On Thursday 09 November 2006 20:07, Robin Hill wrote: > On Thu Nov 09, 2006 at 08:54:52PM +0200, Craig Fitt wrote:
> > I had VNC free edition running on a server of one of my clients, about > > 1month ago, I noticed someone was logging in and running scripts getting > > past all passwords, it was also happening to other clients of mine. The > > task were like get wintask32.exe etc etc. Google (who is your friend) shows that wintask32.exe is a worm that can be cleaned automatically using different antivirus applications and remover scripts, or even manually (if you have the patience). In case this was a typo, wintsk32.exe is a trojan which can be removed in a similar fashion. > Presumably this was on version 4.1 or 4.1.1? > > > I know have a problem on the one server where when I startup windows > > after about 5min a script runs that I cant even see, and every 3-4 hours > > a process > > starts called vnc_bypath.exe which hogs my bandwidth and I either need to > > restart the server or end the process and then everythings work on the > > internet again. Google again, reveals this: http://www.securigo.com/VNC-advisory.htm > > Is there anyway to resolve this? > > Well, to be quite frank, the only way you can be sure you've got rid of > any malware on there is to backup, wipe & reinstall. You can then > restore any needed files (making sure to virus scan them!). > > If this is not an option, then you'll have to boot from CD or another > disk (to prevent any malware loading at bootup), then run whatever virus > scanners, rootkit checkers, spyware removers, etc. you can find. If these were my machines I would definitely reformat and reinstall, then lock down each computer before I connected them to the Internet. I always use VNC through ssh tunnel, with secure key authentication and to my knowledge have not had any compromised cases to date. The VNC documentation is the best place to start. Good luck. -- Regards, Mick [demime 1.01d removed an attachment of type application/pgp-signature] _______________________________________________ VNC-List mailing list VNC-List@realvnc.com To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
