1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

laptop compromised

Discussion in 'Computer Security' started by shaggy, May 13, 2008.

  1. shaggy

    shaggy Byte Poster

    Hi all, long time no speak

    Got a bit of a worrying problem, on 2 occasions I have been remotely controlled by an unknown person via vnc.

    Each time the person has opened up Task Manager, ended a few services and minimized it, then on one occasion they navigated to a website and started downloading something, but i had a mouse battle and cancelled it, eventually just whacked the power button

    Then, just now, about 2 weeks after the first attack, it happens again while im not looking, but this time they signed me out of MSN and started to type "\systemroute" in the username box, i quickly closed the VNC icon in the system tray and closed down task manager which was opened again.

    Ive done a full system virus scan, route kit scan, spyware scan, you name it, ive done it. no scary results though

    Its the latest version of VNC, downloaded about a month ago.

    How is someone doing this? and what can they do with \systemroute in the msn username field?:x

    Any ideas?

    Certifications: BND ICT Systems Support and Networking
    WIP: A+
  2. BosonMichael
    Highly Decorated Member Award

    BosonMichael Yottabyte Poster

    Having VNC installed is probably part of the problem. :D

    If you've been rootkitted, you won't see anything on a scan. I'd suggest backing up your data, formatting, and reinstalling from scratch.
    Certifications: CISSP, MCSE+I, MCSE: Security, MCSE: Messaging, MCDST, MCDBA, MCTS, OCP, CCNP, CCDP, CCNA Security, CCNA Voice, CNE, SCSA, Security+, Linux+, Server+, Network+, A+
    WIP: Just about everything!
  3. greenbrucelee
    Highly Decorated Member Award

    greenbrucelee Zettabyte Poster

    Are you wireless?

    Are you broadcasting your ip address?
    Certifications: A+, N+, MCDST, Security+, 70-270
    WIP: 70-620 or 70-680?
  4. Mitzs
    Honorary Member

    Mitzs Ducktape Goddess

    Certifications: Microcomputers and network specialist.
    WIP: Adobe DW, PS
  5. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator


    Crazy stuff!

    What home setup do you have? Are you behind a firewall?
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Office 365, Server 2016, CEH
  6. hbroomhall

    hbroomhall Petabyte Poster Gold Member

    VNC on its own should be behind a firewall as it is insecure.

    The *only* way to run VNC safely is over SSH, and if you do that then it is safe.

    To run the SSH server the easiest way is to run the cygwin version (which is free).

    Certifications: ECDL A+ Network+ i-Net+
    WIP: Server+

Share This Page