That was clever, how they do that?
Discussion
Last night when I was on Pistonheads, my cursor started to move on its own. Someone was snooping around my computer. I havent opened any dodgy e-mails lately, all my Spam goes straight to delete. I scanned for a virus and found nothing. So how do they do that without having planted anything I may have downloaded?
It was weird watching someone wandering around my desktop.
It was weird watching someone wandering around my desktop.
Looks like you're in deep shit man 
Seems you've been hacked and someone else is able to > access and use your puter at will
> read, access and change all stored data on it
Best thing you can do is sever the connection with the Inet immediately.
In a worst case scenario you'll have to get rid of the infected Hard Drive(s) as soon as possible
----------
levensnevel
a smile every mile and
gammal kärlek rostar aldrig !
Seems you've been hacked and someone else is able to > access and use your puter at will
> read, access and change all stored data on it
Best thing you can do is sever the connection with the Inet immediately.
In a worst case scenario you'll have to get rid of the infected Hard Drive(s) as soon as possible
----------
levensnevel
a smile every mile and
gammal kärlek rostar aldrig !
The cursor was moving whilst I was posting on here, it was to the left of the screen exactly where my desktop icons would be. I minimised the PH screen and saw the cursor going up and down my desktop and hovering over icons, someone was deciding what to open. I just did a virus update and re-scanned, found nothing. I did find a very strange cookie though, it was displayed as the entire contents of the PH posting window that I was in when I noticed the cursor moving, rather than just the url description. Whoever it is, they chose a very dull pc to mooch about in, I hope they were suitably bored.
My prehistoric Rock laptop has the imbedded mouse; occasionally it does as described - though more usually the cursor just keeps moving to one edge of the screen and staying there. This is on a non-internet machine.
If you connect two PCs using, say, PCAnywhere, then it is possible to control one PC from the other, and the cursor will do as described (in fact you get the same desktop as the machine you are remotely controlling!).
Ian
If you connect two PCs using, say, PCAnywhere, then it is possible to control one PC from the other, and the cursor will do as described (in fact you get the same desktop as the machine you are remotely controlling!).
Ian
The only way I can see this working is if you are using XP and running remote desktop connection.
Pointer control is right down (or up depending on viewpoint) there in the very bowels of Windows. Would require a load of work to take control of someones mouse over the web, if indeed its technically possible at all...
Pointer control is right down (or up depending on viewpoint) there in the very bowels of Windows. Would require a load of work to take control of someones mouse over the web, if indeed its technically possible at all...
Go to [url]www.adaware.de[/url] and download their adaware program. This will search out any trojans etc. sitting on your hard drive.
make that [url]www.lavasoft.de[/url] and then download the adaware software.
It certainly is possible, thats what I develop 
Not stealthy though, full in ya face remote control.
I'd check your process list (hit Ctrl-Alt-Del and select Task Manager) and look for any suspicious things that are running.
Look in Program Files->Start up, the Run keys in the registry or services for any unusual items, this is where they might be loading themeselves.
You can get tools to show you what IP connections are open on your machine (a good one is TDIMon this shows you all traffic), this would tell you if something was sending information out from your machine.
Not stealthy though, full in ya face remote control. I'd check your process list (hit Ctrl-Alt-Del and select Task Manager) and look for any suspicious things that are running.
Look in Program Files->Start up, the Run keys in the registry or services for any unusual items, this is where they might be loading themeselves.
You can get tools to show you what IP connections are open on your machine (a good one is TDIMon this shows you all traffic), this would tell you if something was sending information out from your machine.
PC anywhere would certainly do it as would another network application that I have forgotten the name of, but they both display an icon in the system tray.
Of course a re-hashed version of one of these could be made and set on your PC to fire up at start up.
Perhaps it was whatever you were doing the LAST time you were on your PC.
I assume you are not using the PC on a network at work?
Of course a re-hashed version of one of these could be made and set on your PC to fire up at start up.
Perhaps it was whatever you were doing the LAST time you were on your PC.
I assume you are not using the PC on a network at work?
you have a retome admin progmam installed on you pc.
if you have a cam and a mic chances is they can here and see you and have full acsses to your computer.
you should see a victims face some time
dont bother trying to find it as they may have put one or two back ups in your system ,
I would leav more than one way in.
format and reinstall you pc NOW
and before you conect it back to the internet install a good fire wall
and patch what ever operating system your using with the latest hole plugs
how you got is academic now could have been many diferent ways
if you on broard band you may ghave print and file shareing on and be shareing with the whole internet.
that hapens all the time.
could have got from a ie exploite
it may be someone you know
it may be a file you recived from someone
many ways just format now only way to be shaw that your safe.
if you have a cam and a mic chances is they can here and see you and have full acsses to your computer.
you should see a victims face some time
dont bother trying to find it as they may have put one or two back ups in your system ,
I would leav more than one way in.
format and reinstall you pc NOW
and before you conect it back to the internet install a good fire wall
and patch what ever operating system your using with the latest hole plugs
how you got is academic now could have been many diferent ways
if you on broard band you may ghave print and file shareing on and be shareing with the whole internet.
that hapens all the time.
could have got from a ie exploite
it may be someone you know
it may be a file you recived from someone
many ways just format now only way to be shaw that your safe.
Plotloss said:
The only way I can see this working is if you are using XP and running remote desktop connection.
Pointer control is right down (or up depending on viewpoint) there in the very bowels of Windows. Would require a load of work to take control of someones mouse over the web, if indeed its technically possible at all...
it a pice of piss to do, trust me
and xp full of holes.
most home users pc on broardband are as secure as a hocker underwear.
Plotloss said:
But how would one execute the VNC server remotely as I assume it needs to be running first?
ther copy of vnc that run hidden trust me i got one
if they left fileshareing open
you can get right in there drop right where you want it and add aurto start to the reg.
bind a small exe to some thing inercent that when run
installs it hidden
there a hundred and one ways trust me.
I could get 50 victims an hoiur pretending to be a bird in chat sending her pic
with a rat binded to it
trojans are lame easy hacks trust me
Plotloss said:
But how would one execute the VNC server remotely as I assume it needs to be running first?
VNC is just one of the legitimate remote access systems. There are plenty of others (goverlan?, windows remote support?) then there are the hackers weapons of choice that are just as good but hide themselves instead of letting you know they are there.
Okay, now bear with me as I am a bit thick.
I push a VNC server to you
Then I change your registry to add the VNC to startup via registry.
How do I then relocate you on reboot? IP Address will have changed...
Or is that a scan job looking for instances of the VNC Server thats presumably got a specific port open waiting for a VNC client.
I push a VNC server to you
Then I change your registry to add the VNC to startup via registry.
How do I then relocate you on reboot? IP Address will have changed...
Or is that a scan job looking for instances of the VNC Server thats presumably got a specific port open waiting for a VNC client.
Gassing Station | Computers, Gadgets & Stuff | Top of Page | What's New | My Stuff