Re: suspicious little link...
- From: "qubit" <lauraeaves@xxxxxxxxx>
- To: <programmingblind@xxxxxxxxxxxxx>
- Date: Sat, 4 Sep 2010 21:48:59 -0500
I indeed did install WinSCP, and it is only on my computer, I hope. We don't
have a tight network in this house -- just a simple lan with a little file
sharing. Could a trojan travel from one computer to another without me doing
anything?
--le
----- Original Message -----
From: "Tyler Littlefield" <tyler@xxxxxxxxxxxxx>
To: <programmingblind@xxxxxxxxxxxxx>
Sent: Saturday, September 04, 2010 9:11 PM
Subject: Re: suspicious little link...
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Like totally, dude. Like OMG!
That aside, I don't see WINScp loading you up with trogens. And silly
enough to overlook what?
I did a quick scan through the docs and didn't see that arg you asked
about, but I'm not quite sure what it would upload. It seems the upload
target would have to be in the command line. But that link would still
have to be fired off for it to upload anything. Unless this is some
elaborate trogen full of holes, but you really can't expect winSCP to be
installed on a computer. How many end-users have it?
On 9/4/2010 8:02 PM, Katherine moss wrote:
> I think it's a Trojan, dude. Scan your computer with
> www.eset.com/onlinescan. That should tell you unless they were silly
> enough
> to overlook it. And also, check the directories that WinCP puts on your
> system. You could have just been unaware of it.
>
> -----Original Message-----
> From: programmingblind-bounce@xxxxxxxxxxxxx
> [mailto:programmingblind-bounce@xxxxxxxxxxxxx] On Behalf Of qubit
> Sent: Friday, September 03, 2010 11:45 PM
> To: bprogramming
> Subject: suspicious little link...
>
> Hi all --
> Could someone tell me if this is part of an attack and if so, how do I rid
> my computer of it?
> I was cleaning off my desktop of old files and discovered a file with the
> name of " .lnk" (note that .lnk indicates it is a shortcut. I have fiddled
> with the registry to unhide all extensions in windows explorer.)
> Note that the above shortcut has the base name of a single space. I
> looked
> at the properties to see what this thing was pointing to, and found the
> following.
> target: c:\program files\WinSCP\WinSCP.exe /UploadIfAny
>
> I did in fact install WinSCP some time ago, but I was not aware of a
> little
> shortcut named space uploading who-knows-what.
> I don't know the target server of the upload or the directory on my
> machine
> that it would look at.
>
> I wouldn't be surprised if there was a trojan on this laptop as I have
> indiscriminantly installed a number of programs, but given the suspicious
> appearance of this shortcut I fear there are data files being compromised.
> My machine is running xp pro, but I don't have server software running on
> it.
> So does anyone recognize this file? Could it be legitimate? Where would I
> look for related files?
>
> I suppose the admin logs would shed light on any uploads.
> Thanks.
> --le
>
> __________
> View the list's information and change your settings at
> //www.freelists.org/list/programmingblind
>
>
>
> __________ Information from ESET NOD32 Antivirus, version of virus
> signature
> database 5423 (20100904) __________
>
> The message was checked by ESET NOD32 Antivirus.
>
> http://www.eset.com
>
>
> __________ Information from ESET NOD32 Antivirus, version of virus
> signature
> database 5423 (20100904) __________
>
> The message was checked by ESET NOD32 Antivirus.
>
> http://www.eset.com
>
>
>
> __________ Information from ESET NOD32 Antivirus, version of virus
> signature
> database 5423 (20100904) __________
>
> The message was checked by ESET NOD32 Antivirus.
>
> http://www.eset.com
>
>
> __________
> View the list's information and change your settings at
> //www.freelists.org/list/programmingblind
>
>
- --
Thanks,
Tyler Littlefield
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJMgvw2AAoJELDPyrppriJPjMsIAMvXtFKemdRxcYipuCfjKXCB
D4h2VCjWPrz4aBswgJ/91L88cDkBSAQ5xQAhT2ae5/Dg6iYNOZ9WOacKC992K8m7
221P6EDmVcN2xLkWy1Q8N9uCFfMiXZ3jKK53mAXowR1tRXql0AYu2KtABtsn5UK4
sr25ekrsSHrGtK3azJhUzZMy1G1AV2Ea6Qzi8Tv3B5Mw/31Mh/dWKv+Dg/1hLAFv
dYO/CuLb++OjmFtIf2j5osRKPt5Sm69y/Dqq+0CdMAI7/z5Oka0qeJtgIfXh7PpC
U7Tour7iDWnnvTpocVUxce+XtEX1jWdpH+tSIp+lr1FuAo1yBimbmHWJn9I9u1I=
=dh1f
-----END PGP SIGNATURE-----
__________
View the list's information and change your settings at
//www.freelists.org/list/programmingblind
__________
View the list's information and change your settings at
//www.freelists.org/list/programmingblind
Other related posts:
