Yesterday, I discovered the following batch file running in my SysWOW64 folder:
@Echo Off
cd /d C:\Windows\SysWOW64\
:Start
del svchost.exe
If Exist svchost.exe Goto Start
del %0
I discovered it when I opened task manager, because I was losing battery like crazy. I have no idea how it started running, because there were no scheduled tasks for it, no services, startup etc., and it was running without a visible window (just cmd.exe
)
Unfortunately, I killed it in a hurry, since it was maxing out resources, so I didn't catch the arguments, which would have helped make more sense from this. Has anyone experienced this before? I tried running the file through virustotal, which claims it is totally safe. Or is this a prank or something?
P.S. running Windows 10, fully updated. Malwarebytes doesn't detect anything.
Edit: Some more research brought me to a DDos malware Xuhuan, but I haven't got the registry keys and other files mentioned my McAffe, as well as no firewall prompts from explorer.exe
Edit 2: Virustotal is filled with positive reports now, so I guess this is no longer an issue!