weird behavior

Diogo xuxubidu "at" yahoo.com
Tue Sep 26 17:01:01 2006 

Hello Ritu,

I'm glad you talked about this issue! I have EXACTLY the same problem!

I have to check my vnc version, i think it's previously to the 4.1.2. also it's the free edition. I also had kaspersky anti-virus and outpost firewall.

Also, I have an app called htthost running in my machine and use vnc viewer to connect to the host, that it redirects to 127.0.0.1

The symptoms of the entering was:

command prompt was opened by the "Start->Run->cmd"
The user also was trying to execute the app msqrsm.exe directly in the command prompt, which doesn't exist in my machine, neither elsewere (i googled and couldn't find it!). So as he/she couldn't get the app, he tryied to get it through ftp!! The weird stuff, was that I had vnc viewer running, so he couldn't be entering by vnc app, because I think you can't have more than a user connecting to the server at the same time with the free edition.
One time the user tryied my the same way "Start->Run->" execute a website to download a kind of vnc app!! So by this time I was pretty sure that wasn't the vnc app that he was using for accessing my machine!

After this behavior, I upgraded Kaspersky anti-virus, and installed the ZoneAlarm Security Suite. I also changed my vnc password to a simple one, just for testing!

By a few days none of this behavior of command prompt or something suspicious was found! But yesterday I really saw someone accessing my PC through VNC, he still had time to move the mouse, shut down an application, confirm by pressing the "Yes" button to really shut down this app, and then I shut down vnc server!!

I'm gonna change the vnc server password to a more secure one, but I have no idea how to stop this!! also, it's not any kind of ad-ware, spyware, nor virus, or an unauthorized intrusion, so neither the firewall or the anti-virus will detect any suspiciously behavior!!

Does anyone else had found this issue? Do you know how to solve it?

Thank You,


Ritu Sinha <ritu2p "at" yahoo.com> wrote: I know for sure that no one is physically typing those commands on the remote machine. There is a monitor connected and I have a couple of guys watching the screen as I walk them through a demo. The sneak activity is the same each time ... Start --> Run --> "cmd" --> 

Thanks,
Ritu

"Kumar, Siva"  wrote: Does anyone have physical access to the XP box? In Windows the display
shown by VNC is the same display shown on the monitor. So if a monitor
is connected to the box, all your actions can be seen and the kbd/mouse
attached to the box can be used for input.

-siva

-----Original Message-----
From: vnc-list-admin "at" realvnc.com [mailto:vnc-list-admin "at" realvnc.com] On
Behalf Of Ritu Sinha
Sent: Tuesday, September 26, 2006 10:03 AM
To: vnc-list "at" realvnc.com
Subject: weird behavior

I have VNC server 4.1.2 installed on a remote machine running XP. I have
used it for a few months and it has worked great. But recently, whenever
I connect to this machine using the VNC Client, after sometime, it seems
like someone else sneaks in and starts running the command prompt. I
have to kill the VNC server to stop any damages. One time, I stayed on
long enough to see that an "ftp" command was getting typed on the
command prompt. I have set up the server with password authentication.

Has anyone else seen this behavior? Any help or pointers will be greatly
appreciated.

--Ritu

   
---------------------------------
Talk is cheap. Use Yahoo! Messenger to make PC-to-Phone calls.  Great
rates starting at 1"/min.
_______________________________________________
VNC-List mailing list
VNC-List "at" realvnc.com
To remove yourself from the list visit:
http://www.realvnc.com/mailman/listinfo/vnc-list


Confidentiality Notice
This e-mail (including any attachments) is intended only for the recipients named above. It may contain confidential or privileged information and should not be read, copied or otherwise used by any other person. If you are not a named recipient, please notify the sender of that fact and delete the e-mail from your system.
_______________________________________________
VNC-List mailing list
VNC-List "at" realvnc.com
To remove yourself from the list visit:
http://www.realvnc.com/mailman/listinfo/vnc-list


   
---------------------------------
Talk is cheap. Use Yahoo! Messenger to make PC-to-Phone calls.  Great rates starting at 1"/min.
_______________________________________________
VNC-List mailing list
VNC-List "at" realvnc.com
To remove yourself from the list visit:
http://www.realvnc.com/mailman/listinfo/vnc-list


 				
---------------------------------
Want to be your own boss? Learn how on  Yahoo! Small Business.