Remote Desktop connections (possible trojan)


  1. wwjd
    Posts : 17
    Windows 7 Home 64-bit
       New #1

    Remote Desktop connections (possible trojan)


    All my computers are supposed to have Remote Desktop Service disabled for security reasons, but I recently found nearly daily instances of connections on one of the computers.

    See photo... Viewed via Computer Management -> Event Viewer -> Applications -> TerminalServices-RemoteConnectionManager, ID 1155, S-1-5-20.

    NONE of my programs use remote access, and I had disabled RDS in MSConfig settings from Day 1 of a Windows 7 reinstall months ago (after a prior keylogging/RAT infection).

    Despite this, it appears that RDS has been starting up automatically with every bootup, based on Services.msc (see photo). I can also see RDS running in the Task Manager.

    Is this a sure sign of a Trojan installing a backdoor/remote access program? There are zero RDS events on my other computers running Windows 7 and similar programs.

    Is it possible to diagnose to what IP this connection is going, via Windows... or do I need to record network traffic with third party software (wireshark)?

    Antivirus/TDSS scans have always been negative, but I know trojans can easily hide via a rootkit.

    Thanks.
    Attached Thumbnails Attached Thumbnails Remote Desktop connections (possible trojan)-2013-1-11-terminalservices-remoteconnectionmanager.png   Remote Desktop connections (possible trojan)-services-remote.png  
    Last edited by wwjd; 15 Jan 2013 at 04:40.
      My Computer
    Quote Quote

  3. Pauly
    Posts : 2,573
    Win7 Ultimate X64
       New #2

    Hello wwjd, Welcome to SF

    If you think you are infected try these out
    Windows Defender Offline
    http://support.kaspersky.com/5350

    To view all current connections to machine enter elevated command prompt (start type cmd right click run as admin) and type netstat -ano this will show you all IP addresses currently active/connected
    If you find anything your not sure about post back and can show you how to investigate program identity
      My Computer
    Quote Quote

 

  Related Discussions
OS: Win8 64bit (My desktop is Win8, my laptop is Win7. We're dealing with the desktop here.) Where I am: university network, but these features seem to be working with my laptop. Things I've checked: allowing services through Windows Firewall (Bonjour, WMC services, etc.) Allowing remote...
Remote Desktop Connections
in Network & Sharing

Hey guys, I just wanted to know how to make a remote desktop connections. That's all. I knew the rest of it. Thanks! :)
Hello, this may be in the wrong section, please forgive for any mistake. Can someone tell me how to completely clear out all Remote Desktop connections, including credentials. Basically so when open Remote Desktop it appears you never connected to another system. Kind regards,
I once seen a user that had RDP in his Start Menu and there was a flyout of several saved connections and below the saved connections was a list of the most recent connections. How do I setup saving a list of most frequently used RDP connections?
Remote Desktop Connections
in Network & Sharing

I can't find the computers of which I want to control when setting up the users. The Locations doesn't show up the computers. Is there some step I have missed?:cry:
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 11:48.
Find Us