Computer Hope

Software => Computer viruses and spyware => Topic started by: pritesh22 on June 21, 2009, 10:43:25 AM

Title: PC under attack?
Post by: pritesh22 on June 21, 2009, 10:43:25 AM

(http://img155.imageshack.us/img155/2950/90509521.th.gif) (http://img155.imageshack.us/i/90509521.gif/)

(http://img155.imageshack.us/img155/7459/12590680.th.gif) (http://img155.imageshack.us/i/12590680.gif/)


I was literally flooded with these requests. It happened after I installed UltraVNC and stopped my firewall just for a brief period to test my connection problem with my iphone with WinVNC (it was only for about 10 seconds max)... I stopped WinVNC right now but I'm still getting these wild requests, not as fast as before though (thankfully they're blocked).

Did someone manage get a hold of my network? Or are these requests friendly? Since I dint quite understand the "personal policy" in zonealarm...

I just disabled WinVNC and UltraVNC from zonealarm as trusted, but I'm still getting requests...


HJT didn't pick up anything unusual.


Anyone know what might be causing this?

WinXP SP3, AVG 8.5 (scanning right now, 33mins gone, is at docu and settings and nothing found so far), cleared cookies and cache via CCleaner as well.

Thanks for your time.

Title: Re: PC under attack?
Post by: pantherman on June 21, 2009, 11:07:01 AM

While waiting for an expert to reply it is worth working through the link below.

http://www.computerhope.com/forum/index.php/topic,46313.0.html

Title: Re: PC under attack?
Post by: DaveLembke on June 23, 2009, 02:16:05 PM

VNC can be a dangerous utility on your system..... reason being BlackVNC the hackers way to access your computer that is running an older copy of VNC which they dont even need a password to connect.

I had a web server get nailed by BlackVNC attack once. I was going to use VNC to remote access my web server, and a hacker got right on in past ZoneAlarm with no problems because the BlackVNC uses same ports etc which are added to exclusion list.

My solution was to go with RDP instead and change the Remote Desktop Terminal Services RDP Port from 3389 to an alternate port of choice such as 8080 to hide my server from attacks to default port probes.

http://www.youtube.com/watch?v=I0_dkktUvDY (http://www.youtube.com/watch?v=I0_dkktUvDY)

Above is a video showing Black VNC Attack a hacked copy of the Open Source VNC that doesnt need any passwords.

I would suggest using Remote Desktop and change port to something other than 3389 to use that instead. With that setup I havent had any issues and traffic is encrypted.

VNC on a system is just waiting for an attack, and you are seeing port probes for it.