how do I get port 3389 for RDP to not be listened to by vchost.exe on win7-64 bit? I used a port checker and it says that that port is locked by another program. so I did "cmd\netstat -ano" and the PID matches vchost.exe. I have a linksys E1200 router and I thought I had forwarded the port properly. I'm just trying to set up my computer so it can be accessed remotely and ran into this issue. any help is appreciated.
Add a comment
|
1 Answer
According to ThreatExpert.com, vchost.exe could be a threat. I'd scan your system with whatever AV tools you have installed to confirm.
Symantec also makes a reference to a trojan that will create a Vchost directory.
Here's another reference to it as a threat.
This is not to be confused with vshost.exe or svchost.exe.
Note that the real Windows RDP server actually shows up as svchost.exe.
-
ok, I'm doing a scan with microsoft security essentials. I can't do any scans in safe mode unfortunately because I'm totally blind, and my text-to-speech software doesn't work in safe mode. But if it doesn't come back as a threat from MSE, is there some way to unblock port 3389? I followed the instructions on the linksys router page and I know I did it right because other ports I opened work fine. I suppose I could reassign the port that RDP uses to something like 3390? Or is that a bad idea? Commented May 20, 2012 at 20:38
-
@user135184 you would be better off trying to remove vchost.exe, rather than trying to bypass the trouble it is causing you. Try ComboFix bleepingcomputer.com/download/combofix if you can get it from that page– Bon GartCommented May 20, 2012 at 22:05
-
I downloaded Combo Fix but have no idea how to read the log. Can I post it here for someone to look at? Commented May 22, 2012 at 22:42
-
@user135184 the people at BleepingComputers have extensive experience with ComboFix and can be far more helpful. Sign up, post the issue with vchost.exe, and ask them if they can explain the log for you.– Bon GartCommented May 23, 2012 at 2:52