I indeed did install WinSCP, and it is only on my computer, I hope. We don't have a tight network in this house -- just a simple lan with a little file sharing. Could a trojan travel from one computer to another without me doing anything? --le ----- Original Message ----- From: "Tyler Littlefield" <tyler@xxxxxxxxxxxxx> To: <programmingblind@xxxxxxxxxxxxx> Sent: Saturday, September 04, 2010 9:11 PM Subject: Re: suspicious little link... -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Like totally, dude. Like OMG! That aside, I don't see WINScp loading you up with trogens. And silly enough to overlook what? I did a quick scan through the docs and didn't see that arg you asked about, but I'm not quite sure what it would upload. It seems the upload target would have to be in the command line. But that link would still have to be fired off for it to upload anything. Unless this is some elaborate trogen full of holes, but you really can't expect winSCP to be installed on a computer. How many end-users have it? On 9/4/2010 8:02 PM, Katherine moss wrote: > I think it's a Trojan, dude. Scan your computer with > www.eset.com/onlinescan. That should tell you unless they were silly > enough > to overlook it. And also, check the directories that WinCP puts on your > system. You could have just been unaware of it. > > -----Original Message----- > From: programmingblind-bounce@xxxxxxxxxxxxx > [mailto:programmingblind-bounce@xxxxxxxxxxxxx] On Behalf Of qubit > Sent: Friday, September 03, 2010 11:45 PM > To: bprogramming > Subject: suspicious little link... > > Hi all -- > Could someone tell me if this is part of an attack and if so, how do I rid > my computer of it? > I was cleaning off my desktop of old files and discovered a file with the > name of " .lnk" (note that .lnk indicates it is a shortcut. I have fiddled > with the registry to unhide all extensions in windows explorer.) > Note that the above shortcut has the base name of a single space. I > looked > at the properties to see what this thing was pointing to, and found the > following. > target: c:\program files\WinSCP\WinSCP.exe /UploadIfAny > > I did in fact install WinSCP some time ago, but I was not aware of a > little > shortcut named space uploading who-knows-what. > I don't know the target server of the upload or the directory on my > machine > that it would look at. > > I wouldn't be surprised if there was a trojan on this laptop as I have > indiscriminantly installed a number of programs, but given the suspicious > appearance of this shortcut I fear there are data files being compromised. > My machine is running xp pro, but I don't have server software running on > it. > So does anyone recognize this file? Could it be legitimate? Where would I > look for related files? > > I suppose the admin logs would shed light on any uploads. > Thanks. > --le > > __________ > View the list's information and change your settings at > //www.freelists.org/list/programmingblind > > > > __________ Information from ESET NOD32 Antivirus, version of virus > signature > database 5423 (20100904) __________ > > The message was checked by ESET NOD32 Antivirus. > > http://www.eset.com > > > __________ Information from ESET NOD32 Antivirus, version of virus > signature > database 5423 (20100904) __________ > > The message was checked by ESET NOD32 Antivirus. > > http://www.eset.com > > > > __________ Information from ESET NOD32 Antivirus, version of virus > signature > database 5423 (20100904) __________ > > The message was checked by ESET NOD32 Antivirus. > > http://www.eset.com > > > __________ > View the list's information and change your settings at > //www.freelists.org/list/programmingblind > > - -- Thanks, Tyler Littlefield -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJMgvw2AAoJELDPyrppriJPjMsIAMvXtFKemdRxcYipuCfjKXCB D4h2VCjWPrz4aBswgJ/91L88cDkBSAQ5xQAhT2ae5/Dg6iYNOZ9WOacKC992K8m7 221P6EDmVcN2xLkWy1Q8N9uCFfMiXZ3jKK53mAXowR1tRXql0AYu2KtABtsn5UK4 sr25ekrsSHrGtK3azJhUzZMy1G1AV2Ea6Qzi8Tv3B5Mw/31Mh/dWKv+Dg/1hLAFv dYO/CuLb++OjmFtIf2j5osRKPt5Sm69y/Dqq+0CdMAI7/z5Oka0qeJtgIfXh7PpC U7Tour7iDWnnvTpocVUxce+XtEX1jWdpH+tSIp+lr1FuAo1yBimbmHWJn9I9u1I= =dh1f -----END PGP SIGNATURE----- __________ View the list's information and change your settings at //www.freelists.org/list/programmingblind __________ View the list's information and change your settings at //www.freelists.org/list/programmingblind