Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 308
  • Last Modified:

Hacker destroyed remote desktop access

I had a server compromised, I'll traced their damage and resecured everything (i hope). However, they must have damaged the files that run remote desktop because I can't connect. The server immediately kicks a session off, no login screen or anything. I am connected with VNC and can see that the server is listening on port 3389 and remote desktop is enabled. I do not have Terminal Services installed, I believe that's a different system.

So how could I go about "reinstalling" remote desktop? Or any other ideas?

Thanks!
0
elmoredaniel
Asked:
elmoredaniel
  • 5
  • 4
  • 4
2 Solutions
 
redseatechnologiesCommented:
Hi elmoredaniel,

If the server has been compromised - and this has been confirmed - I wouldn't think twice about simply wiping it and restoring data from backup.

RDP is just one thing that is going wrong here - who knows what else has been damaged (or changed).

Also, if you have a domain, start checking all the domain accounts

Hope that helps,

-red
0
 
elmoredanielAuthor Commented:
I'll consider that, but for now I need to get back in there without VNC (it's slow and buggy). What do you suggest about get RD back up?
0
 
redseatechnologiesCommented:
If you are happy to run a computer that is probably still compromised, and just want to repair RDP, I would try the following, in order;

reinstall your video drivers
sfc /scannow
repair install of windows

This machine must be wiped though (I know you know, I am making sure you REALLY know :)

-red
0
Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

 
elmoredanielAuthor Commented:
I'm not happy running as is, but I need to get RD back so I can figure out what I want to do.

how do i repair windows? the windows cd isn't in the drive, but windows os is stored on the hard drive

thanks for your help red
0
 
Netman66Commented:
Run Winnt32 from the i386 directory on the local drive.  Follow the prompts to repair.  If this fails to solve it (as I suspect it might) then run Winnt32 and choose upgrade.  This will do an inplace upgrade and should only affect patch levels.

Make sure you know the CD key that machine is using.

If you don't know it, you can find it using Keyfinder.  http://www.magicaljellybean.com/keyfinder.shtml

0
 
redseatechnologiesCommented:
Seems that EE Notifications have died on me, thanks for picking up the slack Netman :)

-red
0
 
Netman66Commented:
No problem Red.
0
 
elmoredanielAuthor Commented:
Sorry for the delay. I started Winnt32 but there was no option to repair. I could only choose "Upgrade" or "New Install"
0
 
redseatechnologiesCommented:
Did you go for Upgrade, as suggested by Netman?

Netman, Isn't the repair option only in the dos section?
0
 
elmoredanielAuthor Commented:
I went ahead and ran the upgrade, remote desktop is back in action. Thanks for everything
0
 
Netman66Commented:
Yes, my mistake.  Repair is only there is you launch the DOS setup.

Glad you're up and running.
0
 
redseatechnologiesCommented:
I was just making sure I wasn't missing something, but while I've got you;

http:/Q_22033406.html

Thanks

-red
0
 
Netman66Commented:
I'll take a peek.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 5
  • 4
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now