Database Search
TechHome
- 7 bit - 8 bit Conversions
- A Word or Phrase in the file search Not Working on XP
- Add item to right-click menu of My Computer
- Altiris Problem
- Archived Foreign Help Files
- Arm Architecture
- ASCII Chart
- Assigning Certificates to WB EXEs
- Autoit vs WinBatch
- Automating Disk Administrator
- Batch Graphics Conversion
- Binary and Logical Operators Explained
- Binary versus Logical Operators
- Bitwise Anding Explained
- Check Whether Long File Names Okay
- Console Applications with Winbatch
- Controlling Winamp Remotely
- Create Exchange account
- Create User Profile
- CSA Error in compiled Winbatch Scripts
- Currently Logged on User on Specified Machine
- Cute BAT file trick to embed WinBatch code in a DOS BAT file
- Date format of Last Scandisk and Defrag
- dbfFormatToTextConverter.wbt
- Dealing with Multiple Monitors
- Deleting File or Directory that Contains a Percent Sign
- DFS Mappings
- Digital Signature
- Directory Limits
- Disable Menus in File Browser
- Disappearing Error Messages
- DNS aliases
- EBCDIC To ASCII
- ENUM counting structure
- Exact Line Number of Error Reported
- Examples of Bitwise And Or Operators
- EXE Refuses to Run
- F-prot exe Errorlevel Strangeness Workaround
- File Comparison Utilities
- Help File Find Aborts with Unable to Display Find Tab 177
- How to Drag and Drop a file onto a Icon
- How to Get FaxWorks to Wait for Fax Finish
- How to use a WM_USER command in a SendMessage
- HTML COLOR LIST
- HTML Dialog Extender No Longer Supported
- If Versus Switch
- Infrared Ports
- INI File Limitations
- Innoculan Virus Scanner and EXEs
- Interacting with MS Exchange
- Issue with Downloaded CHM files
- Less than and Greater than Operator Problems
- Logical And with FileExist Statement
- Long Filenames in Root Directory
- MacAfee Scannow
- Mailto and ShellExecute
- Max Path in WinBatch
- McAfee virus scanner problem
- Message Boxes are Off the Screen
- Missing DEFAULT.WBT file when using Win31 Secrets Disk
- Modal Dialog Freezes Script
- MS Office Setup and Installation
- Multi-Threaded WinBatch Scripts
- Multiple FileExist Test
- Multiple Threads in WinBatch
- Netscape and Disk Cache not getting Flushed
- Office 2007 and WinTitle
- Open file - Security Warning when Running Script
- Performance Monitoring and WinBatch
- Please Wait. WinBatch Processing .... Message
- PostGreSQL Tips
- Previously documented commands
- Problem with IntControl 57
- Producing Barcodes
- Product Download Issues
- Query a DHCP Server
- Reading MP3s ID3 Tags
- Registry OCX
- Remote CD-ROM Detection
- Retrieving SNMP from an Agent
- Revision to Shammas Book Page 182
- Run McAfee VirusScan ASAP
- Scan Disk Restarting - Some Possibilities
- Scramble UnScramble Function
- Scriptit is a Compiled Winbatch EXE
- SCSI Commands
- Search for entry in Hosts file
- Shift Operators
- Shutting down Win 3.1
- Simple Fax Program
- Simplified Extender SDK from User
- SMS Interactive Service
- Snapshot and BMP to JPG Converter
- Spaces in Filenames
- SpecialHTMLCharacters
- Superceded Version Notice Outdated Version Warning
- TaskManager with No Title Bar Issue
- Textract - Grab Information from the Screen
- Ultraedit Wordfile Maker
- Unable to display the Find tab 177
- Unable to Run WinBatch Scrip
- Unblock a file
- UNC Universal Naming Convention
- USB Support in WinBatch
- User comments on WinBatch
- Using Notepad under NT3.51-4 converts text files to Unicode
- VB constants in WIL equivalence
- VCheck Proxy Password Prompt
- Volume Shadow Copy Service
- Warning Notice for Game Players
- Ways Winbatch Can Communicate with Other Applications
- Webboard and Opera Browser
- WIL File Handles Left Open on a Share
- Wildcard Masks
- Wildcarding with FileItemize and DirItemize
- WinBatch and Windows CE
- WinBatch as the Foreground Application
- WinBatch Ascii Codes
- WinBatch Falsely Flagged as a Virus
- Winbatch File Extensions
- WinBatch Helpfile Problems
- WinBatch on Mutliple Core CPU
- Winbatch Running in Disconnected Citrix Session
- Winbatch versus Windows Scripting Host
- WinBatch Versus WSH
- Winbatch vs Java
- Windows 2000 Compatiblity
- Windows 2000 Task Scheduler Problem
- Windows PE
- WinPe ADSi Support
- Wrapper for Office Products Issue
- Wrong WinVersion Reported
Can't find the information you are looking for here? Then leave a message over on our WinBatch Tech Support Forum.
WinBatch Flagged as a Virus
Keywords:Virus Anti-Virus AntiVirus Scanner False Positive Alert Detection Signature Definitions win32:evo-gen Whitelist White List Exclusion Exclude Exploit
Sometimes Antivirus tools report that a program is infected with a Virus or Trojan, even when the program is not really infected with any malicious code. This kind of problem is known as "False Positive" or "False Alert", If you have your virus scanner scan for unknown type virues AND you have an old version of the virus definitions, then WinBatch might get flagged. We have had issues in the past with various Virus scanners falsely claiming a virus on the WIL DLL, the WBCompiler.exe or even a Compiled EXEs generated by our Compiler.
So What Can You Do About It?
- First, make sure your Antivirus software has all of the latest virus definitions. This is gnerally handled via an update inside said antivirus software.
- Once you have confirmed you have all of the latest definitions and you continue to have problems, you may have to temporarily "whitelist" the file or add it to the "exclusions" list. The method to handle this is dependant on the Antivirus tool you are using. Consult the documentation.
- Now you should be up and running again, but you should still submit a 'false positive' report to the antivirus vendor. That way they can update their virus definitions to no longer flag healthy files. Some tools allow you to submit directly from the software, where as others require to submit online. See the table below for a list of antivirus tools and links to their Online False Positive Submission forms.
Question:
FYI, Trend Micro AV reports "Generic Trojan" on WBDCI34I.DLL and WBOIC34I.DLL (These are the WB DLLs for WB2002K).Has anyone else reported this? I assume it is bogus, but wanted to check.
Answer:
Sometimes Antivirus scanner reports that a program is infected with a Virus or Trojan, even when the program is not really infected with any malicious code. This kind of problem is known as "False Positive" or "False Alert",If you have your virus scanner to scan for unknown type virues AND you have an old version of the virus tables, then WinBatch might get flagged.
We have had issues before with various Virus scanner falsely claiming a virus on the WIL DLL.
Question:
Here is the situation:I had a coworker of mine bring me his son's pc. It's is running WinXP Home Edition. When he logs in w/admin privs under his username a porn XXX dialer dialog pops up and hijacks the pc to the point where I cannot do anything administratively, like run regedit, msconfig, services control panel, not even task manager runs.
I have removed all sorts of spy/malware from the computer, but the XXX dialer persists. What lead me to think that it might be WINBATCH being used is that in the registry there is a Wilson Window Ware key that appears to load a .DLL called WBDCC34I.DLL. So my questions are these:
1 - Is Winbatch capable of being maliciously used for such purposes?
2- Would it harm anything to delete the Wilson Window Ware reg key.
BTW...Nothing about Wilson or WINBATCH show up in Add/Remove Programs
Answer:
Should not harm anything, but just deleting the key probably would no do anything.However. Lets figure it out first.
a) Search the hard drive for that file WBDCC34I.DLL. What directory is it in?
If it is in a directory with a manageable number of files...withat other files, especially EXE's are in that directory.
If there are a manageable number of exe;s right click the exe name and select "Properties". Select the Version Tab and read the information in the box at the bottom. Anything mention WinBatch? If there is a "ToolSet Info" line in there, what does it say?
Also, if still a management number of files, what other DLLs are in there. Is there a WWRAS34I.DLL or a WWWSK34I.DLL?
BTW...Nothing about Wilson orWINBATCH show up in Add/RemovePrograms Well, it seems you have a copy of some program compiled with the Winbatch compiler and installed on your system. However this may have nothing do do with your problem as a number of computer manufacturers also use Winbatch for initial system setup and also to keep track of PC health type info, so having a WinBatch program that runs on your system everytime you boot up is not necessarily a bad thing.
However WinBatch is also fairly easy to get and also to program, so it can also be used for less than desireable purposes.
User Reply:
I'm glad I posted here before proceeding. You appear to be correct about it being a legit copy.
It is an HP Pavilion PC That .DLL was in C:\hp\IAccess The only other .DLL in that dir was WBOCC34I.DLL The only .EXE in that dir was HPIAccess.EXE toolsetinfo read: Compiled with WinBatch by Hewlett Packard
I look down other avenues for my culprit, and thanks again for your assistance/expertise.
Article ID: W16510
File Created: 2017:07:18:07:57:28
Last Updated: 2017:07:18:07:57:28