Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.



Windows 7: Remote Desktop connections (possible trojan)

15 Jan 2013   #1

Windows 7 Home 64-bit
 
 
Remote Desktop connections (possible trojan)

All my computers are supposed to have Remote Desktop Service disabled for security reasons, but I recently found nearly daily instances of connections on one of the computers.

See photo... Viewed via Computer Management -> Event Viewer -> Applications -> TerminalServices-RemoteConnectionManager, ID 1155, S-1-5-20.

NONE of my programs use remote access, and I had disabled RDS in MSConfig settings from Day 1 of a Windows 7 reinstall months ago (after a prior keylogging/RAT infection).

Despite this, it appears that RDS has been starting up automatically with every bootup, based on Services.msc (see photo). I can also see RDS running in the Task Manager.

Is this a sure sign of a Trojan installing a backdoor/remote access program? There are zero RDS events on my other computers running Windows 7 and similar programs.

Is it possible to diagnose to what IP this connection is going, via Windows... or do I need to record network traffic with third party software (wireshark)?

Antivirus/TDSS scans have always been negative, but I know trojans can easily hide via a rootkit.

Thanks.



Attached Thumbnails
Remote Desktop connections (possible trojan)-2013-1-11-terminalservices-remoteconnectionmanager.png   Remote Desktop connections (possible trojan)-services-remote.png  
My System SpecsSystem Spec
.

15 Jan 2013   #2

Win7 Ultimate X64
 
 

Hello wwjd, Welcome to SF

If you think you are infected try these out
Windows Defender Offline
http://support.kaspersky.com/5350

To view all current connections to machine enter elevated command prompt (start type cmd right click run as admin) and type netstat -ano this will show you all IP addresses currently active/connected
If you find anything your not sure about post back and can show you how to investigate program identity
My System SpecsSystem Spec
Reply

 Remote Desktop connections (possible trojan)





Thread Tools



Similar help and support threads for2: Remote Desktop connections (possible trojan)
Thread Forum
Solved Remote Desktop Connections Network & Sharing
Stopping remote connections Network & Sharing
Clear out Remote Desktop connections Network & Sharing
How to configure Remote Desktop to save frequent connections Network & Sharing
Remote Desktop Connections Network & Sharing
Which Solution: Remote Desktop? Virtual Desktop? Remote Terminal? Network & Sharing
No remote connections Network & Sharing

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 01:35 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33