Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Remote Access Trojan?


  • Please log in to reply
1 reply to this topic

#1 bcnv

bcnv

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:59 AM

Posted 15 January 2013 - 03:51 AM

All my computers are supposed to have Remote Desktop Service disabled for security reasons, but I recently found nearly daily instances of connections on one of the computers... viewed via Event Viewer -> Applications -> TerminalServices-RemoteConnectionManager, ID 1155, S-1-5-20.

NONE of my programs use remote access, and I had disabled RDS in MSConfig settings from Day 1 of a Windows 7 reinstall months ago (after a prior keylogging infection). Antivirus/TDSS scans have always been negative, but I know Trojans can easily hide via a rootkit.

Despite my disabling RDS, it appears to have been starting up automatically with every bootup, based on Services.msc, and I can also see RDS running in the Task Manager.

Is this a sure sign of a Trojan installing a backdoor/remote access program? There are zero RDS events on my other computers running similar programs.

Is it possible to diagnose to what IP this connection is going, via Windows... or do I need to record network traffic with software (wireshark)?

Thanks.

Edited by bcnv, 15 January 2013 - 05:25 AM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:59 AM

Posted 15 January 2013 - 12:19 PM

Welcome..I think we should get a deeper look. Please follow this Preparation Guide and post in a new topic.

Let me know if all went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users