what is batch virus

Reproducing batch programs use the FIND command to separate its code
from the program that code is attached to. For this to work, every
replicating line in the virus must contain a specific string, the key
string of the virus. Another vital component of a replicating batch
is the FOR command, used to scan for other batch files, usually with
the mask "*.BAT". A variety of commands can be used for the actual
infection, including FIND, TYPE, ECHO, COPY and MOVE. Simple batch
replicators just append their code at the end of batches in the hopes
it will run (usually it does). Advanced infectors modify the start of
the batch to force the issue. In such cases the added first line does
not contain the key string but is added by an ECHO within the virus.

This is not the only type of batch virus! Batch viruses can be written
in assembly and use either DEBUG or ECHO to hide the virus code in hex
or text which is attached to infected batches. These tend to be very
advanced. A batch file can also rename a binary then copy itself to a
batch with the same base name. This one's been around for a while.

Most of the viruses presented here become a self contained part of the
host, giving them that coveted ability of travel. Machine code is used
only for specific functions, not for reproduction. That is done with
plain old DOS. Only DOS 6 seems vulnerable to these types of viruses,
I have no information on PCDOS, 4DOS or other operating environments.
They run on my system and probably on many others.

At the end of this document is an encoded batch that will detect most
(practically all) batch viruses of this type and also suspicious code
that might indicate a trojan or advanced batch virus of the assembly
type. Use a UU decoder to extract the file "BATALERT.BAT".