laptop compromised

Discussion in 'Computer Security' started by shaggy, May 13, 2008.

  1. shaggy

    shaggy Byte Poster

    174
    2
    20
    May 13, 2008 #1
    Remove Advertisement - Premium Membership
    Hi all, long time no speak

    Got a bit of a worrying problem, on 2 occasions I have been remotely controlled by an unknown person via vnc.

    Each time the person has opened up Task Manager, ended a few services and minimized it, then on one occasion they navigated to a website and started downloading something, but i had a mouse battle and cancelled it, eventually just whacked the power button

    Then, just now, about 2 weeks after the first attack, it happens again while im not looking, but this time they signed me out of MSN and started to type "\systemroute" in the username box, i quickly closed the VNC icon in the system tray and closed down task manager which was opened again.

    Ive done a full system virus scan, route kit scan, spyware scan, you name it, ive done it. no scary results though

    Its the latest version of VNC, downloaded about a month ago.

    How is someone doing this? and what can they do with \systemroute in the msn username field?:x

    Any ideas?

    Cheers
     
    Certifications: BND ICT Systems Support and Networking
    WIP: A+
  2. BosonMichael
    Honorary Member Highly Decorated Member Award 500 Likes Award

    BosonMichael Yottabyte Poster

    19,183
    500
    414
    May 13, 2008 #2
    Remove Advertisement - Premium Membership
    Having VNC installed is probably part of the problem. :D

    If you've been rootkitted, you won't see anything on a scan. I'd suggest backing up your data, formatting, and reinstalling from scratch.
     
    Certifications: CISSP, MCSE+I, MCSE: Security, MCSE: Messaging, MCDST, MCDBA, MCTS, OCP, CCNP, CCDP, CCNA Security, CCNA Voice, CNE, SCSA, Security+, Linux+, Server+, Network+, A+
    WIP: Just about everything!
  3. greenbrucelee
    Highly Decorated Member Award

    greenbrucelee Zettabyte Poster

    14,292
    265
    329
    May 13, 2008 #3
    Are you wireless?

    Are you broadcasting your ip address?
     
    Certifications: A+, N+, MCDST, Security+, 70-270
    WIP: 70-620 or 70-680?
  4. Mitzs
    Honorary Member

    Mitzs Ducktape Goddess

    3,286
    85
    152
    May 13, 2008 #4
    Certifications: Microcomputers and network specialist.
    WIP: Adobe DW, PS
  5. Sparky
    Highly Decorated Member Award 500 Likes Award

    Sparky Zettabyte Poster Moderator

    10,718
    543
    364
    May 13, 2008 #5

    Crazy stuff!

    What home setup do you have? Are you behind a firewall?
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) MS-900 AZ-900 Security+ Network+ A+
    WIP: Microsoft Certs
  6. hbroomhall

    hbroomhall Petabyte Poster Gold Member

    6,624
    117
    224
    May 13, 2008 #6
    VNC on its own should be behind a firewall as it is insecure.

    The *only* way to run VNC safely is over SSH, and if you do that then it is safe.

    To run the SSH server the easiest way is to run the cygwin version (which is free).

    Harry
     
    Certifications: ECDL A+ Network+ i-Net+
    WIP: Server+

Share This Page

Loading...
Remove Advertisement - Premium Membership
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...