What Just Happened? Vnc Got Hacked?
Let me start off by saying how embarassed I am to be asking this question… I was setting up vnc between a work laptop and my home PC and my 2nd or 3rd test connection to my local PC my run box pops up and populates the command:
“http://198.78.81.43/kr0nartist/nudes.…
And my mouse begins to move and clicks on the run and begins moving to maximize IE and run it’s “nudes.exe”.
So what’s the deal? I’m behind a router, I’ve got my NOD32 live 24/7, and I’m forwarding only 3 ports, aside from the defautls. Sounds like my VNC authentication didn’t work too well and someone snuck in. I instantly killed my connections and everything was fine. Suggestions?
»J
(Sad part being that I’m a computer forensics/security major, guess I’m just trying to digest why/how this happened.)
J,
I had the same thing happen on the same day. I’m running Win2k SP4 with AVG Anti virus. I just happened to have a public IP for the day rather than behind a firewall.
There were a couple other files he downloaded. These were a compilation of IRC bots and remote admin tools. One in particular was very advanced and hasn’t been detected by any anti virus I’ve tried including AVG, Sophos, KAV, and Avast.
I noticed a few system changes to my OS as well. It kept crashing so I did a scan using sysinternals root kit revealer and found many files that aren’t recognized by the windows API. Doesn’t seem to be using NTFS Streams, but it hid a couple files from view. My system is down now or I would give you the file names.
Quick Note…. BACK UP YOUR FILES NOW!!!!!!
I noticed that kernel32.dll had been modified, so this may be a new rootkit. I’d recommend either replacing your kernel from a similar system. (check file dates) or reinstall your OS all together. It’s just not worth being compromised like that.
Go to sysinternals.com and download their rootkitrevealer to see if there are some nasties. I’ve found if I used AVG monitoring the FS at the time rootkitrevealer is scanning, AVG will pick up the hidden files. Otherwise these two files are hidden from AVG. KAV is the most advanced antivirus out there now if you want to run that instead. It might pick up more durring the rootkit scan.
Good luck and let me know how it goes. Post here the results.
P.S. In the future, it’s a good idea to break the link you post if it’s to a malicious website. Add spaces or &&&&s to the domain part of it.
Cheers,
Cliff
Dear,
Step 1: Download and install AVG Antispyware from http://www.ewido.net and update it.Then run a complete scan and delete whole bugs found.Your problem will get solved.100% Guranteed !
Still problem persists means..continue to..
Step 2: Download and install Norton Antivirus and run a full system scan and delete the whole bugs found.
In case of further issues regarding computers & internet dont forget to contact via…
Yahoo! Groups
vijaysomanath – Customer Support Knowledge Database,http://tech.groups.yahoo.com/group/vijay…
¤ Regards, vijaysomanath
¤ http://www.spaces.msn.com/vijaysomanath
¤ Copyright © 1999-2006 vijaysomanath. All rights reserved.
try installing AVAST (free for personal use).