N
nath
Guest
Howdy
I was asked to look at a problem on a clients laptop, it was coming up with winvnc error messages every time he switched it on. I checked the usual places (startup/run in the registry) but nothing about vnc there. I then looked at processes in task man, and I couldn't see anything about vnc. I closed the vnc window and something disappeared. Repeated several times and found that the thing disappearing was explorer.exe .. there just happened to be two of them. "uh oh" I thought.
Did a search for explorer.exe and found one (with the normal winvnc icon) in C:\winnt\fonts "uh oh some more) I thought. Looked in the run registry settings, found it there, removed the entry. I have no doubt whatsoever that this was maliciously placed, as it was so well hidden.. but has anyone ever heard of/seen this sort of thing before? Had a quick google, but couldn't find anything.
TIA
I was asked to look at a problem on a clients laptop, it was coming up with winvnc error messages every time he switched it on. I checked the usual places (startup/run in the registry) but nothing about vnc there. I then looked at processes in task man, and I couldn't see anything about vnc. I closed the vnc window and something disappeared. Repeated several times and found that the thing disappearing was explorer.exe .. there just happened to be two of them. "uh oh" I thought.
Did a search for explorer.exe and found one (with the normal winvnc icon) in C:\winnt\fonts "uh oh some more) I thought. Looked in the run registry settings, found it there, removed the entry. I have no doubt whatsoever that this was maliciously placed, as it was so well hidden.. but has anyone ever heard of/seen this sort of thing before? Had a quick google, but couldn't find anything.
TIA
