Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: Remote Desktop connections (possible trojan)

15 Jan 2013   #1

Windows 7 Home 64-bit
Remote Desktop connections (possible trojan)

All my computers are supposed to have Remote Desktop Service disabled for security reasons, but I recently found nearly daily instances of connections on one of the computers.

See photo... Viewed via Computer Management -> Event Viewer -> Applications -> TerminalServices-RemoteConnectionManager, ID 1155, S-1-5-20.

NONE of my programs use remote access, and I had disabled RDS in MSConfig settings from Day 1 of a Windows 7 reinstall months ago (after a prior keylogging/RAT infection).

Despite this, it appears that RDS has been starting up automatically with every bootup, based on Services.msc (see photo). I can also see RDS running in the Task Manager.

Is this a sure sign of a Trojan installing a backdoor/remote access program? There are zero RDS events on my other computers running Windows 7 and similar programs.

Is it possible to diagnose to what IP this connection is going, via Windows... or do I need to record network traffic with third party software (wireshark)?

Antivirus/TDSS scans have always been negative, but I know trojans can easily hide via a rootkit.


Attached Thumbnails
Remote Desktop connections (possible trojan)-2013-1-11-terminalservices-remoteconnectionmanager.png   Remote Desktop connections (possible trojan)-services-remote.png  
My System SpecsSystem Spec
15 Jan 2013   #2

Win7 Ultimate X64

Hello wwjd, Welcome to SF

If you think you are infected try these out
Windows Defender Offline

To view all current connections to machine enter elevated command prompt (start type cmd right click run as admin) and type netstat -ano this will show you all IP addresses currently active/connected
If you find anything your not sure about post back and can show you how to investigate program identity
My System SpecsSystem Spec

 Remote Desktop connections (possible trojan)

Thread Tools

Similar help and support threads
Thread Forum
Remote features not working -remote desktop, WMC, iTunes remote, etc.
OS: Win8 64bit (My desktop is Win8, my laptop is Win7. We're dealing with the desktop here.) Where I am: university network, but these features seem to be working with my laptop. Things I've checked: allowing services through Windows Firewall (Bonjour, WMC services, etc.) Allowing remote...
Network & Sharing
Remote Desktop Connections
Hey guys, I just wanted to know how to make a remote desktop connections. That's all. I knew the rest of it. Thanks! :)
Network & Sharing
Clear out Remote Desktop connections
Hello, this may be in the wrong section, please forgive for any mistake. Can someone tell me how to completely clear out all Remote Desktop connections, including credentials. Basically so when open Remote Desktop it appears you never connected to another system. Kind regards,
Network & Sharing
How to configure Remote Desktop to save frequent connections
I once seen a user that had RDP in his Start Menu and there was a flyout of several saved connections and below the saved connections was a list of the most recent connections. How do I setup saving a list of most frequently used RDP connections?
Network & Sharing
Remote Desktop Connections
I can't find the computers of which I want to control when setting up the users. The Locations doesn't show up the computers. Is there some step I have missed?:cry:
Network & Sharing

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 12:49.
Twitter Facebook Google+