remote desktop to win 2003

[elkhateib]

i have win 2003 as server &  pc win 7
(both connected to internet)
(both able to ping each other )
( the are not in same place )
( win 7 from 3 days ago able to connect to win 2003 normal by remote desktop)

today i can't access the win 2003 so !? need advice and what i should check

[Geek-9pm]

( win 7 from 3 days ago able to connect to win 2003 normal by remote desktop)

Well, has anything change in the last 3 days with either?
From your end you do have a backup. - Right?
Proposal: You could try to roll back three days and see if that helps.
Not a good idea. That is  too much brute force.
Instead, see if you can roll back only the updates.
Otherwise, you may have to start the remote service  allover again on both machines. Is that easy to do?

Aside: Is this a serious commercial operation? Why not pay somebocy to maintain a  reliable remote for your?
List of popular remote methods:
http://mashable.com/2007/09/06/remote-access/
GoToMyPc is good, for price.
https://get.gotomypc.com/

[DaveLembke]

Did firewall setting change, did router change for port forwarding to 3389 to server, or ISP put a block to port 3389?

Able to visit both machines to look at event logs and services? Maybe the RDP service is off.

[elkhateib]

in last 3 days i only change the administrator password and was infected by worm and hacked but now both are clean
that's all

and i try to start the remote service  allover again on both machines but no news

also i know vnc , logmein , teamviewer but can't use them cuz we are 3 person access the win 2003 in same time
and every one of us want use his user in server so can't use any of them and i should work by RDP

i know there is something happen by that work or the cracker person so what i can do to re check what can stop that service even if everything look like well

[elkhateib]

Did firewall setting change, did router change for port forwarding to 3389 to server, or ISP put a block to port 3389?

Able to visit both machines to look at event logs and services? Maybe the RDP service is off.

firewall (off)  port open in router , isp didn't block anything

[Allan]

in last 3 days i only change the administrator password and was infected by worm and hacked but now both are clean
that's all


i know there is something happen by that work or the cracker person so what i can do to re check what can stop that service even if everything look like well

Okay - if your system was hacked and/or was infected I'd like you to do the following before we go any further: Please follow the instructions in the following link and post your logs in the thread you create (NOT in this thread):
http://www.computerhope.com/forum/index.php/topic,46313.0.html

I want our malware specialist to confirm that your system is indeed "clean" at this point in time. Be sure to post logs from the system that was infected.

[DaveLembke]

was infected by worm and hacked

Additionally this was a critical piece of information left out of your initial request for help. In the future please try to disclose information like this at the get go so that we are not guessing as to why your having issues. For the fact that this was not disclosed in the initial opening of this thread, it was not considered to be a probable cause. 

[elkhateib]

thanks for all how try to helping me   " this is the most important now ;-) "
2nd RDP now is working i just did as this link say ( https://support.microsoft.com/en-us/kb/886620)
but still have Anonymous Access so i make steps as Computer Hope Virus and Spyware section Guidelines say
and here is the result of the 3 programs
also want u know something today at morning RDP stopped again and all what i did is ( gpupdate /force ) in command
so i feel the whole this issue is not stable
so i'm listening to ur advice

[attachment deleted by admin to conserve space]

[DaveLembke]

Personally if it were my server, I would wipe that system clean and build it all up fresh so that there is no chance of anything left behind by a hacker that is overlooked vs trying to plug all the holes that a hacker created and not finding them all and then getting back in.

Question i have is.... is this Windows 2003 Server a purchased copy or a copy downloaded for free. Reason why i ask is because I have heard of some nasty/dirty bootlegged ISOs on the web in torrents that are not clean and hackers put these up for use with a their backdoors already a part of the installation files and many of them rooted with root kits, some even not even requiring key activation, and even some built off of the Server 2003 Trial ISO that was available back in the day that was cracked. If your using a boot legged copy of Windows 2003 Server, you will want to stop using it immediately and purchase a clean copy that is legal. Ebay is a good source for obsolete OS's. Just be sure to get it from a seller that has lots of positive feedback so that you dont buy a bootleg and end up in the same mess.

I use to set up Server 2000 honeypots and set them up to get attacked and then take them offline after and see what surprises and goodie tools etc hackers left on them to better understand what tools are out there in use and stay up on security by intentionally getting honeypots infected to see what tools are in use by black and grey hats.

[elkhateib]

Personally if it were my server, I would wipe that system clean and build it all up fresh so that there is no chance of anything left behind by a hacker that is overlooked vs trying to plug all the holes that a hacker created and not finding them all and then getting back in.

Question i have is.... is this Windows 2003 Server a purchased copy or a copy downloaded for free. Reason why i ask is because I have heard of some nasty/dirty bootlegged ISOs on the web in torrents that are not clean and hackers put these up for use with a their backdoors already a part of the installation files and many of them rooted with root kits, some even not even requiring key activation, and even some built off of the Server 2003 Trial ISO that was available back in the day that was cracked. If your using a boot legged copy of Windows 2003 Server, you will want to stop using it immediately and purchase a clean copy that is legal. Ebay is a good source for obsolete OS's. Just be sure to get it from a seller that has lots of positive feedback so that you dont buy a bootleg and end up in the same mess.

I use to set up Server 2000 honeypots and set them up to get attacked and then take them offline after and see what surprises and goodie tools etc hackers left on them to better understand what tools are out there in use and stay up on security by intentionally getting honeypots infected to see what tools are in use by black and grey hats.

this is a good copy genuine one  and about ur advice fully agree but can't lose data and many things there so
my last news is after trying and trying my last status now is online
i used this link http://www.yougetsignal.com/tools/open-ports/ to know if port 3389 is working online or not cuz locally i can access the server but online can't so
everytime see this port closed by the link above and recently try re config with my router got open port
my router is TD-W8970
and start feel the problem from it, i don't know what i should do
to be sure where is the problem !
1 - server
2- router
3- config.

and firewall not our option cuz when i try i close it at all