Found default.rdp in documents and some unusual logs - is this suspicious?

0

I've never used Remote Desktop Connection, yet I found a default.rdp file in Documents.

However I can't guarantee that I have never opened remote desktop by accident which may have created this file.

So I looked up where the log files are and looked at these files:

Microsoft-Windows-RemoteApp and Desktop Connections%4Admin.evtx
Microsoft-windows-RemoteDesktopServices-RemoteDesktopSessionManager%4Admin.evtx
Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx
Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx

In Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx there are logs that say Remote Desktop Services: Session logon succeeded, even though I never use this application. Sometimes it's my own user name, sometimes it's one I don't recognise, seemingly a random string of characters followed by /Administrator. Each time the source is LOCAL.

Is this anything I need to worry about?

user43107

Posted 2014-04-06T16:36:44.347

Reputation: 3

>

  • Do the events coincide with when you login or perform an operation that requires security elevation?
  • What is the other username?
  • Could you check local users and groups in computer management

    • http://letitknow.wordpress.com/2012/08/25/how-to-start-computer-management-in-windows-8/

    – David – 2014-04-06T17:26:42.193

    David, thanks for your reply. 1) I'm not sure, the most recent log is a few days back and I'm not sure what I was doing exactly on those times and dates. 2) 8JOS3AEHKTELP\Administrator 3) I do not appear to have a "local users and groups" in computer management. – user43107 – 2014-04-06T18:09:09.813

    Try to run lusrmgr.msc http://www.softwareok.com/?seite=faq-Windows-8&faq=57 Do you have an up-to-date antivirus, is it running properly, and have you run a full scan recently? You could also try malwarebytes (just the free version) and if that comes up with anything dubious.

    – David – 2014-04-06T18:17:38.273

    Thanks. There is only my user account present. I have windows defender and malware bytes and have run full scans recently, and nothing came up. I'm run again to be sure though. – user43107 – 2014-04-06T18:33:10.060

    1default.rdp is supposed to be in your Documents folder. No need to worry about that. – Ƭᴇcʜιᴇ007 – 2014-04-06T18:56:04.170

    No answers

    Asked: 2014-04-06T16:36:44.347

    Viewed: 835 times

    Active: 2015-04-21T15:46:51.730