Sounds like you have RDP accepting incoming connections. Either that or
VNC.
Might have to just disable remote desktop. Check to see if this is
ticked in the remote tab of system properties. Also set strong passwords
on all accounts.
Some kiddie is probably scanning for RDP ports open on the internet and
connecting to your system remotely. He could be using the guest account
or some other account without a password.
Also check to see if RealVNC is installed.
Next time it happens you can shell to DOS and type netstat to see the
connections including attackers IP address.
steve mclaughlin | adventi it
0845 658 2080 | F 0131 623 7279
E stevenm@adventi.com | W www.adventi.com
(MCSE:Security, CCNA, Security+, A+, Network+, Server+)
-----Original Message-----
From: Nelson Sousa [mailto:nelson@dismel.pt]
Sent: 07 September 2004 12:19
To: nguyenkhoabcit@hotmail.com
Cc: focus-virus@securityfocus.com
Subject: Re: remotely took over computer
Hi!
You can have installed any kind of trojan horse, spyware, etc.
To get rid of it remember one thing: You cannot trust the results of any
scan performed in your computer with software installed or updated AFTER
the
infection ocurred!
So, I think the best thing is: get a not-so-popular anti-virus software
and
update files (download it from another computer and get it on a CD); get
a
spyware scanner (I use SpyBot) and update files and get that on a CD
also;
Reboot your machine and keep it disconnected from the network; install
and
update both AV and spyware scanner; scan your system. Hopefully one of
the
scanners (maybe both) will detect numerous infections. If not, then you
might have a problem, as you need to ID your infection before deciding
your
course of action. So, take note of the exact symptoms and search AV
sites
and anti-spyware sites and look for those (start with the most common
infections). After IDing it look at the infection spots and clean them
up
manually.
Remember that installing anti-spyware or AV software in an infected
machine
makes the software unreliable! Specially AV's like Mcafee or Symantec's
that
are attacked by most trojans and worms. Also Ad-aware is attacked by
spyware
like CoolWWWSearch making it unreliable. Also there are lots of
"anti-spyware scanners" that are actually spyware programs that try to
clean
malware from your computer only to install other kinds of malware on a
clean
environment! Never trust the spyware sites you find in Google's
sponsored
links!
Regards,
Nelson
"nguyen khoa" <nguyenkhoabcit@hotmail.com> 9/2/2004 4:01:42 AM >>>
Hi all,
I have a bit of a problem. I just bought a new computer and it seems
that
any time I get on the internet, somebody is able to take over the
control
of
my computer
For example: when I am typing an email using Yahoo mail, somebody took
over
my computer and I saw them typing something else??
I installed NoAdware then scaned my computer ->no infection
Is there anything else I can do?
Thanks
_________________________________________________________________
Take charge with a pop-up guard built on patented Microsoft(r)
SmartScreen
Technology
http://join.msn.com/?pgmarket=en-ca&page=byoa/prem&xAPID=1994&DI=1034&SU
=http://hotmail.com/enca&HL=Market_MSNIS_Taglines
Start enjoying all the benefits of MSN(r) Premium right now and get
the
first two months FREE*.
---------------------------------------------------
This email from dns has been validated by dnsMSS Managed Email Security and is
free from all known viruses.
For further information contact email-integrity@dns.co.uk
