A friend's PC with XP Home and AVG AV comes up with it having Links.exe
present in C:\Windows\System32, and AVG tells him he should get rid of it,
but even booting into safe mode with command prompt, a DIR listing says it's
not there. Using attrib -h -s doesn't make it display either. Any ideas why?

Martin Ellis wrote:

> A friend's PC with XP Home and AVG AV comes up with it having
> Links.exe present in C:\Windows\System32, and AVG tells him he should
> get rid of it,
> but even booting into safe mode with command prompt, a DIR listing
> says it's not there. Using attrib -h -s doesn't make it display
> either. Any ideas why?

If you Google for "Links.exe" you'll get a lot of hits. Here's just one:

http://securityresponse.symantec.com...epress@mm.html

I would scan in Safe Mode with either Sysclean or Dave Lipman's Multi-AV
to start.

http://www.elephantboycomputers.com/...icros_Sysclean
http://www.ik-cs.com/multi-av.htm - how to use Dave Lipman's Multi-AV
http://www.ik-cs.com/programs/virtools/Multi_AV.exe - Multi-AV download

Then continue with general malware removal -
http://www.elephantboycomputers.com/...moving_Malware

Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User

[[links.exe is a process which is registered as a depress worm variant
Trojan. This Trojan allows attackers to access your computer, stealing
passwords, Internet banking and personal data. ]]

The next time that message pops up, have AVG delete links.exe.

Maybe links.exe got quarantined by AVG.

Look in C:\$VAULT$.AVG

Or open AVG Control Center...
Double click the AVG icon down by the clock |
Scroll down to and click on Virus Vault | Click the Open button |
Click the Action menu | Pick an action

Maybe links.exe was already deleted by AVG.

Do a Search for links.exe on the machine.

HOW TO: Search For Hidden Or System Files In Windows XP
http://support.microsoft.com/default...b;en-us;302347

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In news:2E7D7D26-EEDF-4612-99C1-70E35DC6683B@microsoft.com,
Martin Ellis <MartinEllis@discussions.microsoft.com> hunted and pecked:
> A friend's PC with XP Home and AVG AV comes up with it having Links.exe
> present in C:\Windows\System32, and AVG tells him he should get rid of it,
> but even booting into safe mode with command prompt, a DIR listing says
> it's not there. Using attrib -h -s doesn't make it display either. Any
> ideas why?

From: "Martin Ellis" <MartinEllis@discussions.microsoft.com>

| A friend's PC with XP Home and AVG AV comes up with it having Links.exe
| present in C:\Windows\System32, and AVG tells him he should get rid of it,
| but even booting into safe mode with command prompt, a DIR listing says it's
| not there. Using attrib -h -s doesn't make it display either. Any ideas why?


Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file. http://www.ik-cs.com/multi-av.htm


* * * Please report back your results * * *


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm