Solved

Hacker destroyed remote desktop access

Posted on 2006-10-21
13
289 Views
Last Modified: 2010-04-18
I had a server compromised, I'll traced their damage and resecured everything (i hope). However, they must have damaged the files that run remote desktop because I can't connect. The server immediately kicks a session off, no login screen or anything. I am connected with VNC and can see that the server is listening on port 3389 and remote desktop is enabled. I do not have Terminal Services installed, I believe that's a different system.

So how could I go about "reinstalling" remote desktop? Or any other ideas?

Thanks!
0
Comment
Question by:elmoredaniel
  • 5
  • 4
  • 4
13 Comments
 
LVL 39

Expert Comment

by:redseatechnologies
ID: 17779794
Hi elmoredaniel,

If the server has been compromised - and this has been confirmed - I wouldn't think twice about simply wiping it and restoring data from backup.

RDP is just one thing that is going wrong here - who knows what else has been damaged (or changed).

Also, if you have a domain, start checking all the domain accounts

Hope that helps,

-red
0
 

Author Comment

by:elmoredaniel
ID: 17779805
I'll consider that, but for now I need to get back in there without VNC (it's slow and buggy). What do you suggest about get RD back up?
0
 
LVL 39

Assisted Solution

by:redseatechnologies
redseatechnologies earned 250 total points
ID: 17779825
If you are happy to run a computer that is probably still compromised, and just want to repair RDP, I would try the following, in order;

reinstall your video drivers
sfc /scannow
repair install of windows

This machine must be wiped though (I know you know, I am making sure you REALLY know :)

-red
0
 

Author Comment

by:elmoredaniel
ID: 17779904
I'm not happy running as is, but I need to get RD back so I can figure out what I want to do.

how do i repair windows? the windows cd isn't in the drive, but windows os is stored on the hard drive

thanks for your help red
0
 
LVL 51

Accepted Solution

by:
Netman66 earned 250 total points
ID: 17781927
Run Winnt32 from the i386 directory on the local drive.  Follow the prompts to repair.  If this fails to solve it (as I suspect it might) then run Winnt32 and choose upgrade.  This will do an inplace upgrade and should only affect patch levels.

Make sure you know the CD key that machine is using.

If you don't know it, you can find it using Keyfinder.  http://www.magicaljellybean.com/keyfinder.shtml

0
 
LVL 39

Expert Comment

by:redseatechnologies
ID: 17782145
Seems that EE Notifications have died on me, thanks for picking up the slack Netman :)

-red
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 51

Expert Comment

by:Netman66
ID: 17782553
No problem Red.
0
 

Author Comment

by:elmoredaniel
ID: 17782602
Sorry for the delay. I started Winnt32 but there was no option to repair. I could only choose "Upgrade" or "New Install"
0
 
LVL 39

Expert Comment

by:redseatechnologies
ID: 17782618
Did you go for Upgrade, as suggested by Netman?

Netman, Isn't the repair option only in the dos section?
0
 

Author Comment

by:elmoredaniel
ID: 17782879
I went ahead and ran the upgrade, remote desktop is back in action. Thanks for everything
0
 
LVL 51

Expert Comment

by:Netman66
ID: 17783564
Yes, my mistake.  Repair is only there is you launch the DOS setup.

Glad you're up and running.
0
 
LVL 39

Expert Comment

by:redseatechnologies
ID: 17783573
I was just making sure I wasn't missing something, but while I've got you;

http:/Q_22033406.html

Thanks

-red
0
 
LVL 51

Expert Comment

by:Netman66
ID: 17783752
I'll take a peek.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Move authentication role 3 48
Instant VM Recovery 4 83
Windows 2003 PDC Trust Root Certificate About to Expire 5 39
Forcibly removing a 2003 server from the Domain 4 34
Preface Having the need * to contact many different companies with different infrastructures * do remote maintenance in their network required us to implement a more flexible routing solution. As RAS, PPTP, L2TP and VPN Client connections are no…
I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
This is a video describing the growing solar energy use in Utah. This is a topic that greatly interests me and so I decided to produce a video about it.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now