Batchwiper

Batchwiper is an Iranian data-stealing malware application, which can harm targeted PCs. Batchwiper deletes entire disk partitions and user profile directories from corrupted PCs without being found by security tools. Batchwiper is generated to delete all data from disk partitions determined by letters D to I, as well as files set on the desktop of the currently logged in computer user. Batchwiper starts stealing data on particular dates, the next one being January 21, 2013. However, the dates of October 12, November 12 and December 12, 2012, were also found in the configuration of Batchwiper, which indicates that it may have been in circulation for at least a couple of months. The installer of Batchwiper, also known as the dropper, is called 'GrooveMonitor.exe'. That filename was possibly selected as a mask because it is usually linked to a genuine Microsoft Office 2007 document collaboration feature called 'Microsoft Office Groove'. Once the installer is run, it adds a registry entry that makes sure Batchwiper will be launched every time the computer system is started, and creates a Windows batch file, which includes the data cleaning technique. The malware application has been nicknamed 'Batchwiper' because of usage of batch files, script files to be run by the Windows shell program.

SpyHunter Detects & Remove Batchwiper