Please help me with this!!

Should you have problems with the MS logon plugin, here's the place to look for help or report issues.

Please help me with this!!

Postby cypress98 » 2008-12-11 15:54

Hello,

I am new to this forum, so I ask that everyone be kind to my first post. I think that I have a problem on my hands. My laptop as well as a few other computers that are in my networks domain have been acting very strange. My colleagues have noticed their mouse's moving acoss their screens, their cursors jumping around on their documents they are typing, and coming back to find different applications being opened (that they didn't open!).

Before I took this position ultra vnc was installed on all the computers on the domain. You were able to log into any of them. As I took over I noticed a lot of malicious and stupid things happening that kind of pointed back to the vnc connection. I uninstalled the vnc program from 3/4 of the computers and servers.

Since vnc is uninstalled from the add/remove programs, not running as a service, or listed under processes in the task manager....is it possible there is a version running in the background? Is it possible there is a vnc application that is running stealth, and the firewall and spyware software isn't picking up?? I just don't know what to think. I have searched and searched this forum for the right answer. I have read a lot of great posts, but nothing that is similar to this issue. I need to know how to detect this and end this. Is there some way to do this?

Please, if anyone has any information that can end this for me...I would love to read it.

Thanks!! :-| :-|
cypress98
 
Posts: 2
Joined: 2008-12-10 17:18

Re: Please help me with this!!

Postby Rudi De Vos » 2008-12-11 20:03

Ultravnc keep a log in
mslogon.log ( install folder)
and
events
The log record the ip address of the person that connect.


You can install tcpview
http://technet.microsoft.com/en-us/sysi ... 97437.aspx
this show the network connections applications make.

*If people want to play, they can rename winvnc.exe to something else, check the exe that make network (tcpview) and verify the writer of the program. ( uvnc exe are digital signed with uvnc bvba)
Rudi De Vos
Admin & Developer
Admin & Developer
 
Posts: 5771
Joined: 2004-04-23 10:21


Return to MS logon plugin

Who is online

Users browsing this forum: No registered users and 2 guests

cron