.LNK shortcut folders created auto. Windows Vulnerability

Post your techical queries on any product in our range of AntiVirus, AntiSpam, Content Security and Firewall Solutions sold under the brand names of eScan, MailScan, eConceal and X-Spam here. Your queries will be responded to by our expert technical team directly.

Moderators: Divesh, Gurdip Singh

.LNK shortcut folders created auto. Windows Vulnerability

Postby nitin » Fri Jul 30, 2010 1:42 pm

Problem Reported:
"Shortcut links" folder-like icon gets created which redirects to execute a hidden .scr, .exe files created by the virus itself on that particular drive and the Genuine files\folder gets hidden automatically".

For example, if you have a folder named "TEST" , then the virus will hide the folder and its sub-folder (if any) with SH attribute and creates shortcut folders with same name. User thinks that their folder are changed to shortcuts and cannot access any data. And if you check the properties of that shortcut folder, the Target path will be .scr, .exe file.


Solution:

Please be informed that this may happen due to a Vulnerability on the unpatched Operating System. Microsoft has released the hotfix (KB2286198) which will fix the vulnerability.

Please implement the hotfix on the affected Operating Systems specified on the link mentioned below.

"MS10-046: Vulnerability in Windows Shell could allow remote code execution"

http://www.microsoft.com/technet/securi ... 0-046.mspx

Do note that having eScan installed and updated till date, you can download this patch and other Windows vulnerability patches using eScan on the respective systems.

To do this, open "eScan Protection Center", click on "Tools" and then click on "Download Latest Hotfix (Microsoft Windows OS) option.

Restart the pc once all the patches are installed properly.

As far as the virus cleaning routine is concerned, eScan detects the infection and the .scr, .exe files created by virus will be removed through scanning. Just scan all the drives of that system using "Quick scan your system".

To do this, click on Start - Programs - eScan for Windows - Quick Scan your system.

Now, Select the below options to Scan:

"Memory / Services", "Registry", "Startup Folders", "System Folders", "Scan Spyware", "Drive", "All Local Drives" , "Scan All files" and "Scan & Clean".

(Note: If you suspect any new infection, please do provide us the sample files in a password-protected zip format to support@escanav.com and to samples@escanav.com so that we can add the detection at the earliest).

How to Unhide the hidden files/folders:
Once the scan is completed, run the below command to unhide the files /folders of the respective drive.

For Example:
Execute the below command to unhide files/folders of a drive including sub-folders. Below example is for C drive.

Open CMD prompt and goto c:\program files\escan folder and type the below command:

mwavscan.com /unhideallfiles /folder=C: /subfolders

To specify a folder and its subfolder use the below command:(Below example will unhide files and sub-folders of "C:\ABC" folder.

mwavscan.com /unhideallfiles /folder=c:\abc /subfolders

Do note that some "shortcut link folders" left after scanning has to be deleted manually.
Last edited by nitin on Wed Aug 11, 2010 7:53 pm, edited 4 times in total.
nitin
 
Posts: 16
Joined: Fri Dec 28, 2007 5:58 pm

Return to Technical Support

Who is online

Users browsing this forum: No registered users and 13 guests

cron