Hello and welcome to CertForums.co.uk, here we host free active certification forums with links to the best free resources for Microsoft's MCSA MCSE MCDBA Cisco's CCNA CCDA and CCNP, and CompTIA's A+ Network+ i-NET+ and Security+ certifications in the UK. If you wish to post or use other advanced features you will need to register first. Registration is absolutely free and takes only a few minutes to complete so sign up today!

If you have any problems with the registration process or your account login, please contact support

Go Back   CertForums > Computing Support Forums > Security & Viruses
Reload this Page laptop compromised
Home Forums Register Search Today's Posts Mark Forums Read

laptop compromised
Post New ThreadReply
 
Thread Tools Display Modes
  #1  
Old 13-May-2008, 06:06 PM
shaggy shaggy is offline
Valued Member
Posts: 168
Points: 119 shaggy has over 100 pointsshaggy has over 100 points
Power: 5
None
Join Date: 08 Mar 2007
Location: Essex
Certifications: BND ICT Systems Support and Networking
WIP: A+
laptop compromised
Hi all, long time no speak

Got a bit of a worrying problem, on 2 occasions I have been remotely controlled by an unknown person via vnc.

Each time the person has opened up Task Manager, ended a few services and minimized it, then on one occasion they navigated to a website and started downloading something, but i had a mouse battle and cancelled it, eventually just whacked the power button

Then, just now, about 2 weeks after the first attack, it happens again while im not looking, but this time they signed me out of MSN and started to type "\systemroute" in the username box, i quickly closed the VNC icon in the system tray and closed down task manager which was opened again.

Ive done a full system virus scan, route kit scan, spyware scan, you name it, ive done it. no scary results though

Its the latest version of VNC, downloaded about a month ago.

How is someone doing this? and what can they do with \systemroute in the msn username field?

Any ideas?

Cheers

 
Reply With Quote
  #2  
Old 13-May-2008, 06:17 PM
BosonMichael's Avatar
BosonMichael BosonMichael is offline
Premium Member
Posts: 9,937
Points: 4640 BosonMichael has over 4000 pointsBosonMichael has over 4000 pointsBosonMichael has over 4000 pointsBosonMichael has over 4000 pointsBosonMichael has over 4000 pointsBosonMichael has over 4000 pointsBosonMichael has over 4000 pointsBosonMichael has over 4000 pointsBosonMichael has over 4000 pointsBosonMichael has over 4000 pointsBosonMichael has over 4000 points
Power: 149
None
Join Date: 02 Nov 2006
Location: near Nashville, TN
Age: 38
Certifications: MCSE+I, MCSE: Securi.. huh? out of room?
WIP: Just about everything!
Having VNC installed is probably part of the problem.

If you've been rootkitted, you won't see anything on a scan. I'd suggest backing up your data, formatting, and reinstalling from scratch.

BosonMichael
MCSE+I, MCSE: Security, MCDST, MCDBA, OCP, CCNP, CCDP, CNE, SCSA, Security+, Linux+, Server+, Network+, A+
Served proudly, US Army, 98C Intelligence Analyst, '89-'92
 
Reply With Quote
  #3  
Old 13-May-2008, 06:30 PM
greenbrucelee's Avatar
greenbrucelee greenbrucelee is offline
Premium Member
Posts: 7,109
Points: 1521 greenbrucelee has over 1500 pointsgreenbrucelee has over 1500 pointsgreenbrucelee has over 1500 pointsgreenbrucelee has over 1500 pointsgreenbrucelee has over 1500 pointsgreenbrucelee has over 1500 pointsgreenbrucelee has over 1500 pointsgreenbrucelee has over 1500 pointsgreenbrucelee has over 1500 pointsgreenbrucelee has over 1500 pointsgreenbrucelee has over 1500 points
Power: 89
Join Date: 21 Mar 2007
Location: Carlisle Cumbria
Age: 31
Certifications: A+
WIP: N+
Are you wireless?

Are you broadcasting your ip address?

HND Bussiness Computing, GNVQ IT, NVQ 1 & 2 IT, A+
 
Reply With Quote
  #4  
Old 13-May-2008, 06:35 PM
Mitzs's Avatar
Mitzs Mitzs is offline CertForums News Posting Member
Lifetime Member
Posts: 2,958
Points: 1995 Mitzs has over 1500 pointsMitzs has over 1500 pointsMitzs has over 1500 pointsMitzs has over 1500 pointsMitzs has over 1500 pointsMitzs has over 1500 pointsMitzs has over 1500 pointsMitzs has over 1500 pointsMitzs has over 1500 pointsMitzs has over 1500 pointsMitzs has over 1500 points
Power: 54
None
Join Date: 11 Apr 2005
Location: Tenneesse USA
Certifications: Microcomputers and network specialist.
What verision of VNC are you using? From what I am finding you should not use the free vnc for the internet. And you should use SSH to secure your network. I have 2 different google. I let you search though them.

Securing your VNC
http://www.google.com/search?hl=en&q=Securing+your+VNC

How to prevent hacking though the vnc

http://www.google.com/search?hl=en&q...though+the+vnc

Don't walk in front of me, I may not follow. Don't walk behind me, I may not lead. Walk beside me and just be my friend. (Old Irish Proverb)
 
Reply With Quote
  #5  
Old 13-May-2008, 07:15 PM
Sparky's Avatar
Sparky Sparky is online now
Premium Member
Posts: 4,996
Points: 2419 Sparky has over 2000 pointsSparky has over 2000 pointsSparky has over 2000 pointsSparky has over 2000 pointsSparky has over 2000 pointsSparky has over 2000 pointsSparky has over 2000 pointsSparky has over 2000 pointsSparky has over 2000 pointsSparky has over 2000 pointsSparky has over 2000 points
Power: 78
None
Join Date: 15 Dec 2005
Location: Scotland
Age: 29
Certifications: MSc MCSE MCTS N+ A+
WIP: Server 2008 upgrade & 70-284
Quote:
Originally Posted by shaggy View Post
Got a bit of a worrying problem, on 2 occasions I have been remotely controlled by an unknown person via vnc.

Crazy stuff!

What home setup do you have? Are you behind a firewall?

Me: You need to buy a couple of servers.
Customer: Whats wrong with the servers I have?
Me: Well, you dont have *any* servers just now.
Customer: WTF! I thought I did!
 
Reply With Quote
  #6  
Old 13-May-2008, 07:34 PM
hbroomhall hbroomhall is offline
Premium Member
Posts: 5,973
Points: 2032 hbroomhall has over 2000 pointshbroomhall has over 2000 pointshbroomhall has over 2000 pointshbroomhall has over 2000 pointshbroomhall has over 2000 pointshbroomhall has over 2000 pointshbroomhall has over 2000 pointshbroomhall has over 2000 pointshbroomhall has over 2000 pointshbroomhall has over 2000 pointshbroomhall has over 2000 points
Power: 85
None
Join Date: 08 Sep 2005
Location: Tunbridge Wells, Kent
Certifications: ECDL A+ Network+ i-Net+
WIP: Server+
VNC on its own should be behind a firewall as it is insecure.

The *only* way to run VNC safely is over SSH, and if you do that then it is safe.

To run the SSH server the easiest way is to run the cygwin version (which is free).

Harry

 
Reply With Quote
Post New ThreadReply Spread this thread: Submit this thread to digg Submit this thread to del.icio.us


Go Back   CertForums > Computing Support Forums > Security & Viruses
Reload this Page laptop compromised

« Previous Thread | Next Thread »

Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Intel wireless problem on laptop? dude182 Wireless Networking 4 24-Apr-2008 09:59 AM
Dead Laptop mojorisin Hardware & Upgrading 3 08-Apr-2008 06:08 PM
Laptop Batteries Fergal1982 Just for Laughs 1 20-Dec-2007 10:28 AM
Laptop TFT panel help TimoftheC Hardware & Upgrading 6 30-Nov-2007 01:16 AM


All times are GMT. The time now is 09:22 PM.

RSS Contact Us - Support Us - CertForums - Archive - Privacy Statement - Top
Powered by vBulletin® Version 3.6.10
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
CertForums.co.uk (C) copyright 2003-2007 All Rights Reserved. Content published on CertForums.co.uk requires permission for reprint.
Hosted by Lunarpages