Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Virus
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: remotely took over computer

from [Thaddeus McNamara] Network Security [Permanent Link]
Subject: RE: remotely took over computer
Date: Fri, 10 Sep 2004 10:04:46 -0700 
If you ARE being exploited via RDP, I don't want to send you down the
wrong trail.  And the phantom typing does sound like VNC (RealVNC,
TightVNC, WinVNC), PC Anywhere, Remote Desktop, or GoToMyPC.  

Some other options to consider... You might be able to use these
resources to help clean out the programs being used to take over your
computer?

Software & info available @ http://allsecpros.com/ ...where you will
find HiJackThis, CWShredder, Spybot, etc.

Here's a couple of great antispyware support forums: 

How to remove spyware or a hijacker -
http://forums.spywareinfo.com/index.php?showtopic=227

HiJackThis Quick Start guide - http://tomcoyote.com/hjt/

TK

-----Original Message-----
From: Steven McLaughlin [mailto:steven.mclaughlin@adventi.com] 
Sent: Wednesday, September 08, 2004 8:56 AM
To: Nelson Sousa; nguyenkhoabcit@hotmail.com
Cc: focus-virus@securityfocus.com
Subject: RE: remotely took over computer


Sounds like you have RDP accepting incoming connections. Either that or
VNC.
Might have to just disable remote desktop. Check to see if this is
ticked in the remote tab of system properties. Also set strong passwords
on all accounts.

Some kiddie is probably scanning for RDP ports open on the internet and
connecting to your system remotely. He could be using the guest account
or some other account without a password.

Also check to see if RealVNC is installed.

Next time it happens you can shell to DOS and type netstat to see the
connections including attackers IP address.

steve mclaughlin | adventi it
0845 658 2080 | F 0131 623 7279
E stevenm@adventi.com | W www.adventi.com
(MCSE:Security, CCNA, Security+, A+, Network+, Server+)

 


-----Original Message-----
From: Nelson Sousa [mailto:nelson@dismel.pt] 
Sent: 07 September 2004 12:19
To: nguyenkhoabcit@hotmail.com
Cc: focus-virus@securityfocus.com
Subject: Re: remotely took over computer


Hi!

You can have installed any kind of trojan horse, spyware, etc.
To get rid of it remember one thing: You cannot trust the results of any

scan performed in your computer with software installed or updated AFTER
the 
infection ocurred!

So, I think the best thing is: get a not-so-popular anti-virus software
and 
update files (download it from another computer and get it on a CD); get
a 
spyware scanner (I use SpyBot) and update files and get that on a CD
also;

Reboot your machine and keep it disconnected from the network; install
and 
update both AV and spyware scanner; scan your system. Hopefully one of
the 
scanners (maybe both) will detect numerous infections. If not, then you 
might have a problem, as you need to ID your infection before deciding
your 
course of action. So, take note of the exact symptoms and search AV
sites 
and anti-spyware sites and look for those (start with the most common 
infections). After IDing it look at the infection spots and clean them
up 
manually.

Remember that installing anti-spyware or AV software in an infected
machine 
makes the software unreliable! Specially AV's like Mcafee or Symantec's
that 
are attacked by most trojans and worms. Also Ad-aware is attacked by
spyware 
like CoolWWWSearch making it unreliable. Also there are lots of 
"anti-spyware scanners" that are actually spyware programs that try to
clean 
malware from your computer only to install other kinds of malware on a
clean 
environment! Never trust the spyware sites you find in Google's
sponsored 
links!

Regards,

Nelson




"nguyen khoa" <nguyenkhoabcit@hotmail.com> 9/2/2004 4:01:42 AM >>>

Hi all,

I have a bit of a problem. I just bought a new computer and it seems

that

any time I get on the internet, somebody is able to take over the

control 

of
my computer

For example: when I am typing an email using Yahoo mail, somebody took



over
my computer and I saw them typing something else??

I installed NoAdware then  scaned my computer ->no infection

Is there anything else I can do?

Thanks

_________________________________________________________________
Take charge with a pop-up guard built on patented Microsoft(r)

SmartScreen

Technology


http://join.msn.com/?pgmarket=en-ca&page=byoa/prem&xAPID=1994&DI=1034&SU
=http://hotmail.com/enca&HL=Market_MSNIS_Taglines

 Start enjoying all the benefits of MSN(r) Premium right now and get

the

first two months FREE*.






---------------------------------------------------
This email from dns has been validated by dnsMSS Managed Email Security
and is free from all known viruses.

For further information contact email-integrity@dns.co.uk
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Shutdown from NT-AUTHORITY\... = virus/attack?, Bruce Martins
Next by Date:  Re: Shutdown from NT-AUTHORITY\... = virus/attack?, Ansgar -59cobalt- Wiechers
Previous by Thread:  RE: remotely took over computer, Steven McLaughlin
Next by Thread:  svcnxp32.exe ring a bell with anyone?, Jes
Indexes:  [Date] [Thread] [Top] [All Lists]