# Terminal Services + Session ID Hacker Help



## apox77 (Apr 16, 2006)

Hi my pc was hacked a few weeks ago and I reinstalled windows xp on a formatted partition and installed everything again, however on my install again I was afrad that the intruder was still on my pc, I'm just curious as I found the following. I had the session I.D being displayed in my task manager and I also found that terminal services had been enabled in my services. Is there a way to verify if my computer is safe from intrusions and the above points to a compromise again as I didn't check the columns for session i.d in my task manager. I'm using Norton 2005 Antivirus and the Sygate Pro Firewall.
Another thing I noticed is I don't see user names listed for processes running anymore. Could someone guide me on how to ensure my pc is protected.
Running Windows Xp SP2 + Patches.


----------



## aaronm (Apr 20, 2006)

*Buy a cheap router with NAT*

Just wondering, but how did you determine your computer was being hacked?

First, go buy a cheap router (40 -50 bucks or less) and slap it between you and your ISP. Enable NAT.

Disable terminal services, unless you really need to use it. Make sure your computer is updated, your anti-virus is current and you are using the windows software firewall or a proprietary program. 

You can monitor the logs, keep a lookout for port 3389 (RDP) connections to your box, tag the IP and block it.

Past that, it starts getting pretty advanced.

Let us know how that works for you.


----------

