Hello Bleeping computer !
A relative has a problem with his network share (synology).
He uses Windows 7 as OS and other pc's have Windows 7 and 10.
After opening an infected email (i guess, he removed the email already so i never saw it), all folders in this networkshare are turned into shortcuts.
When looking at the properties of one of these shortcuts it says in target: %windir%\system32\cmd.exe /c start mydisk\drivers.exe "\'name of folder'
Offcourse clicking on these shortcuts doesn't open the folders.
the problem is that all computers with this network share all see the shortcuts and not the original folders.
when i go the synology via the browser all the folders seem to be normal in the synology OS.
I already scanned with adwcleaner, malwarebytes, combofix and Gdata on some computers. All to no avail.
Is this something you've encountered before?
Also malwarebytes deleted an item which was called AL.exe that whas created the same day as the opening of the infected email.
Already deleted this but the problem still remains.
(update): i already tried system restore. problem stays the same.
also tried to make a new shared folder on synology, copying everything to the new folder ( i did this in the synology os)
then from 1 pc i opened up the new shared folder and for 1 instance i see the folders as normal the next moment they are all turned to lnk files,
also the files are turned into lnk files. i am now trying to download the content of the folder via browser on the synology OS.
i hope the content of this zip file has the normal folders so i can reset the synology and try again with a new shared folder and copying back all the data.
here is a printscreen of the folder with properties of one folder open.
Any help would be appreciated!
Thank you in advance.
Edited by poyer, 31 August 2016 - 08:40 AM.