Remote Desktop Helpdesk-ware: HOW TO REMOVE??

I see a number of 'remote desktop' posts/threads here but none asking the "backout side" of the equation :confused

I have twice recently allowed 'intruders' to help on our systems for very different reasons. HOW do I find and delete the applets that were used to allow the remote-desktop-helpdesk people to work on our systems???
This is not only a security problem but embarrassing to me since I am a fledgling tech-for-hire also and still learning about these types of tools.

Can someone tell me how to dig down, locate, eradicate these potential security-breach applets?

thx
Zapp

 

Was it something they had to install? add/remove programs?

Unless it was with Remote Desktop that comes with Windows, you can block that port. Default is 3389.

 

no, i've never seen one of these packages that creates a 'normal' kind of entry in program files, or apps data under Docs & settings, and certainly no entry in the add/remove list. [if the situation were reversed, where I were using a commercial package in order to effect remote control of your desktop, then on my end what you say would be the case... there's some bulk and expense to it]

appreciate the tip about the port - I did not know that.

 

Aside from blocking RDP, im not sure how else i can help. You should call the people that helped you and bring this up with them. Im sure theyll be able to tell you exactly what they used and how to get rid of it or block it.

First thing you should do, especially if you use ISA as your firewall, is block RDP 3389. Im embarrassed to say this myself, but i didnt realize RDP was open on my ISA box until a few months ago. I was able to simply remote desktop into my firewall from the internet. Obviously a username and password would have to be entered to access it, but even as much access as was being allowed then was too much.

 

appreciate the help king, you're ahead of me for sure.
I am wanting to block at the router level. So, it would do to just block/disable use of RDP until such time as I need it, correct?
I'm still hunting for port-selectivity in DD-WRT.... sheesh....

 

yeah thats pretty much what youll want to do. just make sure if RDP is predefined in your router settings, that the correct port is being used. It should be, but it would be worthless if it isnt... im assuming you dont have an enterprise type router, like a cisco router or something?

i havent worked with a home network type router in a long time, so im not very up-to-date on what those can do.

 

the 'people's choice' - wrt54GL v1.1 running DD-WRT - it a potent little machine
[the older one.. not the one sitting in your local bestbuy right now]

 

Alot of the remote software out there is also web based & there is nothing to "uninstall", also, most of them require your permission before they can log onto your PC. Yes there are other apps out there that require an install but some are actually hidden. (Altiris is one of these)

 

I think this all could be different depending on each individual application. Some of these programs are not installed on the machine and some are. So as far as that you'd have to actually listed which web based program your talking about. Since some may actually use port 80 you'd want to make sure anytime you give this kind of access there is a good reason. Example for me yes when I have an issue with our Cisco equipment I've given Cisco engineers access to remote control my machine. I feel pretty safe there. I think this depends on what and why you are giving access and also to who. As stated before it completely depends on each individual remoting program how you remove it.