Question : Remote VNC Installation | Welchia worm removal

Hi,
I'm stuck with about 80 windows 2000 systems that are being use as point of sale system terminals, and  I'm looking for a remote installation utility that allows me to install VNC remotely so I can have access to them.  Unfortunately these terminals do not have Antivirus installed, and they are infected with the Welchia worm.  This worm cannot be quarantined from a network virus scan, and it must be removed from directly from the system.  I welcome any input you may have.  Your input is greatly appreciated.

Thank you,

Life

Answer : Remote VNC Installation | Welchia worm removal

Its fairly easy to manually install VNC remotely.

Make an administrative connection to the remote pc with IPC$
net use \\211.28.11.1\ipc$ "password" /u:administrator

Start off by opening a remote console - you can use rsetup off the resource kit then rclient to connect.
Alternatives to rsetup/rclient are telnet and netcat - there are more too

Upload the required files to the ADMIN$ folder (usually WINNT) - WinVNC.exe, VNCHooks.dll

make your winvnc.ini file in notepad
HKEY_USERS\.DEFAULT\Software\ORL\WinVNC3
SocketConnect = REG_DWORD 0x0000001
Password = REG_BINARY 0x0000008 0x57bf2d2e 0x9e6cb06e

this allows only 1 user to connect at a time and sets the password to secret
you can alter the pass by setting a pass on your local machine and then checking what it encrypts to in the registry


Make the relevant registry entry on the remote PC using regini (regini is from the resource kit)
run regini remotely by
regini -m \\211.28.101.1 winvnc.ini
or in the remote console by - remember to upload regini and winvnc.ini this way
regini winvnc.ini

ok - now in the remote console
winvnc -install
net start winvnc

and the system is ready to connect to
of course a lot of this can be done with a batch file to automate.

:)