[first post, i love avast, it missed one that malwarebytes caught, not sure if this is the right way to address this, here goes ...]
I was running an invisible exe created by Bat To Exe Converter V1.5 (at
www.f2ko.de) from a 3 line batch:
xcopy D:\MyDocs\Thunderbird\contacts\abook.mab C:\Portable\ThunderbirdPortable\Data\profile /Y
C:\Portable\ThunderbirdPortable\ThunderbirdPortable.exe
move C:\Portable\ThunderbirdPortable\Data\profile\abook.mab D:\MyDocs\Thunderbird\contacts
I should have scanned
www.f2ko.de with Norton SafeWeb! They says 4 trojans there ...
http://safeweb.norton.com/report/show?url=f2ko.deAnyway, this exe (from a converted batch) ensures my address book is backed up with my MyDocs folder along with my Tbird account folders. If portable Tbird allowed me to specify my address book location, this wouldn't be needed. And, I don't want to see a dos window in the task bar while I run Tbird.
The problem: random browser redirects with FF 3.6 in Win7 x64. It was only on Google search results and not every result. Once I stopped running the exe created by Bat To Exe Converter and deleted the exe, no problems. Malwarebytes finds Trojan.VkHost but Avast finds nothing.
Here's how I reproduce the problem ...
1. download Bat To Exe Converter 1.5 and run it
2. create a batch file with 2 lines: dir, pause
3. convert it with Bat to Exe with the invisible setting
4. scan it the test.exe:
Malwarebytes' Anti-Malware 1.44, Database version: 3826
Files Infected:
c:\Download\portable updates\bat_to_exe_converter\test-dir-pause.exe (Trojan.VkHost) -> No action taken.
Here's the PASSWORD protected 7z file with the test batch file, test.exe, and Malwarebytes output (truncated):
http://www.megaupload.com/?d=KJXESB76Password is:
Trojan.VkHost
Thanks,
jxf011