port 3389 for RDP is listened to by vchost.exe

Posted on

QUESTION :

how do I get port 3389 for RDP to not be listened to by vchost.exe on win7-64 bit? I used a port checker and it says that that port is locked by another program. so I did “cmdnetstat -ano” and the PID matches vchost.exe. I have a linksys E1200 router and I thought I had forwarded the port properly. I’m just trying to set up my computer so it can be accessed remotely and ran into this issue. any help is appreciated.

ANSWER :

According to ThreatExpert.com, vchost.exe could be a threat. I’d scan your system with whatever AV tools you have installed to confirm.

Symantec also makes a reference to a trojan that will create a Vchost directory.

Here’s another reference to it as a threat.

This is not to be confused with vshost.exe or svchost.exe.

Note that the real Windows RDP server actually shows up as svchost.exe.

Leave a Reply

Your email address will not be published.