Follow:

 

Exploit:Win32/CplLnk.A


Microsoft security software detects and removes this threat.

This is a generic detection for specially crafted, malicious shortcut files that target the vulnerability exploited by the Win32/Stuxnet family.

When you browse a folder that has the malicious shortcut using an app that displays shortcut icons, the malware runs instead.

Find out ways that malware can get on your PC.  



What to do now

Use the following free Microsoft software to detect and remove this threat:

You should also run a full scan. A full scan might find other, hidden malware.

Get more help

You can also visit our advanced troubleshooting page or search the Microsoft virus and malware community for more help.

If you’re using Windows XP, see our Windows XP end of support page.

Threat behavior

Exploit:Win32/CplLnk.A is a generic detection for specially-crafted, malicious shortcut files that exploit the vulnerability also exploited by the Win32/Stuxnet family. When you browse a folder that has the malicious shortcut using an application that displays shortcut icons, the malware runs instead.

An example of an application that displays shortcut icons is Windows Explorer. No further user interaction is required, in most cases.

In the case of Win32/Stuxnet, Exploit:Win32/CplLnk.A points to the malware stored on a USB flash drive using the device descriptor, as in this pseudo-example:

\\.\Storage\Volume\USBStor\{CLSID value}\~WTR4141.tmp

Successful exploitation results in the malware running with the privileges of the logged-on user.

Additional Information

The vulnerability exploited by this threat was resolved with the release of Microsoft Security Bulletin MS10-046 and CVE-2010-2568.

Analysis by Peter Ferrie


Symptoms

Alerts from your security software may be the only symptom.


Prevention


Alert level: Severe
First detected by definition: 1.87.23.0
Latest detected by definition: 1.173.2181.0 and higher
First detected on: Jul 16, 2010
This entry was first published on: Jul 16, 2010
This entry was updated on: Oct 01, 2014

This threat is also detected as:
  • CVE-2010-2568 (other)
  • Worm/AutoRun.JV (AVG)
  • Trojan.Agent.AQCL (BitDefender)
  • LNK/Stuxnet.A (CA)
  • Trojan.Stuxnet.1 (Dr.Web)
  • LNK/Autostart.A (ESET)
  • Trojan-Dropper.Win32.Stuxnet.a (Kaspersky)
  • Stuxnet!lnk (McAfee)
  • Trj/Trecu.Lnk (Panda)
  • W32/Stuxnet-B (Sophos)
  • W32.Stuxnet!lnk (Symantec)
  • LNK_STUXNET.A (Trend Micro)
  • Exploit.CplLnk.Gen (VirusBuster)