Tilted Forum Project Discussion Community - View Single Post

Jove · 04-18-2010, 07:43 AM

Last week at work, I noticed the Terminal Server (OS:Windows Server 2003) was infected with malware and an unknown user was trying to gain complete control of the server. Luckily, I was able to disable/delete the user accounts created by this individual, disabled the FTP server referencing to the newly created computer name and removed the malware from the server using AVG Antivirus and Malwarebytes Antimalware.

However, I have noticed in my security event logs of a computer along with the IP Address that has made many failed attempts to log into the terminal server. I tracked the IP address using Who Is IP address and noticed it is from the Ukraine.

I would like to know if any of you have additional advice or can provide me with additional security tools that could prevent this user from making attempts to accessing the server?

04-18-2010, 07:43 AM	#1 (permalink)
Jove Groovy Hipster Nerd Location: Michigan	Intrusion Detected: Advice needed Last week at work, I noticed the Terminal Server (OS:Windows Server 2003) was infected with malware and an unknown user was trying to gain complete control of the server. Luckily, I was able to disable/delete the user accounts created by this individual, disabled the FTP server referencing to the newly created computer name and removed the malware from the server using AVG Antivirus and Malwarebytes Antimalware. However, I have noticed in my security event logs of a computer along with the IP Address that has made many failed attempts to log into the terminal server. I tracked the IP address using Who Is IP address and noticed it is from the Ukraine. I would like to know if any of you have additional advice or can provide me with additional security tools that could prevent this user from making attempts to accessing the server?