Windows 10: Someone has Remoted into a PC on my network!

Discus and support Someone has Remoted into a PC on my network! in Windows 10 Network and Sharing to solve the problem; I have an urgent situation. I have several PC at home on a network. I'm lazy so I use Real VNC from one PC, to hit my other PC on the netork (all... Discussion in 'Windows 10 Network and Sharing' started by Janning, Mar 4, 2017.

  1. Janning Win User

    Someone has Remoted into a PC on my network!


    I have an urgent situation. I have several PC at home on a network. I'm lazy so I use Real VNC
    from one PC, to hit my other PC on the netork (all password protected). I VNC onto one of my PC
    and noticed the lock/logon screen was up, and a message "The PC is logged on remotly by
    bobs-MacBook-Pro.local
    Ut oh!! so I put in my password, and I see my mouse moving, its on a paypal page, he logged out!
    (lucky for him!)...the user id was L: Richard@arrowpointint.com (not me see below).

    http://www.aanning.com/ajissues/Hacked/Hacked1.jpg

    He also was on this page:

    http://www.aanning.com/ajissues/Hacked/Hacked2.jpg

    I have the lot file from windows "HAcked.evtx", i'm not sure what to make of it.
    (I was unable to upload the "HAcked.evtx" file here, so I attached screen shots
    of one of the 20+ events there he logged in)
    My only guess is, he RDP into my PC, but I have no idea as to his end game.

    I have turned OFF RDP on all my PC, and made the locked screen come up after 1 minute of inactivity
    for all PC.

    Any advice, clues or suggestions is greatly needed here!

    :)
     
    Janning, Mar 4, 2017
    #1

  2. someone put a network on my pc. i am a home user. they changed my account and put a adminstor

    service are started that are not mine. I cant change setting because I am no longer an addmin. their now a network I didn't put on
     
    davidahook, Mar 4, 2017
    #2
  3. someone put a network on my pc. i am a home user. they changed my account and put a adminstor

    Hi David,

    There are several factors to consider as to why your account is no longer an administrator. This could be caused by a recent update or a recent program that was installed. For us to resolve your concern, kindly answer the questions below:

    • The account you're using to sign into you computer, is it a local account or a Microsoft account?
    • What are the services that you saw on your computer that are running?
    • Also about the network, are your pertaining to a new WiFi or LAN network that your computer is connected to?

    We look forward to your response to our queries.
     
    Jordan Dom, Mar 4, 2017
    #3
  4. Fafhrd Win User

    Someone has Remoted into a PC on my network!

    Fafhrd, Mar 4, 2017
    #4
  5. Janning Win User
    What makes you think he used VNC as opposed to RDP? Was there something in the screenshots I sent? (I did have RDP enabled until this)
     
    Janning, Mar 4, 2017
    #5
  6. bro67 Win User
    You stated that you use VNC and had possibly someone on your computer. If RDP service was enabled, they would not be able to use it unless you have allowed outside access by enabling to allow people in.

    You need to secure VNC and also use a VPN when connecting to computers on your network from the outside world. The better and strongest option is to use Teamviewer and it has its own built in VPN system and is very secure.
     
    bro67, Mar 4, 2017
    #6
  7. Janning Win User
    1) can you define more specifically "Secure VPN"?
    2) "The PC is logged on remotely by bobs-MacBook-Pro.local"...so he was tunneling in via RDP (which I have now disabled) or VNC...those are the only two methods I can think of he would have had. honestly, on that PC, I am not 100% the RDP was password protected. I did change the default RDP port to custom of my choosing.
    If I remember correct, by default, RDP uses the windows login password...so it should have been "passworded" there.

    From the event logs, I can tell "bobs-MacBook-Pro.local" logged in 21 times, from Feb 27, till last nite. I spot checked 2 other (of my 12 physical and 10 Virtual PC on network) and "bobs-MacBook-Pro.local" is not in the event logs. Of all the PC on my network, he was on THE worse, slowest junker I have (a 14 yr old notebook, with only 2 gig ram, and a PATA - yes pata, SSD)...its so so so very slow physically on it, and remoting in is a nite mare slower than a dail up in 1992...I almost feel sorry for him. I can't imagine what his end game was...using someone else's pay pal, on my network? surely not his own. I've alerted pay pal of these details, for all the good that will do.

    What I want to know is if somehow from the screen shots or any other method, (I'm open to try anything) his exact point of entry...to prevent re-entry. I've disabled RDP completely...I have to have Real VNC for myself...which is password protected.
    I've attahce s screenshot of how my RDP was set, before I disabled it (also seen at below link)

    http://www.aanning.com/ajissues/Hack...P_settings.jpg

    I am not too familiar with all of the ins and outs of RDP like I am with REAL VNC (with exception of what is "secure VPN")

    Someone has Remoted into a PC on my network! [​IMG]
     
    Janning, Mar 4, 2017
    #7
  8. bro67 Win User

    Someone has Remoted into a PC on my network!

    Read the information in the link that was posted and also the information is on VNC's website. This has zero to do with RDP. Concentrate only on VNC or just make your life easy and use Team Viewer.
     
    bro67, Mar 4, 2017
    #8
  9. Janning Win User
    Looking at "password management - What are RealVNC 5.0 Authentication Protocol Security Limitations? - Information Security Stack Exchange" This post is......what 4-5 years old? The sample, looks like thats for linux. As for the rest, I have the latest version of Real VNC, and its a "paid for copy"...now, I'm not saying I know Real VNC, inside out, and I may have holes, but I for certain have an encrypted password set up with it.

    Now, Team Viewer...I'm looking at this...getting it installed and will see if it will do what I need. I have not seen so far where I have to pay for it? Is there a $ fee?
     
    Janning, Mar 4, 2017
    #9
  10. bro67 Win User
    It does not matter how old that it is. It gives you a starting point in understanding how to lock down VNC, same as the documentation that VNC has on their website. Teamviewer has always been free for how users. It states that on their website.
     
    bro67, Mar 4, 2017
    #10
  11. Janning Win User
    That is for linux (xvncviewer), as for the other portion, I am using an encrypted password, However, proof is in the pudding...someone got it. I'm looking into Team viewer...hoping to find things like capability to autostart the service on reboot, address book, for one click access to the remote pc...surly it has this.
     
    Janning, Mar 4, 2017
    #11
  12. Janning Win User
    Ok, I'm digging in deeper....Team viewer....REALLY liking this, how have I never heard of it, is odd. I can tell I'm going to be forgetting all about Real VNC. I opened a ticket with Real VNC, asking how this could have happened request they tell me why I don't dump them for Team Viewer. I havn't gotten there, yet, but hoping its supported on Linux too.
     
    Janning, Mar 4, 2017
    #12
  13. jimbo45 Win User

    Someone has Remoted into a PC on my network!

    Hi there

    Why on earth do people always start at the most complicated places from which to solve problems !!!!

    Why not first start with your ROUTER - look at its logs - you should see inbound logon requests -- the router also can give you a HUGE better set of security than Windows firewalls etc (although of course don't disable the firewall).

    To get access to most domestic routers logon to typically 192.168.0.1 (the 0 could often be replaced by 1 or 2) - check the router literature for the exact configuration. Some cable routers also require a pin number at logon - usually these will be stuck on to the bottom of the router / cable box.

    For starters if you have known sets of PC's restrict the Internet usage by MACID -- any even half decent router should be able to do that.

    From there you should be able to tell if you've got any open ports etc -- then block those.

    Once you've isolated the router you should then look at the Windows system to see where "Ingress" is occurring -.

    Teamviewer IMO isn't worth it -- if you can run Linux there's so many ways of securing it - I won't start here other than suggest you could make a Linux server act as your Internet gateway. Plenty of info on Linux Forums for that topic. Simply set up the gateway and on Windows machines set the browsers Internet settings to use a "proxy server" i.e your gateway. There's a zillion ways and options here so it depends on what you want from a full blown secure VPN server to something a bit more basic than standard windows with a lot more security in it.

    Install package XRDP on it if you have a Linux system with a GUI - that way standard RDP from Windows will access your Linux system identically to the way you can RDP to another windows system.

    SSH on Linux systems is also a good idea too.

    Cheers
    jimbo
     
    jimbo45, Mar 4, 2017
    #13
  14. Janning Win User
    Excellent idea....DUH! The router. Although i disagree about windows firewall...FRIST thing I always do is disable that nightmare. I over two decades with 2 to now 20+ PC running 24.7...this is THE first issued I've EVER had. I've never run any antivirus,,,and I've never had a virus too. Honestly i'm surprised its taken this long to be hacked.
    As for my router, I know it inside and out...i currently have 75 ports forwarded ...Yes I need ALL each n every one.
    I have 3 WEB servers, 2 mail servers, and any type app, like VNC or RDP has to use ports forwarded.
    (however, this Team Viewer......AWESONE app, = and FREE..does not appear to require me going in and forwarding any ports, and has far more flexibility and features than even the paid version of REAL VNC)
    My plan at this point is to get team viewer going, uninstall Real VNC, release and block the 20+ ports VNC was using...then go scrub the router logs. Im running Microsoft IIS for WEB server, it has a great log feature...but, if he did not hit my WEB site......it will not log it.
     
    Janning, Mar 4, 2017
    #14
  15. Janning Win User
    I wont be able to see any router logs. It has the capability, but you must have linux box (I do), and I need to install, a UNIX-compatible syslog client for this feature. (I have not). Its taken 4 hours but I have TeamViewer installed on all my devices. (17 PC) I like it, its cleaner, and for certain faster. I have 3 older PC, that every remoting app I have used, is like being back in the EARLY days of dial up...only LESS stable. TeanView is still slower and lil shaky on these 3 but, over 1000% better than the others..maybe 10,000% better Next...its good bye to Real VNC
     
    Janning, Mar 4, 2017
    #15
Thema:

Someone has Remoted into a PC on my network!

Loading...
  1. Someone has Remoted into a PC on my network! - Similar Threads - Someone has Remoted

  2. Someone has a remote access to my PC, how to block them?

    in AntiVirus, Firewalls and System Security
    Someone has a remote access to my PC, how to block them?: I've experienced today a control takeover on my pc as i was doing my business, the hacker started typing chinese, opened a lot of windows, used the mouse. I've shut down the pc immediately and deactivated the WIFI. I've ran anti-malware scans but nothing to report here. I've...
  3. Someone has a remote access to my PC, how to block them?

    in Windows 10 Gaming
    Someone has a remote access to my PC, how to block them?: I've experienced today a control takeover on my pc as i was doing my business, the hacker started typing chinese, opened a lot of windows, used the mouse. I've shut down the pc immediately and deactivated the WIFI. I've ran anti-malware scans but nothing to report here. I've...
  4. Someone has a remote access to my PC, how to block them?

    in Windows 10 Software and Apps
    Someone has a remote access to my PC, how to block them?: I've experienced today a control takeover on my pc as i was doing my business, the hacker started typing chinese, opened a lot of windows, used the mouse. I've shut down the pc immediately and deactivated the WIFI. I've ran anti-malware scans but nothing to report here. I've...
  5. How to disconnect a network if Someone is Network-Connected to my PC

    in Windows 10 Network and Sharing
    How to disconnect a network if Someone is Network-Connected to my PC: Hi everybody, From Command Prompt == > Type netstat and press the Enter key == > It gave me some other unknown computers network names Can someone tell me how to block them. Thank you I am using Windows 10 version 2004 162565
  6. I think someone has remote access to my PC

    in AntiVirus, Firewalls and System Security
    I think someone has remote access to my PC: i tried to delete some files from my pc and i got this error [ATTACH] The only user I have is "PC" which is the one i created . went to event viewer and i found this [ATTACH] What should i do now? i also found that someone has made an account for some farmers dating...
  7. Someone is remoting my desktop?

    in Windows 10 Ask Insider
    Someone is remoting my desktop?: I am the only one in my family that has access to this computer, yet I see something along the lines of remote desktop which is taking a bit of my cpu. And the strange thing is, I've never been remoted. When I open the file location it says " dwm.exe ". Am I hacked, or is...
  8. Malware has remote access to my pc?

    in AntiVirus, Firewalls and System Security
    Malware has remote access to my pc?: Please forgive me for my lack of knowledge with some of this but Ive been dealing with this for days now I couldn't decide if I was just being paranoid or if there was actually something(or someone) that has hijacked my PC. I will Let the you all decide but to me this all...
  9. Someone has created a network on my personal PC without my permission.

    in Windows 10 Network and Sharing
    Someone has created a network on my personal PC without my permission.: Please help. I have a serious stalker. In 29 September 2017 all my computers look like something was added to them. Since I have continued to reset them but they revert back after forced restart. I have new items I had never seen before under device manager. I can see the...
  10. How can someone remotely hack my PC?

    in AntiVirus, Firewalls and System Security
    How can someone remotely hack my PC?: Alright, so I built my PC, keep windows defender running, and only use it for gaming and Microsoft office. No sketchy websites, no porn, don't want to risk my $2000 pc. But today, I got a text from American Express that I was spending unusually. Call them, then Amazon emails....