HAO application ???

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by pooyie, Jul 11, 2008.

  1. pooyie

    pooyie Private E-2

    I busted someone coming into my network this morning using Real VNC to gain access to the computer. I could see him/her typing in a form to register for an EBay account. As soon as I touched the mouse to do a alt prntscrn they jumped out. They left several files on this computer desktop one of which was Roboform and the other was an application with "hao" under the icon. The icon was a angular blue S with a smaller blue N in the middle of the S.
    Anyone know what this application is?
     
    pooyie, Jul 11, 2008
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    No it has no meaning whatsoever.

    If some one was able to get into your PC via VNC, it sounds like you do not have passwords setup and you need to do that. Or you need to uninstall VNC if you don't need it.
     
    Last edited: Jul 18, 2008
    chaslang, Jul 11, 2008
    #2
  3. pooyie

    pooyie Private E-2

    Chaslang,
    It is a rather convoluted story. We usually have a closed and secure network. This was an exception which is usually how you get in trouble. Opened a hole to help someone who had been injured in a near death accident and could go through the normal proceudres. Too long to explain. The short of it was that AIRoboform was installed on this machine (by hacker) and was collecting username & passwords. They came in later and put this strange icon on the desktop (with the hao name beneath) as well as a .htm page and file folder with all the scripting to make the htm page. I was fortunate to walk in while they were working and as soon as I hit Alt Prnt Scrn they jumped out leaving all this on the desktop. Looking at the iSA firewall log the hit came from a domain in China. I would like to determine what this program is, send it to someone who can learn from it or better yet tell me what vunerablities I still have. I will not send it to just anyone though because it is malicious. I was hoping the description would help. I understand that the hck was my fault (dropped my security guard).
     
    pooyie, Jul 18, 2008
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    The HTML file could be the least of your problems. If someone was stealing login info and passwords, you may need to be more concerned about how this can impact the users of the PC especially if it was being used for any financial related transactions or if the PC contains personal info or company info that requires it to be secure. Anyone who used the PC should consider doing the below (from a different PC):




    And then you should decide whether you wish to format this PC and reinstall or if you want to check it for malware.

    If you wish to check for malware, please follow the instructions in the below link and attach the requested logs when you finish these instructions. If something does not run, write down the info to explain to us later but keep on going. Do not assume that because one step does not work that they all will not.

    READ & RUN ME FIRST. Malware Removal Guide
     
    chaslang, Jul 18, 2008
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds