Someone just took control of my computer while I was using it

G

goku31640

CAGiversary!
Feedback
1 (100%)
I was on my computer reading an article on the web, and out of nowhere my mouse starts moving on its own. I was freaking out, because it has never done that, and I thought it was a ghost or something (I know im dumb) but then I noticed that my VNC client turned black at the bottom which meant someone was controlling it remotely.

He opened up the Command Promt; Now, the only thing he was able to type was "ipconfi" and I know where that was going, so I attempted to shut down the client, but it asked me for a password ( which it has never done before) the one freaking time that I need it to shut down quickly, it takes its sweet time by asking me for a password.

The intruder was able to open it up and look for about 2-3 seconds before I finally shut him down. I just don't understand, I have windows firewall turned on, and my linksys hardware firewall is on.

This all just happened literally like 3 minutes ago.

The intruder already had access to my computer, yet he wanted my Internet IP Address?
He was already in my system, why would he need that info?

There is no way a normal human being could read an ip address that fast, my only concern is that he screen capped before i disconnected him, because it was fairly obvious that I was in front of my computer by the time I disconnected it.

Any advice, or does anybody see a reason as to why he needed my ip address?
Or is there anyway to find out the ip address of the person?
 
The client should have a log of incoming IPs. Of course they could just be using a proxy anyway. I don't see what nefarious deeds they would need to open ipconfig for anyway, if they got on your computer I'd think they already had the external IP. Maybe it wasn't a hacker and they just connected to the wrong computer?
 
for most applications windows firewall opens ports (holes) to allows access to those programs. It makes the application work. I would update your vnc & change your password.

Doesn't VNC have a log for connections?
check the ip that connected to your computer, see if any failed password attempt. If he got in on 1 shot...most likely there is an exploit for the version of vnc you are running.

to be safe just uninstall vnc until its needed....

The reason he checked your ip address is to first understand if you are behind a firewall like you said you are. You have a private address ie 10.x.x.x or 172.16.x.x, 192.168.x.x this tells the person, there is a box between him and you & there could be other assets on the private network which your computer may be able to access. it could be other pcs, servers, etc.
 
Thanks for the replies, I rarely use vnc on my main computer, so I just un-installed it all together. I kept it on my server, but disabled http access. It just freaked me out. I really have nothing to hide on my computer, I just did a fresh install about 5 days ago, but I do have most of my passwords kept in a password manager (with an impossible to crack password) Oh well, I guess no harm done.

BTW I checked the vnc log and it was empty. No trace whatsoever.
 
You must log in or register to reply here.
bread's done
Back
Top