Scan your Windows system for dangerous shortcuts

Martin Brinkmann
Feb 4, 2017

Shortcut Scanner is a free portable program for Microsoft Windows devices that scans drives of the PC for dangerous shortcuts.

Shortcuts are quite useful, as you may use them to run programs from locations they are not installed or stored in.  Shortcuts may also execute commands, e..g Powershell or DOS commands, on the operating system.

Common shortcut locations are the computer desktop, and also the Start Menu of the operating system.

Attackers may utilize shortcuts as well for malicious activity, and one benefit of this approach is that antivirus software won't necessarily detect shortcuts as dangerous or outright malicious.

Shortcut Scanner

Shortcut Scanner is provided as a 32-bit and 64-bit program version; both included in the archive that you download from the Phrozen Soft website.

You run scans with a click on the first button in the menu bar at the top. If you click on the arrow icon, you get to choose the target of the scan. Supported are scans of select hard drives, all hard drives, a specific folder or location, or for a specific shortcut.

The scan time depends on the selection, but should not be too long. Shortcut Scanner rates the shortcuts that it finds into threat levels, and displays those with the highest threat level at the top.

The program's flags shortcuts as dangerous if they meet multiple of the following flags:

  1. Target application points to a command prompt.
  2. Contains dangerous keywords.
  3. Argument overflow (shortcut characters larger than 260 characters).
  4. Shortcut file size is larger than 4 Kilobyte.
  5. Contains arguments, plus one of the above.

Each shortcut is listed with its name, level and location in the Shortcut Scanner interface. A click on a shortcut opens a Hex View of its contents and the full command that is executed when the shortcut is activated on the system.

The program supports three core ratings for shortcuts:

  1. Broken -- Those shortcuts point to destinations that don't exist anymore.
  2. Suspicious -- Shortcuts that you should take a look at.
  3. Dangerous -- Shortcuts flagged with the highest rating. You should concentrate on these first.

The application ships with options to delete selected shortcuts from the system. You may either remove any shortcut that you have selected, or click on the small arrow icon next to the remove button to clean dangerous, suspicious or broken shortcuts automatically.

clear dangerous shortcuts

I'd suggest that you go through the listing before you select one of the "clear all" options, as you may inadvertently remove shortcuts that are not malicious in nature or still needed.

Closing Words

Shortcut Scanner is a well designed program to detect broken or suspicious shortcuts on a system, and remove some or all of those.

It is a program that you need to run manually though, as it won't protect the system from shortcuts being placed in the future, even while it is running.

Still, it can be quite useful to check for shortcuts every now and then on the system, or bring the program along with you when you maintain other people's PCs.

Now You: Do you place shortcuts on your desktop?

software image
Author Rating
3 based on 4 votes
Software Name
Shortcut Scanner
Operating System
Software Category
Landing Page

Tutorials & Tips

Previous Post: «
Next Post: «


  1. stilofilos said on February 5, 2017 at 10:48 am

    I never use such shortcuts. I use little tools like Famulus instead to launch single programs, and Quick Cliq for multiple programs/files/url’s in one instruction, and hyperlinks in my TreeDBnotes books.
    My desktop gives me a nice clutterfree view on its wallpaper.
    That said, I never stood stiil by the idea that even such shortcuts could present a danger, and as many programs drop them without asking, it’s a good thing that such programs like Shortcut Scanner exist. I will definitely try it and see what it would tell me.

    Many thanks Martin for making people aware of the fact, and pointing to another instrument for the security toolbox.

  2. Troffer said on February 5, 2017 at 12:49 am

    Tried ShortcutScanner but I was not sure with the results it showed. This application may be something for a power user, I did not understand it and there was no help within the program.

    By the way: I don’t understand why some people here start insulting each other. Can you please explain why you are doing this ?

  3. A different Martin said on February 4, 2017 at 7:51 pm

    My initial observations:

    (1) The program needs descriptive pop-ups when you hover over its toolbar icons. Having to click on an icon without knowing what it does is a little scary, and when you click on the single-pane window icon, your list of suspicious shortcuts is replaced by a blank pane, with no obvious way to go back to the list other than by running the scan again.

    (2) I think it would be useful to provide a way to open the parent folder for suspicious shortcuts in the results list (right-click > Open containing folder or Show in folder).

    (3) It would be useful to be able to whitelist vetted shortcuts (and folders), as I seem to have gotten nothing but false positives in my own results list.

    In the “dangerous” listing were:

    * RealTimeSync shortcuts created by me

    * FreeFileSync shortcuts created by me

    * Shortcuts to a scientific paper on aging, mortality, and population trends

    * A Windows Explorer “Favorites” link (at the top of the folder tree on the left) to an external hard drive that wasn’t currently connected

    In the “attention required” listing were:

    * Program Files folder shortcuts to games that came bundled with Windows

    * Dropbox’s shortcut on the Desktop

    There were other shortcuts besides those mentioned above, but they were all benign.

    (5) The “broken shortcuts” listing is useful, but as I already use Bad Shortcut Killer and don’t make a lot of impermanent shortcuts outside of the Start Menu and Desktop and don’t change my basic folder structure very fundamentally or very often, pretty much the only broken shortcuts found were in my backups folder. (At the time I found Bad Shortcut Killer, it seemed to be abandonware and I had to work unreasonably hard to find a downloadable copy. It seemed to work just fine on my Win7 x64 system.)

    (6) For me, at least, the scan (using 64-bit Shortcut Scanner) often aborted when I alt-tabbed out of it.

    (7) For me, the scan completed once (taking a fair amount of time) and hung twice when I used it to scan both of my 2TB drives, each of which was around two-thirds full. It completed fairly quickly when run on a single drive.

    Verdict: More functionality, debugging, and polish are needed. It may be a useful adjunct to standard malware scanners (although I certainly hope most of them search for questionable shortcuts already), and I guess it’s one way to find broken shortcuts.

    PS: Of course Martin doesn’t work for Phrozen Soft. Anyone can see that he’s a hand-packed gelato and artisanal sorbet man, not a soft-serve man. ;-)

  4. Clairvaux said on February 4, 2017 at 5:50 pm

    Not uninteresting, but clearly half-baked / internal tool released to the public. Mute icons which you have to activate to learn what they do (unsettling for a program which deletes stuff from your computer), few directions given once “suspicious” shortcuts have been found.

    Flagged plenty of shortcuts on my PC, which I’m sure are legit (although I did not check them one by one, mainly because of the lack of instructions).

    However, some other free programs on their site are intriguing and could be of interest :

    Anybody knows about that Winja thing ?

  5. Patrick said on February 4, 2017 at 4:12 pm

    @ Gary D. G F A M = I have not had such a good belly laugh in a long time. Thank you.

    @ indig0F10w. If you spent more time reading Martins articles, You would never have had to make a fool of your self.

    1. pHROZEN gHOST said on February 4, 2017 at 5:56 pm

      @ Patrick, you took the words right out of my mouth and fingers :-)

      BTW, I have no connection to Phrozensoft. My username has been around much longer than Phrozensoft.

      1. indig0F10w said on February 4, 2017 at 10:43 pm

        If you find GFAM funny here’s DILIGAF. Tell me more.

  6. chesscanoe said on February 4, 2017 at 1:24 pm

    I have 70 shortcuts on the desktop, as I prefer to eyeball scan the desktop icons, rather than page through a list. However these are pointing to function that I relatively rarely use and are normally hidden. For frequent function I prefer to single click on the auto hide taskbar, where I have 28 other icons. I found Shortcut Scanner useful to locate broken links, but it has to be used cautiously as it flagged a trusted program Krita.

  7. Gary D said on February 4, 2017 at 12:43 pm

    @ indig0F10w

    “Do you work for Phrozensoft?” What has this got to do with Martin’s review of Shortcut Scanner ?
    Are you implying that he takes payment for such reviews in order to influence blog readers ?
    If so, please explain, in more detail, why.
    If not, why make such a stupid off topic post. Do you like stirring things up or are you just a paranoid conspiracy freak / Troll ?

    Incidentally, I downloaded the zip file and tried Shortcut Scanner. The program highlighted three shortcuts that may require attention. There were no pop up ads nor were there any links to paid programs which could “fix” the problem.
    Yet another good find by Martin.

    G F A M = Go Forth And Multiply (this is a polite way to write F**k Off)

    1. indig0F10w said on February 4, 2017 at 10:42 pm

      Please, tell me more.

  8. indig0F10w said on February 4, 2017 at 11:34 am

    Do you work for Phrozensoft?

    1. flyli5411 said on February 4, 2017 at 12:19 pm

      Are you a troll!

      1. indig0F10w said on February 4, 2017 at 10:44 pm

        Shhh, let the smart ones below figure it out…

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.