go to C:\WINDOWS\system32\SoftwareDistribution\Setup\Ser viceStartup\wups.dll\

In that folder there should be a folder with a version number. If you have found winupdate you may need to sit down.

I just found this tonight and joy oh joy, my backup machine has been compromised. Yes I know there are better things to use than VNC, but hey.

Now where did I put those windows and applications disk.

Erm.....

wuh?

If you use VNC then navigate to C:\WINDOWS\system32\SoftwareDistribution\Setup\Ser viceStartup\wups.dll\

In there should be a folder with a version number eg 5.01.1

If there is not but there is a folder called winupdates, then you have a virus/backdoor on your computer

Mcafee fails to pick it up as does Norton. Pandasoftware picks most of the infection up, housecall says everything is fine.

NOD32 is currrently finding all the viruses that NAV and Mcafee have missed.

Oh I see :)

I have a folder with version number but don't have VNC installed at the moment :/

Have you got any more details of the exploit used to compromise VNC in this instance? I use VNC sometimes so I just had a look around and it looks like there was a recently discovered exploit whereby it's possible to bypass the authentication, the latest version of realvnc fixes this vulnerability so unless this is a new exploit then upgrading to the latest version should see you safe from this.

Have you got any more details of the exploit used to compromise VNC in this instance? I use VNC sometimes so I just had a look around and it looks like there was a recently discovered exploit whereby it's possible to bypass the authentication, the latest version of realvnc fixes this vulnerability so unless this is a new exploit then upgrading to the latest version should see you safe from this.

Originally, there was a Lsass exploit, but the version that got me was the vnc_bypauth.exe, which upon closer inspection of the folder is a script kiddies wet dream with its detailed step by step (written in Hax0rz script) instruction.