I am still running server 2003, I know upgrade, I will in July.
When I log into my server I notice immediately that new programs have been installed i.e Google Chrome and Fire Fox knowing I did not install them I uninstall both. I log in the next day and they have both been reinstalled, so I check in Terminal Service Manager and discover that a user unknown to us has logged in and is installing the above mentioned programs.
The user name is always something like this pzll or some other weird variation. I need to stop this intrusion or determine if it is coming from inside my network or from the outside. I did notice inTask Manager, three processes of winlog.exe running.
Any help to stop this intrusion would be greatly appreciated
Thank you
I am running Kaspersky 8.0 for windows servers and Malwarebytes, have done full scan with both and found nothing