G Data LNK-Checker Protects Against LNK Security Vulnerability

Martin Brinkmann
Jul 27, 2010
Updated • Dec 12, 2014
Security, Windows software

A recently discovered vulnerability in the processing of lnk files in the Windows operating system may be used by attackers to execute malicious code on systems that are attacked by it. Windows users can take a look at our previous coverage of the security issue for additional details.

The nature of the vulnerability makes it possible to exploit it without user interaction, displaying the link icon is enough to execute the code.

Microsoft has provided workarounds and a fix-it solution in a security advisory, unfortunately though with side effects that remove icons from programs in the Windows taskbar or start menu (which from then on show up as blank icons).

Several security companies have created their own workarounds and protections, and one of those resulting programs is the G Data LNK-Checker.

lnk checker
lnk checker

The security software, upon installation and a necessary restart, detects potentially dangerous LNK files and blocks the automatic execution of these vulnerable file types. The application further changes the icons of suspicious links so that they are easier to identify.

Files that are found not to be suspicious are displayed the default way which makes this a preferred solution over Microsoft's Fix-It solution and manual workarounds, which as mentioned above change all icons to blank ones.

It is important to note that suspicious files should not be executed on the computer system (by double-clicking for instance), since this can trigger the malicious code they contain.

G Data LNK-Checker is available for download at the G Data website. The program description is only available in German, the installation however is available in English as well.

Update: English version of G Data LNK-Checker available here.

Update 2: The Link Checker application is still available but not really necessary anymore as Microsoft has released a patch in the meantime that closes the vulnerability on all versions of Windows.


Tutorials & Tips

Previous Post: «
Next Post: «


  1. ilev said on July 28, 2010 at 9:11 am

    Sophos has also issued aprogram to detect and stop the .LNK trojan

    Free Sophos tool blocks Windows shortcut attacks : http://www.computerworld.com/s/article/9179698/Free_Sophos_tool_blocks_Windows_shortcut_attacks?source=rss_news

    1. Martin said on July 28, 2010 at 3:25 pm

      Just to add, Heise Online states that the Sophos tool “does not respond to files stored on local hard disks. Therefore, users can still infect their systems, for instance, by unpacking a ZIP archive”. http://www.h-online.com/security/news/item/Anti-virus-vendors-offer-free-LNK-protection-Update-1046183.html

    2. Martin said on July 28, 2010 at 10:24 am

      Ilev thanks for the information, appreciated.

  2. Karbi said on July 27, 2010 at 7:16 pm

    The English version is available at this page: http://www.gdatasoftware.co.uk/support/downloads/tools.html

    1. Martin said on July 27, 2010 at 7:22 pm

      Karbi thanks for the information, I have added the link to the article.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.