Jump to content

Need Help Figuring Out How Home PC Was Hacked...


panther

Recommended Posts

While at the office this morning, I called my wife at home to check in... she immediately asks me if I am goofing around on the Home PC, to which I responded, "No." After convincing her that it was not me (as I do use VNC a bunch), she tells me that IE7 is up accessing www.paypal.com, and the PC is being remotely controlled.

I immediately jumped on VNC and logged in remotely to see what was going on. I found pspv.exe running, exposing a bunch of our Auto Complete passwords. In a panic, I quickly shut down the Home PC until I could get home to take a look. I then changed a bunch of our passwords at PayPal, eBaY, etc.

I looked the WindowsPrefetch folder and found the following interesting executables were run around that time:

1. pspv.exe

2. mailpv.exe

3. syslogger.exe

I read about pspv.exe and mailpv.exe on the Nirsoft website. I couldn't find any info on syslogger.exe.

My question is how could someone remotely access our PC to run these? Could it simply have been VNC? If so, how did they get our Public IP Address and learn the VNC password? Could it have been AIM (which was also running at the time)? What can I do to prevent this in the future?

Sorry for all the newbie questions! Thanks for any suggestions!

Link to comment
Share on other sites

My question is how could someone remotely access our PC to run these? Could it simply have been VNC? If so, how did they get our Public IP Address and learn the VNC password? Could it have been AIM (which was also running at the time)? What can I do to prevent this in the future?

'They' probably found it by scanning ISP IP Blocks. 'They' either got in by brute force/dictionary attack or a vulnerability in the VNC service it's self. You can stop this by not exposing VNC to the Internet (which is a very dangerous/stupid thing to do, particularly when not done threw a VPN).

Link to comment
Share on other sites

Can I asked why you had your browser auto saving stuff while the same account is accessible over the Internet? It just seems to me like a obvious thing that, even some one who doesn't understand the Internet would realise, is a big no no.

Link to comment
Share on other sites

Can I asked why you had your browser auto saving stuff while the same account is accessible over the Internet? It just seems to me like a obvious thing that, even some one who doesn't understand the Internet would realise, is a big no no.

Convenience I bet. When the browser asks you to remember that stuff, it's very tempting for a user to let the browser deal with those pesky passwords so you don't have to. It's a bad thing to do, but some people couldn't use a computer without it.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...