Hi trouble -- well I still disagree, unless I am not understanding you -- you need to (1) show all files, including OS files (see folder options); (2) show extensions for known file types (also in folder options); and (3) edit the registry as I said to remove the NEVERSHOWEXT attribute from everything that is hidden that way. Then you will indeed get (hopefully) all of it. --le ----- Original Message ----- From: "Trouble" <trouble1@xxxxxxxxxxxxxxx> To: <programmingblind@xxxxxxxxxxxxx> Sent: Sunday, September 05, 2010 5:02 PM Subject: Re: suspicious little link... Not only doing the show all files, but checking hide known file types. With those two set right all files do show. At 10:56 PM 9/4/2010, you wrote: >Tyler -- >Thanks for the little bit of research. >I still don't like a link with no text... but there is one thing I need to >say yet again for the dozenth time -- the folder options view settings >don't >unhide all file types. There are many system specific ones, like .pif, >.lnk, >and some others, that are still hidden. Not knowing this caused me a big >headache the first time my machine got infected with a virus. I infected >it >by opening a file called fun.mp3. It's real name was fun.mp3.pif and it >was >a little piece of software that took me a week and some sighted assistance >to remove. >If you go to the registry and search for all lines containing the word >NEVERSHOWEXT and delete those lines and save the registry, you will >suddenly >see all kinds of stuff that you probably didn't notice before. Now this is >on XP. My win7 machine is newer and I haven't done the "surgery" on it as >yet. I'm going to see if I can get along without it. But the point is, >folder options are not enough. >Happy hacking. >--le > >----- Original Message ----- >From: "Tyler Littlefield" <tyler@xxxxxxxxxxxxx> >To: <programmingblind@xxxxxxxxxxxxx> >Sent: Saturday, September 04, 2010 9:17 PM >Subject: Re: suspicious little link... > > >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >Laura, >I just did a bit more research for you, and came across this--I'll just >quote the forum post. >It seems as if you can drag a file to the icon and it will upload. so >that .lnk you found was just to allow people to drag it to that icon. >So it's not a trogen, just blocking the confirmation. >Also, you don't need to go to the registry to unhide filetypes. just go >to tools and folder options in any folder, then go to the view tab, and >go to hide extentions for known filetypes. >Anyway, the promised post: >For the benefit of anyone stumbling on this topic in the future: >Simply appending /defaults to the commandline in the shortcut will fail. >It will cause the shortcut to change behavior from bringing up the >confirmation dialog, uploading (after user input) and exiting.. to >simply opening the program, not touching the file. > >Instead, place the /defaults switch before the /uploadifany switch. The >latter actually takes a parameter (just like /upload) and so you have to >act accordingly. > >It's odd that the program creates the shortcut with the /uploadifany >switch when there isn't any documentation on it anywhere, as far as I >can tell - even googling the entire internet only turns up 3 irrelevant >results - two in German, one in Japanese. AFAICT, /uploadifany is simply >a version of /upload that does not return an error if it's used without >a file list present. > > >HTH, >- -- >Thanks, >Tyler Littlefield > >On 9/4/2010 8:02 PM, Katherine moss wrote: > > I think it's a Trojan, dude. Scan your computer with > > www.eset.com/onlinescan. That should tell you unless they were silly > > enough > > to overlook it. And also, check the directories that WinCP puts on your > > system. You could have just been unaware of it. > > > > -----Original Message----- > > From: programmingblind-bounce@xxxxxxxxxxxxx > > [mailto:programmingblind-bounce@xxxxxxxxxxxxx] On Behalf Of qubit > > Sent: Friday, September 03, 2010 11:45 PM > > To: bprogramming > > Subject: suspicious little link... > > > > Hi all -- > > Could someone tell me if this is part of an attack and if so, how do I > > rid > > my computer of it? > > I was cleaning off my desktop of old files and discovered a file with > > the > > name of " .lnk" (note that .lnk indicates it is a shortcut. I have > > fiddled > > with the registry to unhide all extensions in windows explorer.) > > Note that the above shortcut has the base name of a single space. I > > looked > > at the properties to see what this thing was pointing to, and found the > > following. > > target: c:\program files\WinSCP\WinSCP.exe /UploadIfAny > > > > I did in fact install WinSCP some time ago, but I was not aware of a > > little > > shortcut named space uploading who-knows-what. > > I don't know the target server of the upload or the directory on my > > machine > > that it would look at. > > > > I wouldn't be surprised if there was a trojan on this laptop as I have > > indiscriminantly installed a number of programs, but given the > > suspicious > > appearance of this shortcut I fear there are data files being > > compromised. > > My machine is running xp pro, but I don't have server software running > > on > > it. > > So does anyone recognize this file? Could it be legitimate? Where would > > I > > look for related files? > > > > I suppose the admin logs would shed light on any uploads. > > Thanks. > > --le > > > > __________ > > View the list's information and change your settings at > > //www.freelists.org/list/programmingblind > > > > > > > > __________ Information from ESET NOD32 Antivirus, version of virus > > signature > > database 5423 (20100904) __________ > > > > The message was checked by ESET NOD32 Antivirus. > > > > http://www.eset.com > > > > > > __________ Information from ESET NOD32 Antivirus, version of virus > > signature > > database 5423 (20100904) __________ > > > > The message was checked by ESET NOD32 Antivirus. > > > > http://www.eset.com > > > > > > > > __________ Information from ESET NOD32 Antivirus, version of virus > > signature > > database 5423 (20100904) __________ > > > > The message was checked by ESET NOD32 Antivirus. > > > > http://www.eset.com > > > > > > __________ > > View the list's information and change your settings at > > //www.freelists.org/list/programmingblind > > > > >-----BEGIN PGP SIGNATURE----- >Version: GnuPG v1.4.10 (MingW32) >Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > >iQEcBAEBAgAGBQJMgv2uAAoJELDPyrppriJP3+wIALkVixuoKk7+yOpQQQe52qGz >1b/n2HgIX5omXkBXvT7IX40uNZEncrR5s5IJBgeh1J0B62Olc2vbl4Ju9Igv6BiK >G9fqEIOwsO4MhmHe1DlDwI1vBCXR8KM/jSiweMz63FmIHklUrAQZEFe0SrTmHnOO >FU4jKlNCoUsK20UDs5Nfw9fGTEzigCmAHwqAF/it/9iF/Vnl6dICm2vUdk7KTuDQ >MYyxbnyAb3aH0KuwBBKdN1ELrQVy3i5T4IWKH7ZEt55WXX7xtmZerGlWC+EyCeH2 >EJJGFz8FkdD0xEvkbMNtjuZLpUhHUw0JdDFwJngPceWENeQTA9koXIT1v8de2u8= >=jbrd >-----END PGP SIGNATURE----- >__________ >View the list's information and change your settings at >//www.freelists.org/list/programmingblind > >__________ >View the list's information and change your settings at >//www.freelists.org/list/programmingblind Tim trouble Verizon FIOS support tech "Never offend people with style when you can offend them with substance." --Sam Brown Blindeudora list owner. To subscribe or info: //www.freelists.org/webpage/blindeudora __________ View the list's information and change your settings at //www.freelists.org/list/programmingblind __________ View the list's information and change your settings at //www.freelists.org/list/programmingblind