Are there dangers in connecting to a comprimised (virus-ridden) PC?
June 4, 2013 10:26 PM Subscribe
Cleaning a virus-ridden PC using Windows Easy Connect -- is my Windows 7 machine at risk?
I've been trying to get a younger cousin's computer back to a usable state after he's had over a year with it -- a bunch of cracked game installations, toolbars, and a whole lot of other crap. There were a ton of results in Symantec and Malwarebytes.
I was using Easy Connect (they are both Win 7 machines). Mine has the latest updates and is running Anti-Virus software.
Are there any known exploits or viruses that can exploit a machine that remotes into a comprimsed machine using Windows Easy Connect?
I've been trying to get a younger cousin's computer back to a usable state after he's had over a year with it -- a bunch of cracked game installations, toolbars, and a whole lot of other crap. There were a ton of results in Symantec and Malwarebytes.
I was using Easy Connect (they are both Win 7 machines). Mine has the latest updates and is running Anti-Virus software.
Are there any known exploits or viruses that can exploit a machine that remotes into a comprimsed machine using Windows Easy Connect?
There were a ton of results in Symantec and Malwarebytes.
You should wipe the drive and reinstall Windows. There is no less frustrating or less time-consuming way to do this. Have your cousin ship the machine to you, or walk him through the procedure over the phone.
posted by Inspector.Gadget at 5:48 AM on June 5, 2013
You should wipe the drive and reinstall Windows. There is no less frustrating or less time-consuming way to do this. Have your cousin ship the machine to you, or walk him through the procedure over the phone.
posted by Inspector.Gadget at 5:48 AM on June 5, 2013
nthing wiping it after copying and sanitizing data
Get DBAN (Darik's Boot And Nuke). DBAN can be made into a bootable USB or Disc. Boot the old box from that and wipe everything. No need to go DoD level with multiple rewrites... pick the manual option and set to wipe once with zeros and no verification. That's fastest and should do the trick. Then re-install windows.
Do NOT reinstall Windows without wiping. I don't think the disk is completely blanked if you do this and certain types of malware such as root kits may survive the process.
posted by Hairy Lobster at 1:31 PM on June 5, 2013
Get DBAN (Darik's Boot And Nuke). DBAN can be made into a bootable USB or Disc. Boot the old box from that and wipe everything. No need to go DoD level with multiple rewrites... pick the manual option and set to wipe once with zeros and no verification. That's fastest and should do the trick. Then re-install windows.
Do NOT reinstall Windows without wiping. I don't think the disk is completely blanked if you do this and certain types of malware such as root kits may survive the process.
posted by Hairy Lobster at 1:31 PM on June 5, 2013
I think it is worth a shot to try running combofix on the old machine to see if it can be cleaned up. If you transfer only documents and settings you may be fine on the new machine.
posted by dgran at 5:04 AM on June 6, 2013
posted by dgran at 5:04 AM on June 6, 2013
Response by poster: I appreciate all the answers, but it's not quite what I'm looking for.
I'm interested to know if there are documented vulnerabilities that can compromise a machine via Windows Easy Connect.
@Podkayne of Pasadena you mention that there are such vulnerabilities. However, you don't mention any names or provide links.
Apologies if this sounds condescending. I'm just looking for some concrete examples.
posted by apip at 7:17 PM on June 7, 2013
I'm interested to know if there are documented vulnerabilities that can compromise a machine via Windows Easy Connect.
@Podkayne of Pasadena you mention that there are such vulnerabilities. However, you don't mention any names or provide links.
Apologies if this sounds condescending. I'm just looking for some concrete examples.
posted by apip at 7:17 PM on June 7, 2013
apip - if a machine remotes into another machine then any Trojans or active exploits on the target machine will be transmitted to the machine remotteing in just as it would over any internet connection. Any zero day exploits on the target machine, or any exploits which use open ports on your machine will get your machine pwned.
Standard industry procedure is to NOT connect to a live target machine (via remote access or any other method save a sandboxed environment like a VM) if it is known to have been exploited. That's my professional response from someone who has been working actively in the industry for over 20 years. If you want Google links to back that up then you are going to have to search for them yourself. Of course at least two other people in this thread have said the same thing as I.
Best of luck.
posted by Podkayne of Pasadena at 1:00 PM on June 15, 2013
Standard industry procedure is to NOT connect to a live target machine (via remote access or any other method save a sandboxed environment like a VM) if it is known to have been exploited. That's my professional response from someone who has been working actively in the industry for over 20 years. If you want Google links to back that up then you are going to have to search for them yourself. Of course at least two other people in this thread have said the same thing as I.
Best of luck.
posted by Podkayne of Pasadena at 1:00 PM on June 15, 2013
Response by poster: @Podkayne of Pasadena Thanks for your reply. As stated in the original post, I'm looking for specific exploits that are known to take advantage of remote desktop.
I appreciate that various folks in this thread are saying it's possible, but I still see no evidence of it. I'm doing some searches and coming up with little. Really, I'm getting a lot of forums posts that write that it's highly unlikely that an exploit would be able to take advantage of the remote desktop session:
http://social.technet.microsoft.com/Forums/en-US/w7itprosecurity/thread/fabfe8b9-9b49-4632-bc3f-faa4bfc153dc/
http://stackoverflow.com/questions/11142926/can-virus-transmit-over-remote-desktop
http://www.sharkyforums.com/showthread.php?306892-Virus-through-remote-desktop
However, none of these posts actually cite any specific exploits, so I'm still at square one.
Any further information is appreciated.
Edit: I'm re-reading my title and seeing that I was a little more vague than I would have liked to be. I realize there are probably safer solutions (e.g. remoting in through a VM) However, I'm most interested in finding specific exploits. Thanks!
posted by apip at 12:47 PM on June 17, 2013
I appreciate that various folks in this thread are saying it's possible, but I still see no evidence of it. I'm doing some searches and coming up with little. Really, I'm getting a lot of forums posts that write that it's highly unlikely that an exploit would be able to take advantage of the remote desktop session:
http://social.technet.microsoft.com/Forums/en-US/w7itprosecurity/thread/fabfe8b9-9b49-4632-bc3f-faa4bfc153dc/
http://stackoverflow.com/questions/11142926/can-virus-transmit-over-remote-desktop
http://www.sharkyforums.com/showthread.php?306892-Virus-through-remote-desktop
However, none of these posts actually cite any specific exploits, so I'm still at square one.
Any further information is appreciated.
Edit: I'm re-reading my title and seeing that I was a little more vague than I would have liked to be. I realize there are probably safer solutions (e.g. remoting in through a VM) However, I'm most interested in finding specific exploits. Thanks!
posted by apip at 12:47 PM on June 17, 2013
« Older Advice on at least getting an IEP for a sweet kid... | Movie with a girl who turns into a star on a... Newer »
This thread is closed to new comments.
You'll want to then reformat and reinstall windows on the old machine as that is the only way for most people to be certain that a compromised machine is now clean.
posted by Podkayne of Pasadena at 5:45 AM on June 5, 2013