Services are running under that instance there may be some "strange" services there, if that's the case then you found your culpritĪs for scanning/cleaning the box, my suggestion is to find another clean/trusted machine (a regular PC) with a CD-burner and use it to download the Instance carrying out all those RDP connections and double click on it in the panel which will appear, look carefully at the path for the file and ensure it's pointing to the windows folder and not elsewhere, then click on the "services" tab and check which This tool, extract the files from the "zip" to whatever suitable folder and then run the program at this point locate the "svchost" Can it be hacked already? has anyone seen this before?įirst of all, hope that "svshost" is a typo and you meant "svchost" otherwise that process name would be really suspicious that said, start by downloading I ran an a/v scanner over it and it's clean. In a new windows 2003 R2 server, I'm noticing every few minutes, svshost.exe is opening a ton of outgoing TCP 3389 connections.
0 Comments
Leave a Reply. |