RE: suspicious little link...
- From: "Katherine moss" <plymouthroamer285@xxxxxxxxx>
- To: <programmingblind@xxxxxxxxxxxxx>
- Date: Sat, 4 Sep 2010 22:02:45 -0400
I think it's a Trojan, dude. Scan your computer with
www.eset.com/onlinescan. That should tell you unless they were silly enough
to overlook it. And also, check the directories that WinCP puts on your
system. You could have just been unaware of it.
-----Original Message-----
From: programmingblind-bounce@xxxxxxxxxxxxx
[mailto:programmingblind-bounce@xxxxxxxxxxxxx] On Behalf Of qubit
Sent: Friday, September 03, 2010 11:45 PM
To: bprogramming
Subject: suspicious little link...
Hi all --
Could someone tell me if this is part of an attack and if so, how do I rid
my computer of it?
I was cleaning off my desktop of old files and discovered a file with the
name of " .lnk" (note that .lnk indicates it is a shortcut. I have fiddled
with the registry to unhide all extensions in windows explorer.)
Note that the above shortcut has the base name of a single space. I looked
at the properties to see what this thing was pointing to, and found the
following.
target: c:\program files\WinSCP\WinSCP.exe /UploadIfAny
I did in fact install WinSCP some time ago, but I was not aware of a little
shortcut named space uploading who-knows-what.
I don't know the target server of the upload or the directory on my machine
that it would look at.
I wouldn't be surprised if there was a trojan on this laptop as I have
indiscriminantly installed a number of programs, but given the suspicious
appearance of this shortcut I fear there are data files being compromised.
My machine is running xp pro, but I don't have server software running on
it.
So does anyone recognize this file? Could it be legitimate? Where would I
look for related files?
I suppose the admin logs would shed light on any uploads.
Thanks.
--le
__________
View the list's information and change your settings at
//www.freelists.org/list/programmingblind
__________ Information from ESET NOD32 Antivirus, version of virus signature
database 5423 (20100904) __________
The message was checked by ESET NOD32 Antivirus.
http://www.eset.com
__________ Information from ESET NOD32 Antivirus, version of virus signature
database 5423 (20100904) __________
The message was checked by ESET NOD32 Antivirus.
http://www.eset.com
__________ Information from ESET NOD32 Antivirus, version of virus signature
database 5423 (20100904) __________
The message was checked by ESET NOD32 Antivirus.
http://www.eset.com
__________
View the list's information and change your settings at
//www.freelists.org/list/programmingblind
Other related posts:
