BAT/HitOut.A

BAT/HitOut.A is a worm written partially in batch script of Microsoft operation systems and partially in Visual Basic script.  It requires the system Windows 98 or higher for its operation.  This worm spreads using email file attachements or on both local or network drives.

Typically, the worm arrives as an email message having subject "Hi!!:.  In the body of the message there is a German text "Hi! Guck dir mal das kranke Bild an! ;-)".  In the attachment there is a file without.bat containing the worm.

Note: In following text a symbolic inscription %windir% is used instead of the name of directory in which Windows operating system is installed. Of course, this may differ from installation to installation.

After the file without.bat is running it suppresses the performed command displaying on the screen, and copies itself into the directory %WinDir%\Start Menu\Programs\StartUp\ under the name WinStart.bat.  This assures the activation of the worm each time the system is loads.  Simultaneously, the worm is copied into the root directory of the C: drive as a file named Without.bat.  Then the worm BAT/HitOut.A creates a Visual Basic script C:\send.vbs and executes this file.  It assures the worm spreads via Microsoft Outlook email client to all addresses found in Contacts.  This part operates only if there is a Windows Scripting Host installed on infected computer.  Finally, the worm tries overwriting all .BAT files in the directory %WinDir%\Desktop and in the root directories of C:, A:, D: and E: drives.  After this activity is completed it enables displaying the commands on the screen again.

There are following texts in the body of the worm written as a comment to the code:

REM BAT/Without.c
REM by McHit

PROTECT YOUR COMPUTER!
ESETs NOD32 antivirus software provides comprehensive, easy-to-use, and affordable protection from todays and tomorrows threats. We put the malware expert inside the software, so you don’t have to become one.

DOWNLOAD ESET NOD32 ANTI VIRUS SOFTWARE