Jump to content



Photo
- - - - -

Someone just took control of my computer while I was using it


  • Please log in to reply
4 replies to this topic

Poll: Should I be worried?

Should I be worried?

You cannot see the results of the poll until you have voted. Please login and cast your vote to see the results of this poll.
Vote Guests cannot vote

#1 goku31640

goku31640

    CAG Veteran

  • CAGiversary!

Posted 20 April 2010 - 08:39 AM

I was on my computer reading an article on the web, and out of nowhere my mouse starts moving on its own. I was freaking out, because it has never done that, and I thought it was a ghost or something (I know im dumb) but then I noticed that my VNC client turned black at the bottom which meant someone was controlling it remotely.

He opened up the Command Promt; Now, the only thing he was able to type was "ipconfi" and I know where that was going, so I attempted to shut down the client, but it asked me for a password ( which it has never done before) the one freaking time that I need it to shut down quickly, it takes its sweet time by asking me for a password.

The intruder was able to open it up and look for about 2-3 seconds before I finally shut him down. I just don't understand, I have windows firewall turned on, and my linksys hardware firewall is on.

This all just happened literally like 3 minutes ago.

The intruder already had access to my computer, yet he wanted my Internet IP Address?
He was already in my system, why would he need that info?

There is no way a normal human being could read an ip address that fast, my only concern is that he screen capped before i disconnected him, because it was fairly obvious that I was in front of my computer by the time I disconnected it.

Any advice, or does anybody see a reason as to why he needed my ip address?
Or is there anyway to find out the ip address of the person?

#2 SpazX

SpazX

    13 Billion Years in the Making

  • CAGiversary!

Posted 20 April 2010 - 12:18 PM

The client should have a log of incoming IPs. Of course they could just be using a proxy anyway. I don't see what nefarious deeds they would need to open ipconfig for anyway, if they got on your computer I'd think they already had the external IP. Maybe it wasn't a hacker and they just connected to the wrong computer?

Posted Image


#3 mtxbass1

mtxbass1

    This space for rent.

  • CAGiversary!

Posted 20 April 2010 - 12:31 PM

It sounds to me like you need a stronger VNC password, or to disable it when you know you won't be using it.



#4 naiku

naiku

    ¯\_(ツ)_/¯

  • CAGiversary!

Posted 20 April 2010 - 05:34 PM

for most applications windows firewall opens ports (holes) to allows access to those programs. It makes the application work. I would update your vnc & change your password.

Doesn't VNC have a log for connections?
check the ip that connected to your computer, see if any failed password attempt. If he got in on 1 shot...most likely there is an exploit for the version of vnc you are running.

to be safe just uninstall vnc until its needed....

The reason he checked your ip address is to first understand if you are behind a firewall like you said you are. You have a private address ie 10.x.x.x or 172.16.x.x, 192.168.x.x this tells the person, there is a box between him and you & there could be other assets on the private network which your computer may be able to access. it could be other pcs, servers, etc.
Posted Image

#5 goku31640

goku31640

    CAG Veteran

  • CAGiversary!

Posted 20 April 2010 - 06:18 PM

Thanks for the replies, I rarely use vnc on my main computer, so I just un-installed it all together. I kept it on my server, but disabled http access. It just freaked me out. I really have nothing to hide on my computer, I just did a fresh install about 5 days ago, but I do have most of my passwords kept in a password manager (with an impossible to crack password) Oh well, I guess no harm done.

BTW I checked the vnc log and it was empty. No trace whatsoever.