Posted 27 April 2010 - 10:48 PM
I have Googled this to death. Unable to resolve.
Originally, user got the fake virus alert 2010. User updated and ran Malwarebytes and removed over 700 issues. PC was now "clean". I arrived on site, and updated and ran MBAM and Spybot in safe mode. removed a couple of minor issues.
Only one issue / damage from malware. User cannot run RDP. It will not launch / start from the command line or the GUI. From the command line, after hitting enter, nothing happens. From the GUI, the icon will flicker for a fraction of a second, and that is it. No error message is logged in event viewer.
What I have done so far. Full boot scan with Avast!. No issues. ERD Commander, system file check. No issues found. Ran SFC from Windows Xp itself. Nothing found. Went to do a system restore. All restore points had been wiped. System had been running on Service Pack 2, installed SP3, which has updates to RDP. Also did nothing.
The few issues I found with RDP from Internet searches did not apply to this system, but I tried the fixes anyway. i.e. installing older mstsc and mstscax files and registering the older dll file. Removing everything and allowing system to automatically reinstall the files. Applying the file association registry patch for ".rdp" files. Ensuring all required services and dependecies are running.
Also, cannot do an edit of any of the ".rdp" file extension shortcuts. There is an interface that allows you to edit ".rdp" files and change host names etc but when I attempt to run that, get the same result as when I try to launch the remote connection in the first place. Nothing.
This behavior is the same for any user that logs into this PC. And, RDP worked fine for years on this thing, so malware must have killed something, but because of the way Microsoft has integrated RDP into XP, it is not a simple matter of an uninstall / reinstall.
I know that RDP is tied into Terminal services somehow. Searches on the registry for "remote desktop" get a lot of hits. But am unable to find any documentation on RDP anywhere that explains in detail how it works. Also, wanted to run msiexec and uninstall RDP by referencing the ID of the program in the registry, but cannot find a specific entry for this program under the "uninstall" section of the registry.
Any help really appreciated. Just a hint would be great. I don't believe in blowing away systems, and this has turned into a challenge. ESPECIALLY since everything else works!