Has My System Been Compromised - Chinese Characters - Anydesk

P

PoeticKinetics

Registered
Hi folks, this is my first post. I'm hoping someone with more skills than I can help out.

I installed a remote desktop program called AnyDesk on OSX. When testing by connecting to another laptop, I typed the AnyDesk ID number in of my target machine, then I simply went to copy the ID number into the clipboard and paste it into notes so I could easily access it in future. Strangely the ID number was pasted, and then immediately following the ID number a whole bunch of Chinese(?) characters also pasted into notes. It looks like the Chinese characters had been amended to my clipboard.

I tried searching what the text meant, but pasting it into Safari and hitting search caused Safari to crash!

The ID number is a 9 digit numerical string. Then this is the strange text that was appended to it.

獢退渭늜ᄠ䙉翍翿正䙲ǔ릴Ŏ翿뗠䵕悀翿慲䙎怀䓍䙸ᰘ䧄猎䙻翿ƈ߼䚄碗閿䥭↊瑮档猎閿䥭蜴协࠘᤼餺协䁱ꆘ)掛掫餺䘭߼7藜߼⵲畧睲渭￿ﻅā᠙߼睲渭￿ఌā߼鬌楌渭辶

It only happened once, when I repeated the steps no additional characters were present. Which makes me think that it's not a bug in the AnyDesk program, but possibly something more sinister.

I have no idea what it means, if anything, or where the hell it came from. Does anyone know if this is a symptom of my system being breached? Ie accessing a shared clipboard from someone remote accessing my system.

Is anyone able to translate the characters by any chance? Google Translate has no luck.

I'm aware that apple scripts can be triggered by almost anything and can easily add text to an existing clipboard string. But that's about all I know.

I'm running OSX Sierra on a Mac Air 2014. I have Teamviewer and AnyDesk software installed.

Remote access through OSX is deactivated in all the relevant areas I can find.

Any input on this would be great, I'm at a loss.
 
Satcomer said:
Dow.oad the free app MailwareBytes.com and see if it remove a Trojan.
Click to expand...
Thanks, I've run a few different scanners inc MB. Nothing came up. But due to the odd behaviour I still want to work out why it happened. If someone was accessing a VNC program to remote into my computer without my knowledge it wouldn't necessarily come up as a virus.
My firewall seems up to date. No more issue since, so I'm really hoping it was just a glitch. Either way I'd like to uncover the reason.

~ Cheers
 
Also go into your browser setting and delete the cache and history. Also open your System Preferences-> Network, Avanced button, DNS section and make sure it is either pointed to your router or to Googe DNS or OpenDNS settings!

Plus go into your router and make sure it's DNS is pointed to the correct ISP or other Servers you are using.
 
Satcomer said:
Also go into your browser setting and delete the cache and history. Also open your System Preferences-> Network, Avanced button, DNS section and make sure it is either pointed to your router or to Googe DNS or OpenDNS settings!

Plus go into your router and make sure it's DNS is pointed to the correct ISP or other Servers you are using.
Click to expand...
Thanks, yep I use Google for personal DNS. I'll have to look into the router, I don't have full access to it. Do you know if there's a way of doing a type of whois/port scan to detect the DNS settings from on the network, without logging into the router admin interface?
 
Ok, so here's an update. I've been trying to view the text in different programs to try and see if there's anything built into it. I opened the file in BBedit, and re-converted the file to unicode UTF-16, which seems to display the characters correctly. Then another really strange thing happened, the amount of text increased to about 10 times the amount that was previously visible.

I'm not sure if this has something to do with it not being in the correct character code before, or if it had some kind of hidden text that I didn't see before. It's got me a bit concerned, but now I have more text to use to try and work out what is going on.

I also ran this new set of text through Google's translator. I have no idea if it makes any sense or not as I don't speak chinese. If I could work out what it says, I might have a close as to where it came from.

Anybody out there fluent in Chinese and could help out? Many thanks.
---
Dāng dǐ yù lǚ nǎn hú lǜ huì wǒ zhū ㈵㉜ dáo dáo mán wǔnj〴 xǐ mǐn dùn liè qián wǔ wǎn “dāng jǐng bàn róng sì shì jù dòng sì zhé ráo mǔ zhěnggs 㐠 fù yǒng kuì yǒng qiānⵒ jī shē mán róng yù jù guǎng méi lín zhé ráo mǔ zhěng 〠róng wèn zhěng méi xùn jù ㉜ pǔ jié jù shě mán jiào diāo ㈹⁁huī zhī niàn yì jìn méi hù mǎng bō chǔ wū yáoṛa dié jù dòng sì zhé ráo mǔ zhěng 〠qí yú shàn dòng dáo tàng lí róng mǎo jù dòng sì zhé ráo mǔ zhěng 〠hū láng kǎ nǎn zhì wān ráo róng nì jù dòng sì zhé ráo mǔ zhěng 〠wēng liè gài jìn lǜ tàng huàn jù chí pǔ jié jù shě mán jiào yǎn⁎zhū huì lǜ áo yìn mán tì lǜ róng wēn jù dòng sì zhé ráo mǔ zhěng 〠hū láng kǎ nǎn lián róng dōng jù dòng sì zhé ráo mǔ zhěngd lú háo qū gong gǔ huàn jù wèi pǔ jié jù shě mán jiào yǎn⁎zhū huì lǜ jìng cháo bēi gǔ lǜ róng yùze pǔ jié jù shě mán jiào què cuī bó zhuāng tāng shào rán gàn chǔⵒ jī shē mán dǐ੻xǐ shàn shào róng lè wā kě ㈵shǐ gǎo yàn xuàn xuǎn lǚ gàn qī xuǎn dǐ੻wāng lǚ shā lǜ tàng zhā shàn shào róng lè dǐṛa lán xún quáng zuòze lán xún gāngnh rènze bó mù yǎng pānze bó mù ài pānze lài fū dì ㈶〰huì xuàn nì niè〰huì xuàn jié chǔ húṛa lán māng lì bō jié lì línggs㍜bīnd〰lì pào (cái) 㝜 bīn ㈸㌴lì lè xìnu bīn ㌹zàng lì pò guǐ shǐ bīn yǔ〲 lì bō jié wèi bīn jú ㌶lì pò 㠰 4diǎnlán māng wēi yú zhǎo mǔ sì lán dǐ yǎng fú xiá bū zǒng shào “ṛa shì jù xiē 㐠 xǐ shì⁜❡mǐn ✹㐊 jùao1ṛa shì⁜❣guàn ❣wù jùao1Ċ jù 〠yáo wàn yáo kòuṛa yù jù ㈠ yáo kù yáo zàngṛa dié⁜dáze zhá ㌸㐠ṛa yù jù 〠è chéng èd qiú ㌠yáo sā yáo fùṛa yù⁜dáze fúd zhēn jù 〠yáo sā yáo 㔲 yáo wèn yáo wùṛa yù jù 〠è chéng ètt〳 㐠ṛa yù⁜dáze zhá zàng jù ㈠ yáo hù yáo xìṛa yù⁜dáze shēn ㌴ jù 〠yáo sā yáo 㔲ṛa yù ṛa fèi⁜✸yū ❥“jù 〠è chéng èl qú cuī yáo zuò yáo mǐṛa yù jù 〠yáo sā yáo 㔲ṛa yù jù 〠yáo fù yáo zhēnṛa yù ṛa shì⁜dáze yóu qú xì⁜❢yū ❢㌊jùao1ū jù 〠è chéng èd tān ㌠ṛa yù jù 〠è chéng ètt〴〠ṛa yù jù 㐠 è chéng è zhì qiè jùao1ṛa shì⁜dáze yóu kù rèn jùao1ṛa shì⁜❣u❤㐊 jùao1ṛa shì⁜dáze yóu 㠰 wù jùao1 è chéng è lè bùao1ṛa shì⁜❣㉜✵(k)jùao1ṛa nì⁜dáze shēn qiè jùao1 è chéng è ㈰pān jù 〠è chéng ètt〵㈠ṛa yù jù 〠yáo wěi yáo gǎn yáo gǎi yáo chèṛa yù jù 〠è chéng ètt qú cuīṛa yù⁜dáze diān tī bìṛa shì⁜❡sōu ✹zhǎn jùao1ṛa shì⁜❢shǐ ❢zhǎn jùao1̊ jù 〠yáo sā yáo qiānṛa yù jù 〠yáo gǎi yáo chèṛa yù jù 〠è chéng ètt qú cuīṛa yù⁜dáze diàn rèn huái⁜dáze fú ㈲㄰ jù 〠yáo fèi yáo shōuṛa yù jù 〠yáo hú yáo quèṛa yù jù bì è chéng è ㈰wěng jùao1 è chéng è zuò zhēn jù 〠yáo shì yáo xiéṛa yù jù 〠yáo hú yáo què è chéng ènh yì cuīṛa wēn⁜dáze zhágs zàng jùao1⤊jù 〠yáo qiè yáo sànṛa yù jù 〠yáo qiè yáo mǎoṛa yù jù 〠yáo shì yáo xiéṛa yù jù 〠è chéng èd máng xiāṛa yù⁜dáze jiǎ〴 㐠ᬷṛa shì⁜❤niè ❢nòng jùao1 è chéng è ㈰pān⁜dáze yóunh㌴ jù 〠yáo zào yáo kùṛa yù jù 〠yáo xì yáo miáoṛa yù jù 〠yáo wàn yáo kòuṛa yù⁜dáze fú xuǎn ㌵ jù lú è chéng è bù ㈲ao1ṛa yù⁜dáze jiǎ lòu jù liè è chéng è tān cí jùao1 è chéng è ㈰pān jù 〠yáo xì yáo miáoṛa yù jù 〠yáo wàn yáo kòuṛa yù⁜dáze fú xuǎn ㌵ jù㄰⁜dáze shēn shí 㐠ṛa yù⁜dáze jiǎ lòu⁜dáze jiǎ〴 㐠ṛa shì⁜❦yì ✴yì ✹㝜 ❦“jùao1 nì huì míṛa shì⁜❣niè ❢sōu dáze fú zhěn〲 jùao1
---

Unicode UTF-16 formatted.

筜牴昱屡湳楜慮獩捰朱㈵㉜捯捯慲瑦ㄵ〴屣潣潡獵扲瑦㜶《筜景湴瑢汜昰屦湩汜晣桡牳整ㄳ㐠偩湧䙡湧千ⵒ敧畬慲㭜昱屦獷楳獜晣桡牳整〠䡥汶整楣愻屦㉜普楬屦捨慲獥琱㈹⁁灰汥卄䝯瑨楣乥漭剥杵污爻ੜ昳屦湩汜晣桡牳整〠䅲楡汕湩捯摥䵓㭜昴屦湩汜晣桡牳整〠乯瑯卡湳䱥灣桡㭜昵屦湩汜晣桡牳整〠䱵捩摡䝲慮摥㬊屦㙜普楬屦捨慲獥琰⁎潴潓慮獓慭慲楴慮㭜昷屦湩汜晣桡牳整〠乯瑯卡湳奩㭜昸屦湩汜晣桡牳整ㄷ㠠䝥敺慐牯㬊屦㥜普楬屦捨慲獥琰⁎潴潓慮獍潮杯汩慮㭜昱ぜ普楬屦捨慲獥琷㜠䭯桩湯潲呥汵杵ⵒ敧畬慲㭽੻屣潬潲瑢氻屲敤㈵㕜杲敥渲㔵屢汵攲㔵㭽੻尪履硰慮摥摣潬潲瑢氻㭽ੜ灡灥牷ㄱ㤰ぜ灡灥牨ㄶ㠴ぜ浡牧氱㐴ぜ浡牧爱㐴ぜ癩敷眱㈶〰屶楥睨㜸〰屶楥睫楮搰ੜ灡牤屴砵㘶屴砱ㄳ㍜瑸ㄷ〰屴砲㈶㝜瑸㈸㌴屴砳㐰ㅜ瑸㌹㘸屴破㔳㕜瑸㔱〲屴砵㘶㥜瑸㘲㌶屴砶㠰㍜灡牤楲湡瑵牡汜灡牴楧桴敮晡捴潲《ੜ昰屦猲㐠屣昰⁜❡慜✹㐊屦ㄠੜ昰⁜❣摜❣戊屦ㄠĊ屦〠尧捥尧扣ੜ昱屦㈠尧㠸尧㘸ੜ昳⁜畣ぜ甴㌸㐠ੜ昱屦〠屵挰屵ㄷ㤹㌠尧挱尧㤱ੜ昱⁜畣ぜ甶ㄷ㘰屦〠尧挲尧㔲尧搵尧晤ੜ昱屦〠屵挰屵ㄸ〳㐠ੜ昱⁜畣ぜ甴㘸屦㈠尧戸尧戱ੜ昱⁜畣ぜ申㌴屦〠尧挲尧㔲ੜ昱ੜ昲⁜✸扜❥《屦〠屵挰屵ㄹ㜹㜠尧㤰尧㝥ੜ昱屦〠尧挲尧㔲ੜ昱屦〠尧㤱尧㘰ੜ昱ੜ昰⁜畣ぜ由㜹㤸⁜❢扜❢㌊屦ㄠଊ屦〠屵挰屵ㄷ㘱㌠ੜ昱屦〠屵挰屵ㄸ〴〠ੜ昱屦㐠屵挰屵㜱㤲屦ㄠੜ昰⁜畣ぜ由㠸㠴屦ㄠੜ昰⁜❣ㅜ❤㐊屦ㄠੜ昰⁜畣ぜ由㠰㐳屦ㄠ屵挰屵㔹㘵ㄠੜ昰⁜❣㉜✵㈊屦ㄠੜ昵⁜畣ぜ申㤲屦ㄠ屵挰屵㈰㐴屦〠屵挰屵ㄸ〵㈠ੜ昱屦〠尧捤尧敢尧改尧㤴ੜ昱屦〠屵挰屵ㄸ㜹㜠ੜ昱⁜畣ぜ甸㔸㘠ੜ昰⁜❡捜✹㜊屦ㄠੜ昰⁜❢㕜❢㔊屦ㄠ̊屦〠尧挱尧搴ੜ昱屦〠尧改尧㤴ੜ昱屦〠屵挰屵ㄸ㜹㜠ੜ昱⁜畣ぜ电㠴㜳⁜畣ぜ甶㈲㄰屦〠尧昲尧收ੜ昱屦〠尧搰尧慤ੜ昱屦㘠屵挰屵㈰㜲屦ㄠ屵挰屵㘴㘰屦〠尧昰尧㙦ੜ昱屦〠尧搰尧慤屵挰屵ㄶ㐹㜠ੜ昷⁜畣ぜ甴ㄳ㘸屦ㄠ⤊屦〠尧㤲尧散ੜ昱屦〠尧㤲尧昴ੜ昱屦〠尧昰尧㙦ੜ昱屦〠屵挰屵ㄷ㤶㔠ੜ昱⁜畣ぜ甲〴㐠ᬷੜ昰⁜❤敜❢挊屦ㄠ屵挰屵㈰㐴⁜畣ぜ由ㄶ㌴屦〠尧慥尧㠸ੜ昱屦〠尧戲尧㑤ੜ昱屦〠尧捥尧扣ੜ昱⁜畣ぜ甶㔵㌵屦㠠屵挰屵㘵㈲ㄠੜ昱⁜畣ぜ甲㔷屦㤠屵挰屵㘱㘹屦ㄠ屵挰屵㈰㐴屦〠尧戲尧㑤ੜ昱屦〠尧捥尧扣ੜ昱⁜畣ぜ甶㔵㌵屦㄰⁜畣ぜ申〸㐠ੜ昱⁜畣ぜ甲㔷⁜畣ぜ甲〴㐠ੜ昰⁜❦㑜✴㑜✹㝜❦《屦ㄠ屰慧攠ੜ昰⁜❣敜❢捜畣ぜ甶㐱〲屦ㄠ
 
I am not fluent, and only can try out some translations - but this appears to be advertising for shoes, as the character for sandals (often hemp sandals) is used repeatedly.
Hemp may refer to marijuana, if that tells you anything.

But, I think the characters are simply random, as often the characters are not chinese at all (stars, hearts, other icons), or just someone trying to sell some shoes :D
 
Thanks for your input. That's good to know :)
So it's most likely not straight text. I could still have something to do with the encoding being in the wrong format, maybe it's something completely different but my system detected it as unicode UTF16 and made it into the characters.

Cheers.
 
PoeticKinetics said:
Thanks, yep I use Google for personal DNS. I'll have to look into the router, I don't have full access to it. Do you know if there's a way of doing a type of whois/port scan to detect the DNS settings from on the network, without logging into the router admin interface?
Click to expand...
Cheers, I worked out how to obtain router DNS settings via the Apple Airport utility.
 
You must log in or register to reply here.
Back
Top