Scripts folder on OS drive. Contains a runme.bat - Virus?

hi

i noticed just now that i have a folder on my main OS drive (C:\) that has Windows 8 installed that is labeled "scripts". it has a runme.bat in that folder. The folder is marked as being created on Friday April 26th, 2013 9:16pm. i have no recollection of downloading or installing anything that would create this folder. i tried some googling but i couldn't find anything. I also tried scanning the folder with both Kaspersky Anti Virus and Malwarebytes. both turned up nothing. should i just delete the folder?

thanks in advance.

 

You could post the content of the .bat file here, just open it with Notepad and copy and paste. Hopefully one of us will be able to tell you what it does and whether it is safe. You could also tell us where on your C drive this scripts folder is located - I have quite a few on mine, all installed by software I've installed. Do not double click the file or it may execute.

 

hello

i couldn't figure out a way to open it with Notepad cause that option didn't appear when i right clicked the .bat file. i chose Edit instead and this is what came up in Notepad.

regsvr32.exe atl.dll /s
regsvr32.exe urlmon.dll /s
regsvr32.exe mshtml.dll /s
regsvr32.exe shdocvw.dll /s
regsvr32.exe browseui.dll /s
regsvr32.exe jscript.dll /s
regsvr32.exe vbscript.dll /s
regsvr32.exe scrrun.dll /s
regsvr32.exe msxml.dll /s
regsvr32.exe msxml3.dll /s
regsvr32.exe msxml6.dll /s
regsvr32.exe actxprxy.dll /s
regsvr32.exe softpub.dll /s
regsvr32.exe wintrust.dll /s
regsvr32.exe dssenh.dll /s
regsvr32.exe rsaenh.dll /s
regsvr32.exe gpkcsp.dll /s
regsvr32.exe sccbase.dll /s
regsvr32.exe slbcsp.dll /s
regsvr32.exe cryptdlg.dll /s
regsvr32.exe oleaut32.dll /s
regsvr32.exe ole32.dll /s
regsvr32.exe shell32.dll /s
regsvr32.exe initpki.dll /s
regsvr32.exe wuapi.dll /s
regsvr32.exe wuaueng.dll /s
regsvr32.exe wuaueng1.dll /s
regsvr32.exe wucltui.dll /s
regsvr32.exe wups.dll /s
regsvr32.exe wups2.dll /s
regsvr32.exe wuweb.dll /s
regsvr32.exe qmgr.dll /s
regsvr32.exe qmgrprxy.dll /s
regsvr32.exe wucltux.dll /s
regsvr32.exe muweb.dll /s
regsvr32.exe wuwebv.dll /s

the scripts folder is located in C:\scripts.

btw the regsvr32.exe sounds familiar.
just searched now and it's located in C:\Windows\System32. it's listed as Microsoft(C) Register Server.

 

My Win 8 Ult 32-bit doesn't have that scripts folder so I think Win 8 was pre-installed and the OEM put it there. regsvr32.dll is used for registering dlls, and while I recognise most of them I haven't checked that every one is legit. It looks to me like a troubleshooting tool, as running that bat file would re-register every one of those dlls.

As you have scanned the folder with an AV I wouldn't be concerned about it myself. Maybe if you post the make and model of the system someone can check it against theirs.

 

hi earthling

my copy of windows 8 wasn't preinstalled on this computer. i had windows 7 on here before 8 but i think and im not positive i had windows vista before upgrading to windows 7. when i bought this computer windows 7 was a few months from coming out and i was able to get a cheap upgrade from my computer's manufacturer.

this is the stats of my computer

Windows 8 Pro
AMD Phenom(tm) 9750 Quad-Core Processor 2.40 GHz
8.00 GB RAM
64-bit Operating System, x64-based processor
Gateway brand
Kaspersky Anti-Virus 2013
Malwarebytes Anti-Malware PRO

earthling, if no one can verify it and since i checked it with my AV do you think its safe to delete the folder or should i keep it?

thanks for your help so far

 

OK, that's the sort of thing that happens when you upgrade an OS rather than perform a clean install - stuff gets left over, so this scripts folder might actually be relevant to Vista, 7 or 8, we just don't know. It isn't doing any harm so the safe thing to do is just leave it be but in situations like this I always advise taking a system image first, which you can do with Windows Backup and Restore. Then you can safely go ahead and delete it.

 

The only reason I can think of for the .bat file to exist in the odd folder is if this was a work computer. Do you have an IT department or a 3rd party that comes in to "fix" things?

 

hi earthling

hmmm i've performed a couple of formats of the OS drive over time since i had the original OS preinstalled. can it still get left over by doing that? also i couldn't find backup and restore in my windows 8. i searched for it and it turned up nothing.

 

hi

this is a computer used only by me. no IT dept or 3rd party comes in to fix stuff.

 

If you have reformatted then nothing gets carried over, so this scripts folder has been created by something you have installed in your Win 8, but I still see no reason for concern over it.

Backup and Restore isn't easy to find in Win 8 but Control Panel > Windows 7 File Recovery has a "Create a System Image" feature, which creates a backup of your Windows OS but excludes your personal files in Docs, Music and so on but you can also use the same feature to backup up your files. I don't find it very satisfactory and prefer 3rd party imaging tools, but it's a lot better than having nothing.

 

hi earthling

oh ok. just wondering, can a unsafe item create such a folder?

ok i found it. i will try this out for the time being. but can you recommend any good 3rd party imaging tools that perform this function?

 

Yes, of course, but as your AV is giving you the all-clear it's rather unlikely. For imaging my preference has for many years been Acronis True Image, but it isn't free. Good free ones include -

Macrium Reflect Free

Easeus Todo Backup

and, if you have a Seagate or Maxtor drive, a free cut-down version of Acronis DiscWizard

Western Digital also offer that same program if you have a WD drive.

 

hi earthling

oh ok cool. yeah i just started using my new WD drive so i will use the disc wizard for that to backup. but just to be on the safe side i will run a system scan with my AV in safe mode to make sure there's nothing bad that will get backed up.

thanks earthling and theefool for your help