:-) ...Jim Thompson
:-) ...Jim Thompson
-- | James E.Thompson | mens | | Analog Innovations | et | | Analog/Mixed-Signal ASIC's and Discrete Systems | manus | | San Tan Valley, AZ 85142 Skype: skypeanalog | | | Voice:(480)460-2350 Fax: Available upon request | Brass Rat | | E-mail Icon at http://www.analog-innovations.com | 1962 | I love to cook with wine. Sometimes I even put it in the food.
You might look into Olly Debug. It "knows" about the Windows API and makes it easier to read the code by showing the named function calls.
Best regards,
Bob Masta DAQARTA v7.50 Data AcQuisition And Real-Time Analysis
Go there. It explains how it works, scroll down on the part where it talks about it being in the batch file and how it can auto connect to a server and run a script. You should check that to see if that is actually happening, something tells me you remote access taking place that you don't need or want.
Jamie
The above utility will show you everything that is loaded by Windows. Yes it's now owned by Microsoft after a buy-out but was developed independently by Mark Russinovich. You can remove stuff you don't approve of.
plink.exe nominally belongs to the puTTY suite of SSH/Telnet utilites though some malware could conceivably have appropriated it at some time.
I have puTTY installed on a Lenovo laptop and don't get the behaviour you're describing.
Chris.
The real Plink and what it does:
-- Jeff Liebermann jeffl@cruzio.com 150 Felker St #D http://www.LearnByDestroying.com Santa Cruz CA 95060 http://802.11junk.com Skype: JeffLiebermann AE6KS 831-336-2558
[snip]
That doesn't mean it didn't up/download other stuff. Just not named plink*
Find the batch file that calls it and see what command line options are passed. Particularly what remote host it tries to connect to and what files it attempts to transfer.
Since plink is not a Windows component, it was installed after the system. Probably as a part of some other software installation. Do you have any tools to search for executables created or updated in a time window around the time stamp of the plink.exe file itself? Tha might tell you how you got it.
It could be benign, like a part of some anti-virus tool that just automatically fetches new data from time to time. Or it could be Evil.
-- Paul Hovnanian Have gnu, will travel.
It's labeled OT. Ignore them if you don't like them.
-- Paul Hovnanian Have gnu, will travel.
No one is complaining that the subject is OT. It was a question he could have found the answer to rather easily by using Google. Have you never seen lmgtfy before?
-- Rick
I see you still haven't eaten the 20% fat hamburger, so your brain remains fog-ridden >:-} ...Jim Thompson
-- | James E.Thompson | mens | | Analog Innovations | et | | Analog/Mixed-Signal ASIC's and Discrete Systems | manus | | San Tan Valley, AZ 85142 Skype: skypeanalog | | | Voice:(480)460-2350 Fax: Available upon request | Brass Rat | | E-mail Icon at http://www.analog-innovations.com | 1962 | I love to cook with wine. Sometimes I even put it in the food.
ElectronDepot website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.