eScan - Antivirus & Content Security Forum

Hi

I have Windows CE installed and when I build my project the file called cleanos.bat gets identified as "BehavesLikeBat" and the file gets automatically deleted.

The file contains below content
=========================================

@REM
@REM Copyright (c) Microsoft Corporation. All rights reserved.
@REM
@REM
@REM Use of this sample source code is subject to the terms of the Microsoft
@REM license agreement under which you licensed this sample source code. If
@REM you did not accept the terms of the license agreement, you are not
@REM authorized to use this sample source code. For the terms of the license,
@REM please see the license agreement between you and Microsoft or, if applicable,
@REM see the LICENSE.RTF on your install media or the root of your tools installation.
@REM THE SAMPLE SOURCE CODE IS PROVIDED "AS IS", WITH NO WARRANTIES.
@REM
@REM This batch file will clean portions of the OS tree for the current
@REM %_TGTCPU%\%wincedebug% configuration.
@REM
@REM Commands:
@REM - Default with no parameters cleans Sysgen, Platform and FlatReleaseDir.
@REM [-sysgen] - Clean the Sysgen output directory.
@REM [-platform] - Clean the target and libs dirs for the configuration.
@REM [-frd] - Clean the flatreleasedir.
@REM [-sourcesFolder <path to directory containing sources file>] - Cleans the
@REM sources project's output files for the current
@REM %_TGTCPU%\%wincedebug% configuration

@echo off

set _CLEAN_ALL=
set _CLEAN_PLAT=
set _CLEAN_SYSGEN=
set _CLEAN_SOURCES=
set _CLEAN_FRD=


REM Set default if no arguments are given
if /I "%1"=="" set _CLEAN_ALL=1

REM Check CmdLine Vars
arseArgs
if /I "%1"=="" goto DoneParseArgs

if /I not "%1" == "-platform" goto DoneChkCleanPlat
set _CLEAN_PLAT=1
shift
goto ParseArgs
oneChkCleanPlat

if /I not "%1" == "-sysgen" goto DoneChkNoCleanSysgen
set _CLEAN_SYSGEN=1
shift
goto ParseArgs
oneChkNoCleanSysgen

if /I not "%1" == "-sourcesFolder" goto DoneChkCleanSources
set _CLEAN_SOURCES=1
shift
set _SOURCES_PROJECT=%1
shift
goto ParseArgs
oneChkCleanSources

if /I not "%1" == "-frd" goto DoneChkNoCleanFrd
set _CLEAN_FRD=1
shift
goto ParseArgs
oneChkNoCleanFrd

if /I "%1"=="-?" goto Usage
if /I "%1"=="-h" goto Usage
if /I "%1"=="usage" goto Usage

oneParseArgs

if "%_CLEAN_ALL%"=="1" (
call :All
goto :EOF
)

if "%_CLEAN_PLAT%"=="1" call :CleanPlat
if "%_CLEAN_SYSGEN%"=="1" call :CleanSysgen
if "%_CLEAN_SOURCES%"=="1" call :CleanSources
if "%_CLEAN_FRD%"=="1" call :CleanFrd


goto :EOF

@REM The default behavior
:All
call :CleanSysgen
call :CleanPlat
call :CleanFrd
goto :EOF

:CleanSysgen
echo CLEAN.BAT: Cleaning Sysgen directory "%_PROJECTROOT%\cesysgen"
del /s /q /f "%_PROJECTROOT%\cesysgen\*.*" >nul 2>&1
goto :EOF

:CleanFrd
echo CLEAN.BAT: Cleaning flat release directory "%_FLATRELEASEDIR%"
del /s /q /f "%_FLATRELEASEDIR%\*.*" >nul 2>&1
goto :EOF

:CleanPlat
echo CLEAN.BAT: Cleaning platform directory %_PLATFORMROOT%\%_TGTPLAT%\target\%_TGTCPU%\%wincedebug%
del /f /s /q "%_PLATFORMROOT%\%_TGTPLAT%\target\%_TGTCPU%\%wincedebug%" >nul 2>&1
echo CLEAN.BAT: Cleaning platform directory %_PLATFORMROOT%\%_TGTPLAT%\lib\%_TGTCPU%\%wincedebug%
del /f /s /q "%_PLATFORMROOT%\%_TGTPLAT%\lib\%_TGTCPU%\%wincedebug%" >nul 2>&1
echo CLEAN.BAT: Cleaning platform common directory %_PLATFORMROOT%\common\target\%_TGTCPU%\%wincedebug%
del /f /s /q "%_PLATFORMROOT%\common\target\%_TGTCPU%\%wincedebug%" >nul 2>&1
echo CLEAN.BAT: Cleaning platform common directory %_PLATFORMROOT%\common\lib\%_TGTCPU%\%wincedebug%
del /f /s /q "%_PLATFORMROOT%\common\lib\%_TGTCPU%\%wincedebug%" >nul 2>&1
goto :EOF

:CleanSources
if exist %_SOURCES_PROJECT%\obj\%_TGTCPU%\%WINCEDEBUG% (
echo CLEAN.BAT: Cleaning subproject directory %_SOURCES_PROJECT%\obj\%_TGTCPU%\%wincedebug%
del /f /s /q "%_SOURCES_PROJECT%\obj\%_TGTCPU%\%wincedebug%" >nul 2>&1
)
goto :EOF

:Usage
echo CleanOS : This batch file will clean portions of the OS tree for the
echo current "_TGTCPU\wincedebug" configuration.
echo.
echo Usage:
echo CleanOS [-sysgen] [-platform] [-frd]
echo [-sourcesFolder]
echo [path to directory containing sources file for -sourceFolder]
echo.
echo - Default with no parameters cleans Sysgen, Platform
echo and FlatReleaseDir.
echo [-sysgen] - Clean the Sysgen output directory.
echo [-platform] - Clean the target and libs dirs for the configuration.
echo [-frd] - Clean the flatreleasedir.
echo [-sourcesFolder] - Cleans the sources project's output files for the current
echo "_TGTCPU\wincedebug" configuration

=========================================

Isnt it a false alarm, please let me know how to proceed with this issue.
Please do rectify the same.

Regards
Girish.K

Hello,

For the time being you could add the virus name to not-a-virus list..So that it wont be caught.
We will check the same and do the necessary changes in our virus signatures so that it wont be caught again.

Thanks for your help.

Girish_gms wrote:Hi

I have Windows CE installed and when I build my project the file called cleanos.bat gets identified as "BehavesLikeBat" and the file gets automatically deleted.

The file contains below content
=========================================

@REM
@REM Copyright (c) Microsoft Corporation. All rights reserved.
@REM
@REM
@REM Use of this sample source code is subject to the terms of the Microsoft
@REM license agreement under which you licensed this sample source code. If
@REM you did not accept the terms of the license agreement, you are not
@REM authorized to use this sample source code. For the terms of the license,
@REM please see the license agreement between you and Microsoft or, if applicable,
@REM see the LICENSE.RTF on your install media or the root of your tools installation.
@REM THE SAMPLE SOURCE CODE IS PROVIDED "AS IS", WITH NO WARRANTIES.
@REM
@REM This batch file will clean portions of the OS tree for the current
@REM %_TGTCPU%\%wincedebug% configuration.
@REM
@REM Commands:
@REM - Default with no parameters cleans Sysgen, Platform and FlatReleaseDir.
@REM [-sysgen] - Clean the Sysgen output directory.
@REM [-platform] - Clean the target and libs dirs for the configuration.
@REM [-frd] - Clean the flatreleasedir.
@REM [-sourcesFolder <path to directory containing sources file>] - Cleans the
@REM sources project's output files for the current
@REM %_TGTCPU%\%wincedebug% configuration

@echo off

set _CLEAN_ALL=
set _CLEAN_PLAT=
set _CLEAN_SYSGEN=
set _CLEAN_SOURCES=
set _CLEAN_FRD=


REM Set default if no arguments are given
if /I "%1"=="" set _CLEAN_ALL=1

REM Check CmdLine Vars
arseArgs
if /I "%1"=="" goto DoneParseArgs

if /I not "%1" == "-platform" goto DoneChkCleanPlat
set _CLEAN_PLAT=1
shift
goto ParseArgs
oneChkCleanPlat

if /I not "%1" == "-sysgen" goto DoneChkNoCleanSysgen
set _CLEAN_SYSGEN=1
shift
goto ParseArgs
oneChkNoCleanSysgen

if /I not "%1" == "-sourcesFolder" goto DoneChkCleanSources
set _CLEAN_SOURCES=1
shift
set _SOURCES_PROJECT=%1
shift
goto ParseArgs
oneChkCleanSources

if /I not "%1" == "-frd" goto DoneChkNoCleanFrd
set _CLEAN_FRD=1
shift
goto ParseArgs
oneChkNoCleanFrd

if /I "%1"=="-?" goto Usage
if /I "%1"=="-h" goto Usage
if /I "%1"=="usage" goto Usage

oneParseArgs

if "%_CLEAN_ALL%"=="1" (
call :All
goto :EOF
)

if "%_CLEAN_PLAT%"=="1" call :CleanPlat
if "%_CLEAN_SYSGEN%"=="1" call :CleanSysgen
if "%_CLEAN_SOURCES%"=="1" call :CleanSources
if "%_CLEAN_FRD%"=="1" call :CleanFrd


goto :EOF

@REM The default behavior
:All
call :CleanSysgen
call :CleanPlat
call :CleanFrd
goto :EOF

:CleanSysgen
echo CLEAN.BAT: Cleaning Sysgen directory "%_PROJECTROOT%\cesysgen"
del /s /q /f "%_PROJECTROOT%\cesysgen\*.*" >nul 2>&1
goto :EOF

:CleanFrd
echo CLEAN.BAT: Cleaning flat release directory "%_FLATRELEASEDIR%"
del /s /q /f "%_FLATRELEASEDIR%\*.*" >nul 2>&1
goto :EOF

:CleanPlat
echo CLEAN.BAT: Cleaning platform directory %_PLATFORMROOT%\%_TGTPLAT%\target\%_TGTCPU%\%wincedebug%
del /f /s /q "%_PLATFORMROOT%\%_TGTPLAT%\target\%_TGTCPU%\%wincedebug%" >nul 2>&1
echo CLEAN.BAT: Cleaning platform directory %_PLATFORMROOT%\%_TGTPLAT%\lib\%_TGTCPU%\%wincedebug%
del /f /s /q "%_PLATFORMROOT%\%_TGTPLAT%\lib\%_TGTCPU%\%wincedebug%" >nul 2>&1
echo CLEAN.BAT: Cleaning platform common directory %_PLATFORMROOT%\common\target\%_TGTCPU%\%wincedebug%
del /f /s /q "%_PLATFORMROOT%\common\target\%_TGTCPU%\%wincedebug%" >nul 2>&1
echo CLEAN.BAT: Cleaning platform common directory %_PLATFORMROOT%\common\lib\%_TGTCPU%\%wincedebug%
del /f /s /q "%_PLATFORMROOT%\common\lib\%_TGTCPU%\%wincedebug%" >nul 2>&1
goto :EOF

:CleanSources
if exist %_SOURCES_PROJECT%\obj\%_TGTCPU%\%WINCEDEBUG% (
echo CLEAN.BAT: Cleaning subproject directory %_SOURCES_PROJECT%\obj\%_TGTCPU%\%wincedebug%
del /f /s /q "%_SOURCES_PROJECT%\obj\%_TGTCPU%\%wincedebug%" >nul 2>&1
)
goto :EOF

:Usage
echo CleanOS : This batch file will clean portions of the OS tree for the
echo current "_TGTCPU\wincedebug" configuration.
echo.
echo Usage:
echo CleanOS [-sysgen] [-platform] [-frd]
echo [-sourcesFolder]
echo [path to directory containing sources file for -sourceFolder]
echo.
echo - Default with no parameters cleans Sysgen, Platform
echo and FlatReleaseDir.
echo [-sysgen] - Clean the Sysgen output directory.
echo [-platform] - Clean the target and libs dirs for the configuration.
echo [-frd] - Clean the flatreleasedir.
echo [-sourcesFolder] - Cleans the sources project's output files for the current
echo "_TGTCPU\wincedebug" configuration

=========================================

Isnt it a false alarm, please let me know how to proceed with this issue.
Please do rectify the same.

Regards
Girish.K

The detection to this has been removed from the updates. You can take the latest updates and check again.

Dear Varghese,

Thanks for the udpate, Now I have Escan Updated with April 15th Path and other updates, and when i run the Mwav the file is still identified as the same virus now instead of Deleting the file its renaming it as .mwt.
Below is the msg from Mwav

Quote

File C:\WINCE600\PUBLIC\COMMON\OAK\MISC\cleanos.bat infected by "BehavesLike:BAT.Delete (DB)" Virus! Action Taken: File Renamed.

Unquote

Let me know, what is to be done?

Regards
Girish.K

Hi
Thank you for your feedback. Please take the today's daily update, it will not treat as a infection.