Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Strange TermDD IP Address in Event Viewer

  • Please log in to reply
1 reply to this topic

#1 twkie83


  • Members
  • 1 posts
  • Local time:12:07 AM

Posted 07 August 2015 - 09:03 AM

I was looking through our server's (running Windows 7 Pro) Event Viewer and I am seeing several TermDD logs that state: 

The Terminal Server security layer detected an error in the protocol stream and has disconnected the client. Client IP: [ip address here].

The strange thing is that almost all of the IP's are from random countries (not from our users) and are during off-hour times. I don't know much about TermDD event ID 56, so any thoughts is really appreciated.



BC AdBot (Login to Remove)


#2 Captain_Chicken


  • BC Advisor
  • 1,369 posts
  • Gender:Male
  • Local time:11:07 PM

Posted 11 August 2015 - 04:07 PM

Sometimes infected computers will try to contact foreign IPs. 


Follow the instructions below please.


  • Download MiniToolBox and move the executable file to your Desktop;
  • Right-click on MiniToolBox.exe and select Spcusrh.pngRun as Administrator;
  • Check the following options:
    • Flush DNS;
    • Report IE Proxy Settings;
    • Reset IE Proxy Settings;
    • Report FF Proxy Settings;
    • Reset FF Proxy Settings;
    • List content of Hosts;
    • List IP Configuration;
    • List Last 10 Event Viewer Errors;
    • List Installed Programs;
    • List Devices - Only Problems;
    • List Users, Partitions and Memory size;
  • Once this is done, click on Go and wait for the scan to complete;
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;

Also run Winpatrol.

Watch the active tasks tab for anything suspicious..

Computer Collection:





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users