OT: What is plink.exe .?

You might look into Olly Debug. It "knows" about the Windows API and makes it easier to read the code by showing the named function calls.

Best regards,

Bob Masta DAQARTA v7.50 Data AcQuisition And Real-Time Analysis

Scope, Spectrum, Spectrogram, Sound Level Meter Frequency Counter, Pitch Track, Pitch-to-MIDI FREE Signal Generator, DaqMusiq generator Science with your sound card!

Go there. It explains how it works, scroll down on the part where it talks about it being in the batch file and how it can auto connect to a server and run a script. You should check that to see if that is actually happening, something tells me you remote access taking place that you don't need or want.

Jamie

The above utility will show you everything that is loaded by Windows. Yes it's now owned by Microsoft after a buy-out but was developed independently by Mark Russinovich. You can remove stuff you don't approve of.

plink.exe nominally belongs to the puTTY suite of SSH/Telnet utilites though some malware could conceivably have appropriated it at some time.

I have puTTY installed on a Lenovo laptop and don't get the behaviour you're describing.

Chris.

The real Plink and what it does:

--
Jeff Liebermann     jeffl@cruzio.com 
150 Felker St #D    http://www.LearnByDestroying.com 
Santa Cruz CA 95060 http://802.11junk.com 
Skype: JeffLiebermann     AE6KS    831-336-2558

[snip]

That doesn't mean it didn't up/download other stuff. Just not named plink*

Find the batch file that calls it and see what command line options are passed. Particularly what remote host it tries to connect to and what files it attempts to transfer.

Since plink is not a Windows component, it was installed after the system. Probably as a part of some other software installation. Do you have any tools to search for executables created or updated in a time window around the time stamp of the plink.exe file itself? Tha might tell you how you got it.

It could be benign, like a part of some anti-virus tool that just automatically fetches new data from time to time. Or it could be Evil.

--
Paul Hovnanian 
Have gnu, will travel.

It's labeled OT. Ignore them if you don't like them.

--
Paul Hovnanian 
Have gnu, will travel.

No one is complaining that the subject is OT. It was a question he could have found the answer to rather easily by using Google. Have you never seen lmgtfy before?

--

Rick

I see you still haven't eaten the 20% fat hamburger, so your brain remains fog-ridden >:-} ...Jim Thompson

--
| James E.Thompson                                 |    mens     | 
| Analog Innovations                               |     et      | 
| Analog/Mixed-Signal ASIC's and Discrete Systems  |    manus    | 
| San Tan Valley, AZ 85142     Skype: skypeanalog  |             | 
| Voice:(480)460-2350  Fax: Available upon request |  Brass Rat  | 
| E-mail Icon at http://www.analog-innovations.com |    1962     | 
              
I love to cook with wine.     Sometimes I even put it in the food.