256 files.
"only"
If you could share the database somehow I'd highly appreciate it
Do you have any concepts yet? I'd love to see what you have in mind
Well not really I just made a launch menu
But i don't quite like it
Do you use arrow keys or something to navagate it, or is it more of a
"1.) option1
2.) option2
: selection an option"
type thing?
Because I can't imagine capturing keypresses with batch unless you can use the WinAPI in batch
1 option 2 option xd
there are a couple of ways to do it without external programs
powershell?
No, directly with batch
Really?
choice command and xcopy command trick
I've never heard of it, but it sounds like a hacky way to do it
Batch Antivirus can now scan the executables of the current running processes
I have total 6 million SHA256 hashes.
5 million with name.
Of the virus
Opps 6.65m 5.65 virus names.
Batch Antivirus
Batch Antivirus, a powerful antivirus suite written in batch with real-time protection and heuristical scanning.
New update to Batch Antivirus
- DB updates
- Improved Deep Scan module
- Added Windows Defender tamper detection
- Improved administration requirement detection
- Improved fork bomb detection
- Adjusted weight of each particular detection in order to reduce false positives and false negatives
Added
.LowConfidence suffix on detections to avoid alerting the user when the detection isn't clear
I'm working on BAV which will have a completely new folder structure, a launcher menu, and many improvements in BAV.bat (which has been renamed to BAVDisk.bat btw as BAV.bat is now the launcher)
A couple of bugs have been fixed in relation with deep scanner
- Detection for obfuscated files wasn't working properly
- Argument parsing errors caused the program to ignore command-line arguments
Greatly improved the quality of the readme and added extensive information
Do you think that saying "World's most precise automated batch file behavior analyzer." is an exaggeration?
I couldn't find any program, even professional antiviruses or sandboxes that detect so well the behavior of a particular batch file
Released Batch Antivirus v3.2.0
- Includes these changes previously mentioned
- Bug fixes
- Database update
Added detection for VM avoiding in deep scanHow do you go about detecting for a VM in batch? Just a curious question
Includes these changes previously mentionedFor future releases it may be better to say what changes where actually done, it'll prove useful if you want to do something like a Github release it's best to just be verbose about it I would be nice if you had a github link at the top of this post or pinned somewhere
GitHub
GitHub - anic17/Batch-Antivirus: Batch Antivirus, a powerful antivi...
Batch Antivirus, a powerful antivirus suite written in batch with real-time protection and heuristical scanning. - anic17/Batch-Antivirus
Malware that detects VMs usually check for certain files only present on virtual machines (for example, some drivers) and weird vendor/BIOS information, such as Microsoft instead of American Megatrends
like
HKLM\SOFTWARE\VMware, Inc.\VMware Tools
a regular computer doesn't have these registry keys
I usually do that on big releases, but as a small dev log, I felt like it wasn't that essentialAh alright
Improved the detection capabilities of Batch Antivirus inside archives packed with Batch File Packer (BFP)
That's how it looks like now
Batch Antivirus website blocking has been improved with better website IP obtention + multiple IPs per single website, thus increasing the chances of detecting the access to a blocked site.
On a technical note, it switched from
ping to nslookup
Plus a couple of bugs were fixed in RealTimeProtection.bat and BAVWebsiteBlocker.batCan you elaborate on what this mean for the dumb dumbs like me who don't understand?
What kind of bug?
Basically ping just, as the name says, pings the page, where nslookup gets (looksup) the name system (ns) info of a website
This way I can retrieve if a domain has multiple IPs associated with it
I was doing my tests with Moodle.org and geogebra.org because they both have 3 or 4 IPs and it did work well
In real time protection there was a bug related to a non-escaped string which caused BAV to potentially write to a file outside of the log file
As per the website blocker, can't remember exactly but what something very minor
Please tag me on database updates.
Alright
How well does Windows support ANSI? I would like to see some color in the output here if possible
I think it would be a very neat addition if possible
From my understanding of Windows it is possible to at least check if it's enabled
I could try adding that
These two coming weeks I'm extremely busy and I don't think I'll have time to do it
Maybe tomorrow afternoon but can't promise anything tbh
Thats perfectly fine, I hope all is well with you. I'm just spitting out ideas no pressure on getting them implemented.
Yeah I'm just in my batxillerat final week rn
What the fuck is this website
https://www.answeroverflow.com/m/1103427598060634203
Batch Antivirus - Program Dream
As the previous thread was archived I'm creating this one because I'm doing some changes
Huh,,,
Weird. I mean I've seen websites that steal answers from stack and put it on their sight
But Discord
Seems like everything on our server is on answeroverflow
I don't really see it as a bad thing though
Program Dream Community - Answer Overflow
We’re a community of programmers. We’re developing 🌎 Websites, 🎮 Games, 🤖 Discord bots, and various applications in
https://github.com/AnswerOverflow/AnswerOverflow their goal is to index Discord servers, yeah
GitHub
GitHub - AnswerOverflow/AnswerOverflow: Indexing Discord Help Chann...
Indexing Discord Help Channel Questions into Google - AnswerOverflow/AnswerOverflow
Yeah I saw
I think it's nice to preserve Discord servers
It is, I wonder if he has considered the legal risk he's taking
Reminds me of the spy.pet thingy
That's what I was thinking
But seeing as it's open source, I think it'll have less of an issue like spy.pet had
It's also a free service
The data is not open-source, it's just the code
He also does sell an enterprise version with your own domain and no ads 🤨
Their privacy policy doesn't hold for EU at least (so he'd have to make sure to filter out content from people in the EU)
But unlike spy.pet it's not required to use the service. Keeping the data private makes sense in a way, but also that could be used maliciously
Does he?
It's either him or whoever added this server to his bot (unless he's a subprocessor in Discord's privacy policy)
Would be funny if someone sues but I don't think anyone cares enough
It's also not being used in any harmful way, at least that we know of yet. So I wouldn't even see a reason to go out and sue him.
Yeah, the intention is different for his project
bruh
why?
Is this batch antivirus being detected as a virus or a virus that it should be detecting but isn't?
batch antivirus is getting detected as a virus
Apparently Windows Defender doesn't like the
createObject("Microsoft\.XMLHTTP") string but removing create removes the flaggingHTML code for new website of the Batch Antivirus (maybe) (Repost because it fits more here)
Everyone can use this code for their projects 🙂
hmm
it would be better if it followed the overall design of all the websites
Thats why i made it i wanted it to "stick out" yk?
well I'd like to maintain a standard across all websites
ok
Hey guys,
i made a Batch skript, making you able to remove the Intercept feature:
https://github.com/Jo8ujethoia/BAV-RemoveIntercept
GitHub
GitHub - Jo8ujethoia/BAV-RemoveIntercept: Addon for BAV, removing I...
Addon for BAV, removing Intercept after running it. - Jo8ujethoia/BAV-RemoveIntercept
Nice
However keep in mind that it trashed the file extensions for me because it first deletes the current associations and then tries to import the registry files
Deleting the registry isn't necessary and is in fact dangerous; it is better to try and overwrite it directly with the RegBackup files, if it doesn't work, at least it doesn't entirely delete your file associations
Luckily I had an open terminal and I was able to use
reg import to fix it, but I couldn't run any program on my PC neither from Windows + R nor from the Start menu, not even Task Manager with CTRL + SHIFT + ESC
@Lonox Launcher
Merged USBCleaner and USBScan into a single module