How to know if there is a remote desktop connection hack?

HI Reilly,

Best you can do right now is to check your Windows Security Event Logs for any Remote Desktop logon activity you don’t recognize. Remotedesktopcompanion.exe is a legitimate system process usually located in C:\Windows\System32, so its appearance in netstat isn’t uncommon.

To be sure nothing’s amiss, open Event Viewer (press Windows key + R, type eventvwr, and hit Enter), then navigate to Windows Logs → Security. Look for Remote Desktop logon events and check details such as the source IP, the time, and whether the logons match your typical usage.

If nothing looks unusual, then the established connections you’re seeing are most likely normal background activity.

Hi Reilly,

Grad to hear that! Yes, I just found too that it's related to Oculus, but maybe there was no need to delete, it's probably just a telemetry tool or a feature.

Anyway I'm happy to see you have your issue solved. Feel free to reach out to the Community again if you ever have a new question or issue. Your feedback is really appreciated. :)

Hi Reilly,

I'm sorry for the late reply, I'm in a different timezone but I'm back now.

I think you could try to install the Sysinternals Suite from Microsoft Store. This suite provides a program with GUI called "TcpView". This will show you all the current IPv4/6 and TCP/UDP connections established or listening in real time.

This way, you can share a screenshot and I can verify for you if there's any remote connection, and also verifying if the IP address belongs to Microsoft.

Let me know how it goes!