Jump to content
Sign in to follow this  
Master_Scythe

RDP and Winlogon

Recommended Posts

My event log is full of

"The RDP protocol component X.224 detected an error in the protocol stream and has disconnected the client."

 

and winlogon restarting errors.

 

 

I havent had any RDP sessions, PERIOD. why am I getting these errors?

Im about to do a malwarebytes scan and ditto for a full AV scan; but thats kinda odd is it not?

Share this post


Link to post
Share on other sites

Might be coming from an external attempt to access the machine.

But really, not much idea here. Don't seem to have anything similar in my log.

Share this post


Link to post
Share on other sites

Malwarebytes and AVAST both came up clean. 0 errors.

I also have the MVPS hosts file installed to block all ad servers.

I also have peerblock running, including 'Level1' and 'Primary Threats' blocklists.

 

Though, admittedly, both my router and my windows firewall were set to allow RDP through (which is odd), Coulda been like that for AGES.

As you say, coulda been attempts to get in. I dont netbank or anything, so i'm not too worried.

 

Something strange is going on though.

On reboot, my first 'Warning in system log is: "Name resolution for the name US.ServerClient.5-link.com timed out after none of the configured DNS servers responded."

Who and why? ><

 

Ah-HAH!

http://www.whois365.com/tw/domain/serverclient.5-link.com

 

A4tech, that would be my mouse' software.

Why Mr mouse are you trying to get online? NO MORE SOFTWARE FOR YOU!

 

 

Apparently hundreds of winlogon reboots can be when an expected service doesnt start..... Since i manually disable services, that would make sense....

 

Still doesnt account for the RDP sessions, and dropped sessions. This PC doesnt host RDP. And certainly hasnt even tried since 2013. But the errors are days ago.

Edited by Master_Scythe

Share this post


Link to post
Share on other sites

Maybe I was asking for it naming my PC 'The Gibson'

 

 

 

OK, removed that odd rule in my router to always forward port 3389.

Removed the 'Always Allow' rule in my windows firewall for RDP.

Changed my RDP port to something non standard.

 

Also, found a technet thread where they mentioned a hacking attempt will cause that log to be generated, it doesnt actually mean they got in; it means they reached the login screen.

My password is kinda simple, but obscure enough. besides, no banking, no details saved on the PC, the onyl thing worth anything to me on here is Steam and forum logins.

Edited by Master_Scythe

Share this post


Link to post
Share on other sites

Software that phones home shits me.

 

Even VLC video player seems to do it... takes ages to start up, and notice around Christmas time the logo changes.

Share this post


Link to post
Share on other sites

yeah the christmas thing is just based on your clock. You can fool it.

And when you install it asks if its ok to "check for metadata" about what you play. Say no and it obeys :)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×