Solved

pc types strange commands by itself %systemroot%/system32/cmd.exe del eq echo open etc.

Posted on 2011-03-03
10
1,279 Views
Last Modified: 2012-05-11
I'm having this exact problem but haven't found how to fix it. pls help.

http://www.techtalkz.com/windows-xp/148412-pc-typed-itself-systemroot-system32-cmd-exe-del-eq-echo-open.html
0
Comment
Question by:eggster34
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
10 Comments
 
LVL 32

Expert Comment

by:aleghart
ID: 35032690
Wipe the computer and re-install.  You obviously have an infection and haven't found a cure.

What answer are you looking for?   I see people all the time asking how they can do anything to avoid having a clean computer.

Fighting malware doesn't give you a clean computer.  You have no idea what else it has done to comprimise your system.

If you format the drive & re-install everything from clean/legal installation media, there aren't any problems.
0
 
LVL 32

Expert Comment

by:aleghart
ID: 35032722
Possible that the "infection" is screen sharing software or VNC that you installed, allowing someone else to control remotely.  But, like I said, you don't know what else they've done.  And...possibly are stealing your personal files/data while you remain connected to the internet.

Disconnect from the network & backup your data while you can.  Don't worry about trying to save your Windows installation.  Worry about your data and safety first.
0
 

Author Comment

by:eggster34
ID: 35033064
I'd like to know the name of the virus and a way to remove it if possible, rather than general and not very useful advice; I'm smart enough to figure out that if I wipe everything and reinstall the OS from scratch, the issue will go away; I would not have consulted EE if this was my intention; any idiot can wipe his hard drive and reinstall things from installation media, it's the smart guy who can clean the infection and get on with his life rather than spending 12 hours he doesn't have on it, so if you don't know the answer, please just hold your thoughts to yourself so that others can have a chance to look at this question and offer their opinion. thank you.
0
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

 
LVL 32

Accepted Solution

by:
aleghart earned 500 total points
ID: 35033178
Your symptom points to a VNC vulnerability.  With VNC, the remote attacker has control over your computer.

As much as you may think I'm an idiot, I don't know of any sysadmins who would deliberately leave a system under control of a remote attacker and call it "smart".

Re-imaging a computer is trivial.  I do it twice a year.  More often on test systems.

Have you already tried to uninstall VNC?
0
 
LVL 32

Expert Comment

by:aleghart
ID: 35033210
Launch TaskMgr and kill any VNC app/process that's running.

Find the installation directory \Program Files\xxxVNC
type in the command line using the name of the VNC executable, for example:  WinVNC.exe -remove
0
 

Author Comment

by:eggster34
ID: 35041321
I'm not running VNC. Why did you assume I was?
0
 
LVL 32

Expert Comment

by:aleghart
ID: 35042435
The same symptom show up on users with Windows, OS X, and Linux.  OS X users reported turning on their remote control (VNC server) software before the commands began.  VNC server can also be dropped into a Windows installation as part of malware payload.  It's very small and consumes little memory.

Many flavors already have a stealth mode built-in.

If it's VNC backdoor, remote commands are received via internet, so disconnecting from internet (disable all network interfaces) and rebooting should result in no more commands received/executed.  Connecting to internet would show symptoms again.

Not sure of the connection requirements...remote commands used to require direct connect to the internet (thus having a hardware firewall/router would stop the attack.
0
 

Author Closing Comment

by:eggster34
ID: 35111271
I formatted my PC, but your comments are valid and I thank you for helping me. I believe this would help others with a similar problem looking for a solution.
0
 
LVL 32

Expert Comment

by:aleghart
ID: 35113612
Thanks.  I understand it would have been less time-consuming to nip the problem in the bud.  At least your computer will be running good-as-new, and 100% clean.
0
 

Author Comment

by:eggster34
ID: 35113746
The idea of having a secret vnc server running without my knowledge was quite scary so I chose to format it, thanks again.
0

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
This article investigates the question of whether a computer can really be cleaned once it has been infected, and what the best ways of cleaning a computer might be (in this author's opinion).
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…

632 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question