Yes, I do. It's the sysadmin who allows everyday users to run with admin rights, and has cmd.exe enabled for such users!
>From a safe box run on the infected computers run something like: netsh interface ip show tcpconn Ditto but for udpconn. Check each and every suspect IP address shown. Use DNS Stuff or CompleteWhois (google for these and other similar services) to find out who the offending address belongs to. Block outgoing connections to suspicious addresses at the firewall and router. Use netstat -ano to see which PIDs are connecting to such addresses. Try taskkill /pid <number> to stop all malware executables. Use any tools offered by antivirus vendors to remove associated rootkits, trojans and viruses and consider following any manual removal instructions in case the trojans have mutated to different executables and filesystems (personally, I would reinstall - full stop.) Next time you decide to open ports at your router/firewall and, or run VNC, follow some basic protection measures: Use strong MS Windows admin and plain user passwords (if you're paranoid anything up to 14 characters long would be good enough) with *random* upper case letters, lower case letters, numbers and symbols. Forward ports across routers and software firewalls *only* to/from the machines that you want to establish a connection with - not the whole wide web of hackers and crackers. Buy, yes pay-some-money, for more secure authentication VNC versions like Personal and Enterprise editions, OR learn how to set up SSH tunnelling between machines with secure key authentication only and forward the VNC port through the SSH tunnel. Wherever you use passwords, e.g. VNC server, also make them as strong as possible (but respect maximum length allowed where required). Only run with plain user rights and elevate your privileges to administrative level using 'Run as', when you have to. You will be much-much safer if you follow the above steps. I hope this helps. On Wednesday 14 February 2007 22:50, [EMAIL PROTECTED] wrote: > > TheTeck wrote: > > I have latest version 4.1.2 > > Geez...that's scary!! > > Do you know the security bug used to get in?... > > > jcn50. > _______________________________________________ > VNC-List mailing list > VNC-List@realvnc.com > To remove yourself from the list visit: > http://www.realvnc.com/mailman/listinfo/vnc-list -- Regards, Mick [demime 1.01d removed an attachment of type application/pgp-signature] _______________________________________________ VNC-List mailing list VNC-List@realvnc.com To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
