|
|
|
Question : Problem: Can I rename winvnc.exe to hide it int he Task Manager?
|
|
When running winvnc.exe on a remote computer, the user runs the Task Manager and sees it there. He then ends the program. It makes it impossible, then, to remotely connect to his computer when other users want me to do that.
Is there any way to rename this exe file? This VNC (UltraVNC) is set up as a server so it [somehow] runs whenever the computer is restarted. I need it to continue to do that but disguise the file name....
|
Answer : Problem: Can I rename winvnc.exe to hide it int he Task Manager?
|
|
If you rename the filename then a malicious user will still find it and remove it via the task manager or other means if it wants to (I agree with what the others are saying: why would one kill the process that makes remote access possible in the first place? Even viral programs don't do that, they need the remote access...).
There are a couple of easy solutions though. First is to change the credentials of the service to, say, an administrator. In addition, you must make sure that the user logging into the desktop does not have administrative rights (but that's the first thing you should look out for when enabling remote access!). That way the user cannot kill the process anymore.
If you don't want that, you could disguise the filename (just change the registry key of the service that describes the process), but that is hardly a solution.
What one could also do, is adding a ghost process to the system which checks for some processes that must be running (and their exit states when they are killed). If they are killed, the ghost process will automatically relaunch the aborted process.
HTH,
Cheers,
-- Abel --
|
|
|
|
|
