omg, someone controlling my PC >.<'

V4NT0M

V4NT0M

V4NT0M

Soldato
Joined
18 Jan 2007
Posts
19,848
Location
Land of the Scots
So I was in bed and I awake to hear a loud voice coming from downstairs, at first I was like "WTF?" after a few seconds I realise it's coming from speakers. So I walk downstairs, wondering what the hell is going on. Cautiously wondering whether someone is in my house.

I get downstairs and there is my PC playing away some audio from a website popup (some guy selling something), I thought "DOH" but when I look at the other screen there's an open "administrator.rar" file and when I tried to move my mouse it was skipping around. I started to suspect something was up and then I saw it, the brigand was selecting all the files in this rar. Someone was in my house, but only metaphysically....

Instinct as it is I yanked out all my internet cables and set about a virus scan. The "andministrator.rar" contained html files with I-WORM/Nimda.A.HTM (apparently in the guise of a paypal page), the scan is still going now but I don't know where this could have come from.

So I need a little advice, currently have AVG running but if it was going to find it surely it would have stopped it from running. My PC does a scan every morning at 4AM too...

I did have VNC server running but in my instinctive cable yank I did not check whether that was where the connection originated. I cannot see any unusual processes at all.

Help a worried citizen! What would you do? What should I do?



Edit: It seems my VNC server keeps re-starting after I quit it, a sign?
 
they got in with vnc for sure. you can check this in your event logs. What version of vnc are you using? make sure it's up to date - use a strong password and change it from the default port...or turn it off if you don't need it.

it sounds like you got him before he did too much damage
 
http://www.malwarebytes.org/

Keep it updated ..May not be related to your problem but I did have my browser took over by an automated billing process,I tried them all as mentioned above no joy however malwarebytes Free edition got shut after a quick scan
 
hp7909 said:
Change AV to a better one like Kaspersky, etc.
Click to expand...

His AV isn't the problem and AVG is fine anyway, running VNC with a weak password is the problem. If you must use VNC use a long password with plenty of special characters in it and change the default port as someone else suggested.

To be honest if it was me I'd now rebuild the box from scratch, I've had so many issues clearing viruses that it is the easiest way to guarantee you are clean.
 
Yep sounds like VNC password was cracked. They can probably just scan the default port for open connections and try their luck. As mentioned; change the port and use a long password with letters and numbers.

Also get rid of AVG, it is very average going by independent AV tests.
 
AVG - first problem
VNC - second problem, I guess you forward a port straight to it from your router?


it's about 100000x safer to not foward a port, but to use hamachi & remotedesktop/vnc or logmein
 
bledd. said:
AVG - first problem
VNC - second problem, I guess you forward a port straight to it from your router?


it's about 100000x safer to not foward a port, but to use hamachi & remotedesktop/vnc or logmein
Click to expand...

This.

I've recently scrapped VNC for Logmein. 2 passwords to get into remote access is a lot safer than 1 :)
 
Do you have your pc on 24/7? Atleast if it was switched off at night you would know its safe and you can monitor it through the day?
 
Wow, I bet that was pretty spooky lol I'd have crapped my pants (I watch too many horror movies!)
 
Don't understand why people rag on AVG, I know recent updates have diminished it a bit, but it's still a quality free anti virus. I've used it for 6 or 7 years now and never had a problem with a virus. *touches wood* Its caught a couple before now with no issues at all. Don't go changing it if you like it, as has been said, its definitely not the problem here.

However, I will go back and change my VNC port - I have a server machine running 24/7 with VNC server. The password is strong, but I don't want to take any chances.
 
Qdos said:
Don't understand why people rag on AVG, I know recent updates have diminished it a bit, but it's still a quality free anti virus. I've used it for 6 or 7 years now and never had a problem with a virus. *touches wood* Its caught a couple before now with no issues at all. Don't go changing it if you like it, as has been said, its definitely not the problem here.

However, I will go back and change my VNC port - I have a server machine running 24/7 with VNC server. The password is strong, but I don't want to take any chances.
Click to expand...

Is your server directly exposed to the internet though? If you have a router and you haven't set up a forwarding rule then your server is safe from anything that isn't on you local LAN.
 
a1ex2001 said:
Is your server directly exposed to the internet though? If you have a router and you haven't set up a forwarding rule then your server is safe from anything that isn't on you local LAN.
Click to expand...

I was thinking this too. Is it a local server or do you access it from remote locations? Or are you on an shared network like a halls of residence or something? Also, what version of VNC were you using specifically?

Good job you had your speakers on and loud enough to hear, the guy could have completely cleared up after himself and you probably been non the wiser, a least for a while. Spooky. :o
 
a1ex2001 said:
Is your server directly exposed to the internet though? If you have a router and you haven't set up a forwarding rule then your server is safe from anything that isn't on you local LAN.
Click to expand...

It's forwarded through my router yes. Not sure which version I've got on it, will have a look when I home.
 
You must log in or register to reply here.
Back
Top Bottom