W32.BatmanTroj


Aliases: Trojan.Win32.Batman.b, QDel122, W32.BatmanTroj, TR/Batman.B, Troj/Batman-D
Variants: Trj/W32.Batman, Trojan.Win32.Batman.a, Win32/Batman!Trojan

Classification: Malware
Category: Trojan Horse

Status: Inactive
Spreading: Slow
Geographical info: N/A
Removal: Hard
Platform: W32
Discovered: 06 Feb 2001
Damage: High

Characteristics: The W32.BatmanTroj is a malware capable of deleting the entire contents of a compromised system running under a Windows Operating System platform.

More details about W32.BatmanTroj

The primary characteristic of the W32.BatmanTroj malware is to delete various, if not all files on a compromised machine. This Trojan can delete every file from the C:\ root which includes Command.com, Autoexec.bat, and Config.sys. It can likewise delete the files Himem.sys, System.ini, Protocol.ini, and Win.ini in the C:\ Windows folder. On the other hand, it will delete a file that it has dropped in the folder C:\ Windows\ System folder. This file is the El90x???.sys which is reportedly the Trojan’s backup file. Since this Trojan can delete the Operating System when not removed promptly, Windows cannot load. This Trojan may also have the ability to modify the registry by adding values for its malicious purposes. The function that separates the W32.BatmanTroj malware from other BAT Trojans is its double-facing ability.

This Trojan can scan for both COM and BAT files and depending on the file found, it can carry out two different operations. If the Trojan located a BAT file, it will execute as a batch file. A .bat file or BAT file is simply a batch file that can execute a sequence of commands. A conventional and clean batch file is a plain .txt file that can be opened via normal Windows text editors like Notepad. On the other hand, if a COM file was located by the Trojan, it will run itself as a COM file. Since very little is known about this particular malware, users can try to remove the malware and all its associated files by using a good antivirus application. Make sure that the antivirus application has updated virus definitions.