-
July 14th, 2008, 03:39 AM
#1
Member
Virus or ???
Hihi,
My parents computer running XP has started acting strangely. Unfortunately I can't see it in action as they're in a different state, but they say every now and then the mouse will start moving of it's own accord and go over and launch things from the start menu. It'll open a few things and then shut them down.
They've run a couple of different virus checkers and nothing came up. I've just sent them links to a couple of the free ones mentioned in these threads and I'll see if that turns anything up.
It sounds to me though as if someone's installed a VPN client - definitely not my parents as they're not computer savy. If so, that might be why it's not picked up as a virus signature i.e VPN client was installed and then the virus removed after installation.
Anyone familar with anything like this going on? and recommendations as to what they can look for - bearing in mind they're not computer savy (and I'm a Mac rather than PC person too which doesn't help matters).
Cheers,
Niggles
-
July 14th, 2008, 04:43 AM
#2
Check if their firewall (urrmm, they ARE running a firewall, right?) is allowing port 3389--the port for remote assistance. Check if this firewall is also allowing port 5900 (vnc) or 5800 (vnc java). Although VNC (similar to remote desktop) could be configged to listen on other ports, this would be a nice place to start looking.
Go to Control Panel, open up System, and click on the Remote tab. Uncheck both checkboxes, if checked.
-
July 14th, 2008, 05:04 AM
#3
Junior Member
Just curious, but what sort of apps are being opened and then closed? If somebody has set up something like vnc on their machine and is using it to control the box... what are they doing with it?
-
July 14th, 2008, 06:39 AM
#4
Member
All good questions - I'll ask tonight when I give them a ring - Dad at least understands what I'm trying to talk to him about when it comes to computers :-)
Cheers.
-
July 14th, 2008, 07:00 AM
#5
I dont think malware would phisically move the mouse.
I would also go with VNC and that line of software. My IT teacher in High school used to mess with everyone using VNC.
However if you have done the above requirements then run an activescan for me and post or pm me the logs.
http://www.pandasecurity.com/activescan/index/
The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
Albert Einstein
-
July 14th, 2008, 08:31 AM
#6
Hmmm,
It sounds as if they have a RAT (Remote Access Trojan) behind their arras? This will not neccessarily be identified as malware as there are perfectly legitimate remote access and remote desktop (support utilities).
POLONIUS [ behind the arras]. What, ho! help, help, help!
HAMLET [ draws]. How now, a rat? dead, for a ducat, dead.
He makes a pass through the arras
POLONIUS [ falls]. O, I am slain!
QUEEN. Oh me,what hast thou done?
HAMLET. Nay, I know not,
Is it the king?
He lifts up the arras and discovers Polonius, dead
QUEEN. O what a rash and bloody deed is this!
HAMLET. A bloody deed - almost as bad, good mother,
As kill a king, and marry with his brother.
QUEEN. As kill a king!
HAMLET. Ay, lady, it was my word....
[ to Polonius] Thou wretched, rash, intruding fool, farewell!
It would appear that this problem has been known since the days of William Shakespeare?
@Cider:
I dont think malware would phisically move the mouse
Yes it will, SubSeven, BackOrifice? the important bit is:
and go over and launch things from the start menu. It'll open a few things and then shut them down.
What Nukevil said, which you can also get to from a right click on <My Computer> then select <Properties>.
Also go into Windows Explorer: Right click on the hard drive(s)
<Properties>
<Sharing>
Check: "Do not share this folder"
<Apply>
CHANGE THE USER ACCOUNT NAMES AND PASSWORDS!!!!!!!
The only way to be certain is to reformat and reinstall everything
-
July 14th, 2008, 07:10 PM
#7
Hi there niggles,
I tend to agree with Nihil on this one and you can find a free tool for malware and adware here:http://www.mwti.net/products/mwav/mwav.asp
It is free to download by just giving a few details etc..I have used it numerous times and believe me it has saved me a bundle..
It,s fairly simple to use and i hope it helps.
cheers
vanman
Practise what you preach.
-
July 14th, 2008, 07:45 PM
#8
It sounds to me though as if someone's installed a VPN client
Maybe a server ?
... recommendations as to what they can look for
Start simple.
Have them do a search with explorer ( using admin account, which I hope they don't use everyday! )
for a folder or program
cygwin
I am guessing they have no use for it, and probably would not be picked up by virus scans, malware scans ( although it used to years ago. )
Using cygwin is only one way to take over a box, but a classic way!
" And maddest of all, to see life as it is and not as it should be" --Miguel Cervantes
-
July 14th, 2008, 11:20 PM
#9
Member
It turns out virtually all VNC and Remote Desktop options were on and the Firewall was allowing them through. They're all turned off now.
They said when the mouse moved it moved really quickly and didn't appear to have any pattern when opening and closing windows from the start menu - so it sounds something more scripted or automated than someone controlling it manually.
Will get them to use the other tools suggested since I replied yesterday and reset the user names and password.
Oh yes, they bought the computer second hand. And no, I didn't even bother to ask if they reformatted it completely - I already know the answer to that one :-)
Cheers,
Niggles
-
July 15th, 2008, 10:01 AM
#10
Taking an entirely different stance of things;
I have seen this exact problem before and it too puzzled me and the client. The problem resolved itself when the reception computer wireless mouse was replaced with a corded one.
Are you parents' computer using wireless keyboard and mouse? If so, i would wager your neighbours are also using a wireless mouse, inadvertently controlling the cursor on your parents' machine. As the neighbour moves his mouse and opens programs etc so too does your parents' machine.
Let me know if they are using a wireless technology of ANY kind to eliminate other possibilities. Otherwise, it may be a serious problem such as those already suggested.
CTO
"Any intelligent fool can make things bigger and more complex... It takes a touch of genius --- and a lot of courage to move in the opposite direction."
- Albert Einstein
Similar Threads
-
By E5C4P3 in forum AntiVirus Discussions
Replies: 12
Last Post: April 30th, 2013, 08:05 PM
-
By Spyder32 in forum The Security Tutorials Forum
Replies: 18
Last Post: September 3rd, 2004, 11:23 PM
-
By foxdie in forum AntiVirus Discussions
Replies: 11
Last Post: April 4th, 2004, 02:52 AM
-
By ahmedmamuda in forum AntiVirus Discussions
Replies: 2
Last Post: March 20th, 2002, 02:03 AM
-
By 3ntropy in forum AntiOnline's General Chit Chat
Replies: 10
Last Post: March 4th, 2002, 11:32 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|