1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

laptop compromised

Discussion in 'Computer Security' started by shaggy, May 13, 2008.

  1. shaggy

    shaggy Byte Poster

    174
    2
    20
    Hi all, long time no speak

    Got a bit of a worrying problem, on 2 occasions I have been remotely controlled by an unknown person via vnc.

    Each time the person has opened up Task Manager, ended a few services and minimized it, then on one occasion they navigated to a website and started downloading something, but i had a mouse battle and cancelled it, eventually just whacked the power button

    Then, just now, about 2 weeks after the first attack, it happens again while im not looking, but this time they signed me out of MSN and started to type "\systemroute" in the username box, i quickly closed the VNC icon in the system tray and closed down task manager which was opened again.

    Ive done a full system virus scan, route kit scan, spyware scan, you name it, ive done it. no scary results though

    Its the latest version of VNC, downloaded about a month ago.

    How is someone doing this? and what can they do with \systemroute in the msn username field?:x

    Any ideas?

    Cheers
     
    Certifications: BND ICT Systems Support and Networking
    WIP: A+
  2. BosonMichael
    Highly Decorated Member Award

    BosonMichael Yottabyte Poster

    19,136
    462
    374
    Having VNC installed is probably part of the problem. :D

    If you've been rootkitted, you won't see anything on a scan. I'd suggest backing up your data, formatting, and reinstalling from scratch.
     
    Certifications: CISSP, MCSE+I, MCSE: Security, MCSE: Messaging, MCDST, MCDBA, MCTS, OCP, CCNP, CCDP, CCNA Security, CCNA Voice, CNE, SCSA, Security+, Linux+, Server+, Network+, A+
    WIP: Just about everything!
  3. greenbrucelee
    Highly Decorated Member Award

    greenbrucelee Zettabyte Poster

    14,283
    254
    329
    Are you wireless?

    Are you broadcasting your ip address?
     
    Certifications: A+, N+, MCDST, Security+, 70-270
    WIP: 70-620 or 70-680?
  4. Mitzs
    Honorary Member

    Mitzs Ducktape Goddess

    3,282
    73
    152
    Certifications: Microcomputers and network specialist.
    WIP: Adobe DW, PS
  5. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,189
    296
    319

    Crazy stuff!

    What home setup do you have? Are you behind a firewall?
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  6. hbroomhall

    hbroomhall Petabyte Poster Gold Member

    6,623
    115
    224
    VNC on its own should be behind a firewall as it is insecure.

    The *only* way to run VNC safely is over SSH, and if you do that then it is safe.

    To run the SSH server the easiest way is to run the cygwin version (which is free).

    Harry
     
    Certifications: ECDL A+ Network+ i-Net+
    WIP: Server+

Share This Page

Loading...