3

First I have 2 laptops and two desktops running the same Windows 10 Pro versions and builds. They are legit and have their own key codes. Each of these 4 are practical clones of each other in regards to software and what is installed.

Only one, my gaming laptop has this issue.

Every boot after complete load into the OS a batch file is created in the temp folder. Now I know that since it is located inside the temp folder then it is safe to delete.

What I don't know is what is creating it. I have looked through the Event Viewer and haven't been able to determine its creator. Nor, has enabling and disabling different startup programs, APPS or services has solved this issue.

My AV defs (Norton) are updated and I have ran a full scan as well as a secondary scan with current defs with Malwarebyte's. All is copacetic it appears.

The batch file is called v.bat. The contents of are:

for /f "tokens=2 delims=[]" %%i in ('ver') do set verstr=%%i 
for /f "tokens=2" %%i in ('echo %verstr%') do set vernumstr=%%i 
for /F "tokens=1 delims=." %%i in ('echo %vernumstr%') do set maj=%%i 
Exit /B %maj%

I have never created my own batch files or scripts, though I do use those which suit my needs gathered from others.

Your help in identifying this v.bat file and it's creator would be greatly appreciated.

Kamil Maciorowski
  • 69,815
  • 22
  • 136
  • 202
PB-1
  • 31
  • 5
  • 2
    Have you looked in the task scheduler? And the rest of the [17+ startup locations in Windows](https://superuser.com/a/1047629/337631)? – DavidPostill Jul 07 '19 at 08:19
  • 1
    [Autoruns](https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns) will show all startups. – harrymc Jul 07 '19 at 08:25
  • The scheduler is something I monitor fairly often, but as far as delving deep into it no, not till now and I've not seen anything that isn't normal or perhaps I should say expected. – PB-1 Jul 07 '19 at 08:29
  • I've used Autoruns in the past, will download the most recent version and give it a try. Mayhaps it will find the culprit. Tho' to be honest I was hoping someone familiar with codes and writing these batch file could just read it and tell me simplified what it indicated, pointing me into the right direction. I'm a "Clean Freak" and like to know what is happening on my rigs. There is No 'ill" performance issues, probably should have mentioned that earlier, my bad. Thanks to you both for the suggestions. I'll let you know what I find. – PB-1 Jul 07 '19 at 08:37
  • Run Process Monitor and create a boot trace. You can filter for the path and discard other events to reduce load but this will get you your answer. – HelpingHand Jul 07 '19 at 10:05
  • Can you tell me, when setting up this 'filter'...do I just use the root folder only as in %\Temp or do I specify the file also as in %\Temp\v.bat? – PB-1 Jul 08 '19 at 04:37
  • @PB-1 the script itself is innocent, just getting the windows version from the [`VER`](https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/ver) command. [Picture of each script line I ran](https://imgur.com/a/yCaVIx5). Last line tells the script to set the exit code to the Win version, likely so another script can get it & do whatever next step. – gregg Dec 11 '20 at 19:17
  • I agree with gregg: this is probably a "helper script" for another script (probably not batch, or it wouldn't be handled "outsourced") – Stephan Dec 25 '20 at 17:51

1 Answers1

2

Probably, your gaming laptop has a Killer(R) Wireless Network Adapter. The batch file v.bat is created at boot time by some utility called xTendSoftAP.exe that comes with drivers for this adapter.

You can open the xTendSoftAP.exe file even with Notepad, then Ctrl+K for v.bat - and you will see its code.

As I have checked, that utility has that code for creating v.bat in the drivers distributive package itself - so, it's not because the utility could be infected and modified by some virus or malware.

Giacomo1968
  • 53,069
  • 19
  • 162
  • 212
Ivan
  • 21
  • 2