Announcement

Collapse
No announcement yet.

No longer able to RDP to TS Server after malware

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • No longer able to RDP to TS Server after malware

    Appears that an admin user installed some russian poker and casino software and this was cause of problem

    These programs have been removed, registry checked, malware scans etc run; TS port had been changed from 3389 but even with this fixed unable to connect to it, even from itself to localhost

    Terminal Services have been removed and reinstalled, server taken out of domain and rejoined

    NETSTAT -A shows it ms-wbt-server listening

    Malware must have changed a setting somewhere, but after few days we cant find what

    Even imported terminal services part of registry from another working 2003 server

    Any suggestions most welcome, as really want to avoid a wipe and reinstall of OS

  • #2
    Re: No longer able to RDP to TS Server after malware

    What error do you get?
    Have you checked "remote desktop users" group membership?
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: No longer able to RDP to TS Server after malware

      Originally posted by Ossian View Post
      What error do you get?
      Have you checked "remote desktop users" group membership?
      MSTSC returns immediately with "The client could not establish a connection to the remote computer"

      This happens even on machine itself set to connect to localhost

      Don't even get the login screen, but have checked users group membership and its ok

      Appreciate your quick reply btw

      Comment


      • #4
        Re: No longer able to RDP to TS Server after malware

        Please format the server ASAP and reset all the users + admin password.
        The software that been installed could be a backdoor....
        Best Regards,

        Yuval Sinay

        LinkedIn: https://www.linkedin.com/in/yuval14, Blog: http://blogs.microsoft.co.il/blogs/yuval14

        Comment


        • #5
          Re: No longer able to RDP to TS Server after malware

          Originally posted by yuval14 View Post
          Please format the server ASAP and reset all the users + admin password.
          The software that been installed could be a backdoor....
          We'd rather fix the TS issue, and have also disabled internet access on the server in question

          Comment


          • #6
            Re: No longer able to RDP to TS Server after malware

            Well... you heard what happened to Sony?! RSA?! etc....
            Best Regards,

            Yuval Sinay

            LinkedIn: https://www.linkedin.com/in/yuval14, Blog: http://blogs.microsoft.co.il/blogs/yuval14

            Comment


            • #7
              Re: No longer able to RDP to TS Server after malware

              Originally posted by skearon View Post
              We'd rather fix the TS issue, and have also disabled internet access on the server in question
              dude. You had a critical infection on your terminal server.
              Not only is it very possible that this infection is still running a little wide (thus creating the root cause that is displaying itself as a faulty TS) but it's also somethig you need to fix.

              even if you "fix" the TS problem, and you can remote onto it again, you haven't really fixed the root cause.
              And who cares if it's not connected to the internet? One of your servers is, surely.
              Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

              Comment

              Working...
              X