computer hacked through VNC

Discussion in 'Computer Support' started by tarun.khurana@gmail.com, Oct 18, 2006.

  1. Guest

    I was unaware that VNC connection is not secure without secure
    tunneling, and was running on one of my machines for remote connection.
    I realized that my computer was hacked into through VNC, and files like
    "winserv.exe", "bw.exe" and some other exe files were transferred on my
    machine (on my desktop). An IRC client was also installed on the
    machine.
    I also had zone alarm installed and running, but the hacker managed to
    get in since VNC server was always running. I stopped VNC immediately
    after i realized this and I haven't noticed any more suspicious
    activity since then.
    I am now running scans with Norton Antivirus and Spysweeper, but i'm
    not sure if that's good enough. Could anyone recommend me as to what
    could be done, besides reinstalling windows?

    Thanks
    Tarun
    , Oct 18, 2006
    #1
    1. Advertising

  2. Guest

    Hi!

    > I was unaware that VNC connection is not secure without secure
    > tunneling, and was running on one of my machines for remote connection.


    That I find interesting. I think I once read somewhere that while the
    screen exchange is not protected in any way, the password exchange is.
    (Of course, I have a dim memory of someone saying that the password
    exchange method was 'breakable'.)

    > Could anyone recommend me as to what could be done, besides
    > reinstalling windows?


    Reinstalling Windows is going to be your best bet and the only way
    you'll ever be able to trust the machine again. Once a machine has been
    compromised, you can only guess at what's been done, and even the best
    anti-virus/anti-intrusion tools can find so much if the machine has
    been "rooted".

    If you really don't want to do that, then sure, go ahead and run
    anti-virus scans. Looking around with SysInternals' Rootkit Revealer
    might find something, but--again--you can't be sure that you've gotten
    everything.

    What must be stressed here is **you have been warned** if you elect to
    continue using the computer in its present state. It cannot be trusted
    and shouldn't be used for anything you don't want to become public
    knowledge or that could be used to commit fraudulent acts with your
    information.

    William
    , Oct 18, 2006
    #2
    1. Advertising

  3. enlightened us 24hoursupport.helpdesk-(ab)users
    with:

    > I was unaware that VNC connection is not secure without secure
    > tunneling, and was running on one of my machines for remote
    > connection. I realized that my computer was hacked into through VNC,
    > and files like "winserv.exe", "bw.exe" and some other exe files were
    > transferred on my machine (on my desktop). An IRC client was also
    > installed on the machine.
    > I also had zone alarm installed and running, but the hacker managed to
    > get in since VNC server was always running. I stopped VNC immediately
    > after i realized this and I haven't noticed any more suspicious
    > activity since then.
    > I am now running scans with Norton Antivirus and Spysweeper, but i'm
    > not sure if that's good enough. Could anyone recommend me as to what
    > could be done, besides reinstalling windows?
    >

    Get a cheap NAT router first, as additional protection. But you should
    know, it does not protect against outgoing connections.
    A professional approach to investigate would be to use a linux box setup
    as application proxy (transparent squid with logging turned on, and
    have enough spare time to investigate, e-mail with logging and
    scanning) and disallow any direct outgoing connnection, instead log all
    attempts.
    Change all passwords you once typed in on that computer, best from
    another one that (hopefully) is not compromised.
    Reset your security sensitive settings such as windows firewall (and
    maybe zonealarm) to defaults.
    Create a new user account on windows, and carefully delete the old
    profile.
    If you have used vnc running as local admin, you'd better format and
    reinstall.

    --
    vista policy violation: Microsoft optical mouse found penguin patterns
    on mousepad. Partition scan in progress to remove offending
    incompatible products. Reactivate MS software.
    Linux 2.6.17-mm1,Xorg7.1/nvidia [LinuxCounter#295241,ICQ#4918962]
    Walter Mautner, Oct 19, 2006
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Headtheball

    vnc/firewall configuration

    Headtheball, Jul 14, 2004, in forum: Wireless Networking
    Replies:
    5
    Views:
    16,350
    arsene.mirro
    Jul 2, 2009
  2. =?Utf-8?B?aXMgVGVybWluYWwgc2VydmVycyBjb21wYXRpYmxl

    Terminal services and VNC

    =?Utf-8?B?aXMgVGVybWluYWwgc2VydmVycyBjb21wYXRpYmxl, Jan 13, 2005, in forum: Wireless Networking
    Replies:
    2
    Views:
    7,389
    =?Utf-8?B?U3RldmU=?=
    Feb 3, 2005
  3. Michael Shiah
    Replies:
    0
    Views:
    747
    Michael Shiah
    Mar 17, 2005
  4. Tracker

    Sign To Look For If Your Computer Is Hacked

    Tracker, Jul 21, 2003, in forum: Computer Security
    Replies:
    29
    Views:
    43,808
    Bryce
    Jul 28, 2003
  5. Jene Keller

    To Saint - Signs To Look For If Your Computer Is Hacked

    Jene Keller, Nov 4, 2003, in forum: Computer Security
    Replies:
    8
    Views:
    2,449
    aaelanarneaud
    Dec 3, 2008
Loading...

Share This Page