Good day all. I have a strange occurance and am seeking the Experts whom know a way to work this out.
Recently a Windows 2003 lost RDP access from external or internal connections.
After some snooping I noticed that a telnet to 3389 produced a strange result:
CCProxy seems to be associated with the link, which is valid software....If you installed it?? We didn't.
So, scans produced a couple backdoor trojans and were cleaned but the problem persists.
Subsequent scans are clean.
So, I cannot see any programs relating to CCProxy or the like. I'm attaching a Hijack log for review.
Having said all that I DO know that the spoolsv.exe process seems to be the hijacked culprit. A netstat -no produces: <local server IP>:3389 being ESTABLISHED about 20 times with the PID that macthes the spoolsv.exe.
However killing the process does not free it and a reboot re-establishes the port being blocked.
Nonetheless....I'm a little at a loss on how to trouble shoot this further.
”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.
-Mike Kapnisakis, Warner Bros
With your subscription - you'll gain access to our exclusive IT community of thousands of IT pros. You'll also be able to connect with highly specified Experts to get personalized solutions to your troubleshooting & research questions. It’s like crowd-sourced consulting.
We can't always guarantee that the perfect solution to your specific problem will be waiting for you. If you ask your own question - our Certified Experts will team up with you to help you get the answers you need.
Our certified Experts are CTOs, CISOs, and Technical Architects who answer questions, write articles, and produce videos on Experts Exchange. 99% of them have full time tech jobs - they volunteer their time to help other people in the technology industry learn and succeed.
We can't guarantee quick solutions - Experts Exchange isn't a help desk. We're a community of IT professionals committed to sharing knowledge. Our experts volunteer their time to help other people in the technology industry learn and succeed.
Our community of experts have been thoroughly vetted for their expertise and industry experience.