Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


windows 2003 TS infected

  • Please log in to reply
No replies to this topic

#1 Martynstar


  • Members
  • 1 posts
  • Local time:09:11 AM

Posted 14 April 2011 - 08:22 AM

We have a windows 2003 R2 64 bit server which run as a Terminal Server.

I have had a look around as we thought it was a malware program, but we are not sure if it was actually a hacker.

They seem to have left a couple of brute force attack programs on the server, and we have copied the directories out to see what they have done.

There are a couple of accounts which keep getting automatically created.
Guest, and SUPPORT_388945a0, every time we reboot these are back. I know its not the default inbuilt guest account as i have renamed this to unauthorised user.

This is puzzling me!! We have run malwarebytes and spybot search and destroy which usually fixes all our issues, combofix we have used in extreme cases but i dont like using this on servers.. plus it doesnt support 64 bit!

Is there anyone out there who can help with this?



PS it has also stopped the workstation and server services from starting up.

Edited by Martynstar, 14 April 2011 - 08:22 AM.

BC AdBot (Login to Remove)


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users