[Date Prev][Date Next][Subject Prev][Subject Next][ Date Index][ Subject Index]

Re: looks like I've been hijacked

Subject: Re: looks like I've been hijacked
From: "Andy Turnbull" andyt@xxxxxxxx
Date: Sat, 22 Nov 2008 10:54:51 -0500

Thanks.

I didn't have to use the tcp program, (though I am keeping the link, just in
case) On the assumption that it was a tmp file, running with an exe, I
re-started the machine. When it restarted I had another file -- vdc
something, I think, next to the vdm but I was able to dump both.


I guess the exe may have been RDC.exe, which didn't show on
control-alt-delete but which I had to stop manually to re-start. This might
have been the one that allowed the apple tech to look inside my 'puter.


Anyway, all seems to be okay now, and I guess my warning was (probably) a
false alarm.


thanks again.

andy t

----- Original Message -----
From: "flash" 

To: 
Sent: Saturday, November 22, 2008 9:37 AM
Subject: Re: looks like I've been hijacked



Andy,

VDM37E is almost certainly a temp file left over from some operation.
TMP files are sometimes hard to get rid of, especially if the .exe file
which produced them is still running (whether harmless or malicious).

For what it's worth:
http://keskustelu.afterdawn.com/thread_view.cfm/666312

I suggest you get TCPview running on the affected machine and find out
whether some .exe file is making repeated connections to Finland. Once
you know which .exe file is behind this, you can go to Sophos or
Symantec and find out how to defeat it.







--------------------------------------------------------------------------------



No virus found in this incoming message.
Checked by AVG - http://www.avg.com
Version: 8.0.175 / Virus Database: 270.9.9/1805 - Release Date: 11/22/2008
10:34 AM

Prev by Date: Re: weird text marking
Next by Date: Markup.pm hung mysteriously--just once
Previous by thread: Re: looks like I've been hijacked
Next by thread: Re: looks like I've been hijacked
Index(es):
- Date
- Subject