After all, I do not think that you have the key info:
"How malicious is the script from this lnk?" or "what constitutes Win32:Lnkget Trojan?"
Based on your provided reference link:
http://en.wikipedia.org/wiki/Antivirus_software#Identification_methods , it says:
>>
Malicious activity detection is another approach used to identify malware. In this approach, antivirus software monitors the system for suspicious program behavior. If suspicious behavior is detected, the suspect program may be further investigated, using signature based detection or another method listed in this section. This type of detection can be used to identify unknown viruses or variants on existing viruses.
<<
All referenced links pointed to the key idea:
"It takes a little more investigation to distinguish a malware from a suspicious false positive."
Normally, this investigation will reveal the true identity of the suspicious script. From Viruslist.com, a Trojan dropper/downloader will be identified as either a dangerous payload or a malware/adware with the help of a signature or other methods. I suspect that could be the reason some 32 out of 41 AV software products would not categorize it as a Trojan downloader/dropper when this script can not be downloaded from the ftp server for further investigation.
If Alwil is not about to provide the key info with regard to what the damaging activity signature it had when Win32:Lnkget was first created, then who knows? I may have to rest my case here. Your help thus far is appreciated nonetheless.