Hi, we regularly use VNC Server here as a way for my husband to manipulate, and/or access info on my pc. We are wireless (I'm the host), and I always assumed he accessed me by wireless this way. So far, no war drivers have been able to hack into it.
Last night I was perusing the audio/video forum here on TechSpot (nothing else open) and my husband was sitting at his desk right behind me tapping away. Suddenly I see VNC requesting access to my pc. No biggie I thought, he wants to check something. So I hit 'accept' so the request wouldn't time-out (he gets annoyed when I let that happen I then turned around to see what he was doing. I asked him what he was looking for. He said he was just doing some coding; so I asked why he "RAT-ted" me. I turned to look at my screen to see someone open up taskmgr, select something (I forget what), then run something suspicious-looking. I then realized that because of router problems, I had already bypassed it earlier...so someone else was hacking my machine. And they were typing almost too fast for me to keep up with. Needless to say, I killed the connection right away. If I hadn't panicked I might've thought to do a screen capture.
After doing a start>run, this came up as the last entry:
%systemroot%\system32\cmd.exe
Wow, I wonder what they might've done?
Can someone please briefly explain how these RATs work, and is there any way to keep this from happening again (besides verifying who's requesting the access, obviously) Is there anything else I should do?
I ran AV & malware scans which turned up only cookies. I left them alone. Would they have even had anything to do with what happened?
Last night I was perusing the audio/video forum here on TechSpot (nothing else open) and my husband was sitting at his desk right behind me tapping away. Suddenly I see VNC requesting access to my pc. No biggie I thought, he wants to check something. So I hit 'accept' so the request wouldn't time-out (he gets annoyed when I let that happen I then turned around to see what he was doing. I asked him what he was looking for. He said he was just doing some coding; so I asked why he "RAT-ted" me. I turned to look at my screen to see someone open up taskmgr, select something (I forget what), then run something suspicious-looking. I then realized that because of router problems, I had already bypassed it earlier...so someone else was hacking my machine. And they were typing almost too fast for me to keep up with. Needless to say, I killed the connection right away. If I hadn't panicked I might've thought to do a screen capture.
After doing a start>run, this came up as the last entry:
%systemroot%\system32\cmd.exe
Wow, I wonder what they might've done?
Can someone please briefly explain how these RATs work, and is there any way to keep this from happening again (besides verifying who's requesting the access, obviously) Is there anything else I should do?
I ran AV & malware scans which turned up only cookies. I left them alone. Would they have even had anything to do with what happened?