Our Vipre AV picked up a batch file and coded it as a virus. It found this on several computers and the file seems to be old. It was in thec:\Windows\DEPLOY\Drivers folder. I moved the file from quarantine to a non-networked computer and opened the batch file in notepad. Contents below. What is odd is that no where on our network is an H Drive and we do not have a 192.168.1.X Vlan. I am assuming it is a false positive, but I would like to be sure.
@echo off
color 4F
net use L: \\192.168.1.111\Drivers /u:user user
for /f "tokens=2 delims==" %%A in ('wmic computersystem get Manufacturer /format:list') do for /f "delims=" %%B in ("%%A") do set "SYSMANUFACTURER=%%~nxB"
for /F "skip=1 delims=" %%A in ('wmic csproduct get name') do for /f "delims=" %%B in ("%%A") do set "SYSMODEL=%%~nxB"
for /f "tokens=3 delims=: " %%I in ('DISM /Image:H:\...