Of course, the password has been changed. Also port 3389 was replaced with another. This is enough for a while. Then again messages appear that the attack is on and is already on the new port.
Yes, this attack by RDP. Is there any way to find this worm? because he probably is in the system. Or is it just messages and the attack is interrupted?