LaTeX users online

In total there is 1 user online :: 0 registered, 0 hidden and 1 guest (based on users active over the past 5 minutes)
Most users ever online was 1327 on Tue Nov 05, 2013 7:11 pm

Users browsing this forum: No registered users and 1 guest

BAT.CMDFlood - Possible Spyware

LaTeX Forum: TeX Live and MacTeX

Add tags Information and discussion about TeX Live distribution for all platforms (Windows, Linux, Mac OS X) and the related MacTeX: installing, updating, configuring

Postby burke on Sat Aug 27th, 2011

Has anyone run across this spyware or whatever it is in TeXLive 2011? BAT.CMDFlood

It was found (on two different machines) using ClamXav:
/usr/local/texlive/2011/texmf-dist/context/data/scite/ BAT.CMDFlood FOUND
ERROR: Can't unlink '/usr/local/texlive/2011/texmf-dist/context/data/scite/': Permission denied

To elaborate: It is also in the 2010 distribution but not 2009.
Posts: 1
Joined: Sat Aug 27th, 2011

Postby gefion777 on Thu Sep 15th, 2011

Found BAT.CMDFlood today on my Mac using ClamXav. Viewed the file in a terminal window using the "More" command. At the beginning the file looks similar to the english version ( Later strange non-latin characters and several Unicode U+200C characters (zero-width non-joiner) show up.

Seems to be either a corrupted or a hijacked language file.

Decided to delete it using a sudo rm command.
Posts: 1
Joined: Thu Sep 15th, 2011

Postby justdeath on Mon Sep 19th, 2011

This is written in Persian language.
The filename is:
Obviously pe is short from Persian.|en|
The language is also known as Farsi, that is why google says fa.

You can translate some strings to see for yourself.

User avatar
Posts: 69
Joined: Mon Sep 5th, 2011

Return to TeX Live and MacTeX

LaTeX users online

Users browsing this forum: No registered users and 1 guest