All LNK files were blocked by UAC

Hi all, Windows 7 home premium 32 bit
Problem:
All LNK files were blocked. Meaning, whenever I double click to open or
run a file or program the UAC popped up to tell me 'a downloaded file
can be dangerous .. blah blah - open or save' When I chose 'open' the
UAC again popped up to tell me the same thing over again. The account
was effectively unusable.
The programs I tried to open worked only when I ignored the LNK
(shortcut) and doubled clicked the program executable file directly

The filetype association for LNK was correct: .lnk=lnkfile

I tried system restore without success.
I scanned with Superantispyware, found a number of infections, removed
them but was still stuck with the LNK file problem.

So, not having windows 7 recovery disks I created a new user account,
copied the files from the corrupt account and then hid the corrupt
account with the command: net user accountname /active:no

I don't want to delete it until the new account has been thoroughly tested.

The new account seems fine, but is there a better solution to the
problem above?

The only annoyance I see is the account has a different name to the old
one. When I changed both account names so that the new one has the old
name, the paths to programs in the new account are still in the new
name. They work, so I not sure if it is a problem, but anyway I chose to
go back with the new name for the new account for consistency in file paths.

On 21/09/2011 5:07 AM, 123Jim wrote:
> Hi all, Windows 7 home premium 32 bit
> Problem:
> All LNK files were blocked. Meaning, whenever I double click to open or
> run a file or program the UAC popped up to tell me 'a downloaded file
> can be dangerous .. blah blah - open or save' When I chose 'open' the
> UAC again popped up to tell me the same thing over again. The account
> was effectively unusable.
> The programs I tried to open worked only when I ignored the LNK
> (shortcut) and doubled clicked the program executable file directly

What Causes the "File Downloaded from the Internet" Warning and How Can
I Easily Remove It? - How-To Geek
http://www.howtogeek.com/70012/what-...ily-remove-it/

Yousuf Khan

On 21/09/2011 18:52, Yousuf Khan wrote:
> On 21/09/2011 5:07 AM, 123Jim wrote:
>> Hi all, Windows 7 home premium 32 bit
>> Problem:
>> All LNK files were blocked. Meaning, whenever I double click to open or
>> run a file or program the UAC popped up to tell me 'a downloaded file
>> can be dangerous .. blah blah - open or save' When I chose 'open' the
>> UAC again popped up to tell me the same thing over again. The account
>> was effectively unusable.
>> The programs I tried to open worked only when I ignored the LNK
>> (shortcut) and doubled clicked the program executable file directly
>
> What Causes the "File Downloaded from the Internet" Warning and How Can
> I Easily Remove It? - How-To Geek
> http://www.howtogeek.com/70012/what-...ily-remove-it/
>
>

Thanks Yousuf! very interesting article .. I only wish I'd read it
before I returned the computer to the owner .. Anyway I'm sure to come
across the problem again sometime .. It leads me to conclude that some
[not so] very funny joker must have written some malware to add the
streams in the way I found it .. probably using the technique reported
in the article ..

123Jim wrote:
> On 21/09/2011 18:52, Yousuf Khan wrote:
>> On 21/09/2011 5:07 AM, 123Jim wrote:
>>> Hi all, Windows 7 home premium 32 bit
>>> Problem:
>>> All LNK files were blocked. Meaning, whenever I double click to open or
>>> run a file or program the UAC popped up to tell me 'a downloaded file
>>> can be dangerous .. blah blah - open or save' When I chose 'open' the
>>> UAC again popped up to tell me the same thing over again. The account
>>> was effectively unusable.
>>> The programs I tried to open worked only when I ignored the LNK
>>> (shortcut) and doubled clicked the program executable file directly
>>
>> What Causes the "File Downloaded from the Internet" Warning and How Can
>> I Easily Remove It? - How-To Geek
>> http://www.howtogeek.com/70012/what-...ily-remove-it/
>>
>>
>>
>
> Thanks Yousuf! very interesting article .. I only wish I'd read it
> before I returned the computer to the owner .. Anyway I'm sure to come
> across the problem again sometime .. It leads me to conclude that some
> [not so] very funny joker must have written some malware to add the
> streams in the way I found it .. probably using the technique reported
> in the article ..

An older version of Kaspersky, adds streams to the files it scans. As
a means of keeping track of how or whether a file has changed. They stopped
doing that, after a relatively small number of users, had trashed computers...

So "alternate streams" can exist for more than one reason. Using the
Sysinternals "streams" program, will give you some idea what files have
an attached stream.

In a way, the alternate stream is similar to Apple "resource and data fork"
design. In that, a file can be separated into multiple parts, and the
parts can be treated differently. Without care, an Apple file could
lose its resource fork (so when transferring Apple files to other systems,
there were precautions to take when doing so, so nothing got lost). Microsoft
seems to have added room for storing such arcane stuff, by putting streams
into NTFS. And at least Kaspersky AV products, tried using it for one
product cycle.

And now, Microsoft also uses a stream, to keep track of whether a file was
downloaded from the Internet. I suppose that's better than adding a gazillion
registry entries to do the tracking instead.

Paul

On 21/09/2011 23:54, Paul wrote:
> 123Jim wrote:
>> On 21/09/2011 18:52, Yousuf Khan wrote:
>>> On 21/09/2011 5:07 AM, 123Jim wrote:
>>>> Hi all, Windows 7 home premium 32 bit
>>>> Problem:
>>>> All LNK files were blocked. Meaning, whenever I double click to open or
>>>> run a file or program the UAC popped up to tell me 'a downloaded file
>>>> can be dangerous .. blah blah - open or save' When I chose 'open' the
>>>> UAC again popped up to tell me the same thing over again. The account
>>>> was effectively unusable.
>>>> The programs I tried to open worked only when I ignored the LNK
>>>> (shortcut) and doubled clicked the program executable file directly
>>>
>>> What Causes the "File Downloaded from the Internet" Warning and How Can
>>> I Easily Remove It? - How-To Geek
>>> http://www.howtogeek.com/70012/what-...ily-remove-it/
>>>
>>>
>>>
>>
>> Thanks Yousuf! very interesting article .. I only wish I'd read it
>> before I returned the computer to the owner .. Anyway I'm sure to come
>> across the problem again sometime .. It leads me to conclude that some
>> [not so] very funny joker must have written some malware to add the
>> streams in the way I found it .. probably using the technique reported
>> in the article ..
>
> An older version of Kaspersky, adds streams to the files it scans. As
> a means of keeping track of how or whether a file has changed. They stopped
> doing that, after a relatively small number of users, had trashed
> computers...
>
> So "alternate streams" can exist for more than one reason. Using the
> Sysinternals "streams" program, will give you some idea what files have
> an attached stream.
>
> In a way, the alternate stream is similar to Apple "resource and data fork"
> design. In that, a file can be separated into multiple parts, and the
> parts can be treated differently. Without care, an Apple file could
> lose its resource fork (so when transferring Apple files to other systems,
> there were precautions to take when doing so, so nothing got lost).
> Microsoft
> seems to have added room for storing such arcane stuff, by putting streams
> into NTFS. And at least Kaspersky AV products, tried using it for one
> product cycle.
>
> And now, Microsoft also uses a stream, to keep track of whether a file was
> downloaded from the Internet. I suppose that's better than adding a
> gazillion
> registry entries to do the tracking instead.
>

interesting thanks