Milos, thank you for your thorough investigation on this issue.
But, here comes the hazy part of this odd problem. If a friend sends me an email with a lnk which can lead me to his well-arranged script procedure, and if I click on that lnk it starts the scripts automatically as intended and simply DOES NO HARM to the Windows system. In that case, will Avast still detect that email as suspected of Win32:Lnkget infection because of some automated scripts getting executed?
Or, does there need to be any harmful signatures or patterns of the activities of the executed scripts which match Avast iAVS DB and therefore trigger the alarm? For example, the suspected scripts are manipulating the system or put users in the harm way.
If you said that the file "p" doesn't exist at this time on that ftp server and therefore this script can do no harm to my system, and if this email message is still detected by Avast! as infected as of today, then I wonder whether it is detected simply because of embedded scripts in lnk reference. If it is the case, to me it is more like a "access control related issue" and users need to wisely set their system so that they do not easily trigger something unexpectedly. Could that be the reason that the other antivirus software products can not conclude this email infected simply from finding embedded scripts, but instead needing more evidence on suspected activities?
Thank you,
Dan