I am not sure on that as he noted that his system is XP, although I
could miss something.
Regards,
Alex
Mick wrote:
This appears to be Linux trojan:
http://www.symantec.com/security_response/writeup.jsp?docid=2005-032316-4307-99&tabid=1
Given the types of directorates it creates you must have been running X or
other applications as a root and you allowed it to install, or run some
unchecked binary. If this were my system I would *definitely* reinstall,
after using shred on the partitions.
Good luck.
On Friday 03 November 2006 18:35, Alex Pelts wrote:
This is possibly some spyware or trojan which hides its process from
process manager. You can try to use tools from sysinternals.com to
discover this process. Also run updated anti-virus software to check if
there is any virus.
When you run anti-virus disable windows restore because if the file is
in one of the windows directories it will be restored right back. You
should have your hand full with this one. Don't let is slide though
because it may be some key logger of some zombie software.
Alex
danidani wrote:
PID is 1576 but it doesn't correspond to any PID that is listed in the
Task Manager
quite strange isn't it?!
On 11/3/06, *Alex Pelts* < [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>> wrote:
Under win xp you can run "netstat -a -o". That will give you pid of
process which owns each connection. From there you can run task
manager and find out who opened that connection. On unix there is a
similar facility although switches are different and you need to be root
to do it.
Regards,
Alex
danidani wrote:
> GREAT, it works with this trick!!
>
> Now the question is... which program is using port 5900??!
>
>
>
>
> On 11/3/06, John Aldrich < [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>> wrote:
>> On Friday 03 November 2006 10:50, danidani wrote:
>>> Doing telnet ipaddress 5900 I obtain:
>>> : [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
NOTICE * :psyBNC2.3.1
>>> running telnet ipaddress 5907 I get
>>>
>>> RFB 003.008
>>>
>>> and that is correct because I changed the port on the vnc server
>>>
>>>
>>> Anyway I don't get access yet.
>>
>> Try adding :7 to the name or IP address of the PC you're
attempting to
>> connect
>> to from remote. Or you can put ::5907 after the name/ip address
of the PC.
>> John
>> _______________________________________________
>> VNC-List mailing list
>> VNC-List@realvnc.com <mailto:VNC-List@realvnc.com>
>> To remove yourself from the list visit:
>> http://www.realvnc.com/mailman/listinfo/vnc-list
--
skype: danieleda
msn: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
_______________________________________________
VNC-List mailing list
VNC-List@realvnc.com
To remove yourself from the list visit:
http://www.realvnc.com/mailman/listinfo/vnc-list
_______________________________________________
VNC-List mailing list
VNC-List@realvnc.com
To remove yourself from the list visit:
http://www.realvnc.com/mailman/listinfo/vnc-list
