Jump to content

Connection attempts in Remote Desktop Connection to 127.0.0.2:XXXXX

chrispret
 Share

Recommended Posts

chrispret

chrispret

Posted
Posted

This morning my wife noticed this list of odd addresses (127.0.0.2:XXXXX) in her RDP connection history. Is there a legitimate explanation for these, or am I right to assume that she has some kind of infection? Not sure it matters, but for completeness: Windows 7, Automatic Updates, laptop was in hibernation so no overnight activity.

 

post-193830-0-99138300-1444402184_thumb.

 

I'm already running an MBAM scan, it hasn't detected anything in memory or boot but that doesn't always mean it is clean...

Link to post
Share on other sites
chrispret

chrispret

Posted
  • Author
Posted

No, that's not it. But I think I just figured it out.

 

She connects to a client's server using SonicWall Virtual Office. Once the VPN is established it opens up an RDP session to an address like 127.0.0.2:XXXXX. So I'm pretty sure it is not malware related, don't ask me why those addresses were populated in the dropdown all of a sudden, but I know they assigned her a new username yesterday which might contribute.

 

Thanks for poking around.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.