NONE of my programs use remote access, and I had disabled RDS in MSConfig settings from Day 1 of a Windows 7 reinstall months ago (after a prior keylogging infection). Antivirus/TDSS scans have always been negative, but I know Trojans can easily hide via a rootkit.
Despite my disabling RDS, it appears to have been starting up automatically with every bootup, based on Services.msc, and I can also see RDS running in the Task Manager.
Is this a sure sign of a Trojan installing a backdoor/remote access program? There are zero RDS events on my other computers running similar programs.
Is it possible to diagnose to what IP this connection is going, via Windows... or do I need to record network traffic with software (wireshark)?
Edited by bcnv, 15 January 2013 - 05:25 AM.