 major marcoRes Firma Mitescere NescitPremium
join:2003-02-13
Stepford, CA
1 edit | reply to elias
Re: [Hacked] DarkMailer? Check the Events Viewer, then run an online scanner such as Trend Micro on the box to see if that yields anything. If you don't find anything suspicious then I would change everything on the system from router admin/pc log ins and everything in between until you determine exactly what happened. Does the box even have AOHell installed? I would think that would be a dead-giveaway right there as to what happened and a lesson not to use it anymore. Lastly, does she have all the latest Windoze security patches, including the latest VNC updates? If not, then you might want to strongly consider it.
--
Choose Net Neutrality or Lose It
21st C TechnoBarons.
Why Care About Media?
|
|
 eliasPremium,VIP
join:2000-07-24
Miami, FL
1 edit | said by major marco:Check the Events Viewer, then run an online scanner such as Trend Micro on the box to see if that yields anything. If you don't find anything suspicious then I would change everything on the system from router admin/pc log ins and everything in between until you determine exactly what happened. Does the box even have AOHell installed? I would think that would be a dead-giveaway right there as to what happened and a lesson not to use it anymore. Lastly, does she have all the latest Windoze security patches, including the latest VNC updates? If not, then you might want to strongly consider it. Yeah, I plan to disconnect it from the LAN and check Event Viewer and a few other places.
She does not have AOL or anything AOL-related. The only thing she uses is Yahoo! Messenger, but she never leaves it on. She only connects it when needed, and exits the program when done.
She has automatic updates enabled, etc. and I usually check-up on things for her. She also has Symantec AntiVirus Corp 10, with liveupdate set to check every day (or every hour). I doubt it coudl be a virus, but I'll do a full offline scan plus an online scan after.
Her RealVNC does not have the latest patch, as I wasn't aware that there was an updated version. Hers is from a few months ago. I'll be sure to update that.
I'm thinking of a few remedies:
Change the VNC Port
Put a more secure/strong VNC password
Change the RDC Port
Put a more secure/strong Win. password
Any other suggestions?
--
My Webmaster Gig | Crunching the Midnight Oil |
|
major marcoRes Firma Mitescere NescitPremium
join:2003-02-13
Stepford, CA | said by elias:Any other suggestions? All that's a good start but I would probably post to a more qualified usenet group to determine more info. Nobody seems to have much of an opinion around here. |
|
eliasPremium,VIP
join:2000-07-24
Miami, FL | reply to major marco
Does anyone know how the guy was able to do a file transfer? As far as I know, VNC doesn't have a built-in file transfer feature. So I'm wondering how he got that onto her My Documents folder.
--
My Webmaster Gig | Crunching the Midnight Oil |
|
|
|
| ftp ? or http. once he has the desktop he is you. |
|
eliasPremium,VIP
join:2000-07-24
Miami, FL | said by WeenieBoy:ftp ? or http. once he has the desktop he is you. Duh. Of course. I should have checked the history in IE/Fx.
--
My Webmaster Gig | Crunching the Midnight Oil |
|
| Have you checked to see if any other files have been deposited by the visitor ? |
|
eliasPremium,VIP
join:2000-07-24
Miami, FL | said by fatdcuk :
Have you checked to see if any other files have been deposited by the visitor ? I'm still searching the entire drive for all files modified on that day.
I found in the Internet Explorer history the site from which the file was downloaded. I'll post a screenshot later on.
--
My Webmaster Gig | Crunching the Midnight Oil |
|
