I think it's a Trojan, dude. Scan your computer with www.eset.com/onlinescan. That should tell you unless they were silly enough to overlook it. And also, check the directories that WinCP puts on your system. You could have just been unaware of it. -----Original Message----- From: programmingblind-bounce@xxxxxxxxxxxxx [mailto:programmingblind-bounce@xxxxxxxxxxxxx] On Behalf Of qubit Sent: Friday, September 03, 2010 11:45 PM To: bprogramming Subject: suspicious little link... Hi all -- Could someone tell me if this is part of an attack and if so, how do I rid my computer of it? I was cleaning off my desktop of old files and discovered a file with the name of " .lnk" (note that .lnk indicates it is a shortcut. I have fiddled with the registry to unhide all extensions in windows explorer.) Note that the above shortcut has the base name of a single space. I looked at the properties to see what this thing was pointing to, and found the following. target: c:\program files\WinSCP\WinSCP.exe /UploadIfAny I did in fact install WinSCP some time ago, but I was not aware of a little shortcut named space uploading who-knows-what. I don't know the target server of the upload or the directory on my machine that it would look at. I wouldn't be surprised if there was a trojan on this laptop as I have indiscriminantly installed a number of programs, but given the suspicious appearance of this shortcut I fear there are data files being compromised. My machine is running xp pro, but I don't have server software running on it. So does anyone recognize this file? Could it be legitimate? Where would I look for related files? I suppose the admin logs would shed light on any uploads. Thanks. --le __________ View the list's information and change your settings at //www.freelists.org/list/programmingblind __________ Information from ESET NOD32 Antivirus, version of virus signature database 5423 (20100904) __________ The message was checked by ESET NOD32 Antivirus. http://www.eset.com __________ Information from ESET NOD32 Antivirus, version of virus signature database 5423 (20100904) __________ The message was checked by ESET NOD32 Antivirus. http://www.eset.com __________ Information from ESET NOD32 Antivirus, version of virus signature database 5423 (20100904) __________ The message was checked by ESET NOD32 Antivirus. http://www.eset.com __________ View the list's information and change your settings at //www.freelists.org/list/programmingblind