Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Unknown Remote User Found - How to know what they did?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unknown Remote User Found - How to know what they did?

Unread postby dreslick » July 12th, 2018, 11:05 am

Hello!

I came into my house this morning and discovered someone had gained remote access through my VNC server. I scanned the event log and found the ip address to someplace in Romainia. The Command Prompt and Services windows were opened up. This was part of the last command in the command prompt: bitsadmin /transfer script.bat

It had been executed, but I was able to interrupt it with Ctl-C.

How can I know if they changed anything / got into anything?

Here are my FRST Logs.

I have found the script file they were trying to use and can put that here if you think it would be helpful. They were trying to use something called a "miner." Is there anyway to tell if they were successful?
You do not have the required permissions to view the files attached to this post.
dreslick
Regular Member
 
Posts: 36
Joined: June 10th, 2011, 10:28 pm
Advertisement
Register to Remove

Re: Unknown Remote User Found - How to know what they did?

Unread postby Gary R » July 17th, 2018, 4:39 am

Your logs show you have software installed that would suggest that this computer is being used for business purposes. Can you please confirm that this is the case.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Unknown Remote User Found - How to know what they did?

Unread postby dreslick » July 17th, 2018, 6:18 am

This is a personal / family home PC. The VPNs are only rarely used.
dreslick
Regular Member
 
Posts: 36
Joined: June 10th, 2011, 10:28 pm

Re: Unknown Remote User Found - How to know what they did?

Unread postby Gary R » July 17th, 2018, 9:36 am

It's not the VPNs that made me ask.

The following line ...

() C:\CStone\NMSAccess.exe


.... indicates the presence of ... Cornerstone from IDEXX Computer Systems ... http://www.shouldiremoveit.com/Cornerst ... ogram.aspx

... and this is confirmed by the following entry in your Uninstall list ...

Cornerstone (HKLM-x32\...\{AC85F817-E377-402C-A1A7-F8FED5995508}) (Version: 8.6.12.10 - IDEXX Laboratories, Inc.)


Cornerstone is a program used by Veterinary practices ... https://www.idexx.com/en/veterinary/sof ... -software/ ... there is no reason why such software should be found on a home computer.

As far as this forum is concerned, a Veterinary Practice is a business.

May I draw your attention to the topic: ALL USERS OF THIS FORUM MUST READ THIS FIRST, which you should have read before posting for help.

The section here explains why we do not offer help for business computers. Thank you for your understanding.

This topic is now closed.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 316 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware