Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

why is default.rdp in my documents?


  • Please log in to reply
8 replies to this topic

#1 wisecracker

wisecracker

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:37 AM

Posted 14 December 2014 - 05:02 AM

I was looking in my documents and saw that odd file there kinda grayed out as if it was a hidden file with "remote desktop connection" underneth it. It says it was made on 12/1/14 at 12:33am. I've never run any sort of remote access thing. Is this anything to worry about about? Do these files appear een if I don't run anything? I've done a little googling and I can't find too much on it. Someone said to right click it and to open it as a notepad file and all the all the log information will be on it. I did that but it was completely empty. I know exactly what I was doing at that time and I don't remember ever running that or anything weird popping up. So I have no clue why its there.



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,302 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:37 AM

Posted 14 December 2014 - 05:41 AM

I did a bit of searching, too. From what I read that .rdp appears in documents when an attempt is made at a remote connection.

I think it is best to assume that happened and check for malware. Have you scanned for malware and what programs have you used?

If you are using a router then you should check to see that it is blocking remote connections and you have changed the default

name and password.

If the .rdp folder is empty that would suggest to me that the phantom attempt was not completed.

 

Your Router's Security Stinks: Here's How to Fix It

 

Configure Remote Desktop Access on Windows 7 Systems


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 wisecracker

wisecracker
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:37 AM

Posted 22 December 2014 - 01:50 PM

Sorry, I know this is late! I've been busy with holiday things. 

 

Since reading this I have done two scans twice with MBAM and AVG. Both were clean! I have know for a matter of fact that I've changed the default name and password but I don't know how to check if its blocking remote connections. 

 

So just because that file appears it doesn't necessarily mean the connection was made but that it was attempted. I haven't seen anymore attempts made. 

 

I've looked at the time of the file appearing and with another activity i was doing. And the times sort of go with one another so maybe perhaps I accidentally clicked remote desktop connection? I do remember going into the "all programs" thing trying to look for another program. I'm assuming that file would appear if I clicked it and not just a connection being made from somewhere else. I really do hope it was just me clicking things by accident! 


Edited by wisecracker, 22 December 2014 - 01:53 PM.


#4 buddy215

buddy215

  • Moderator
  • 13,302 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:37 AM

Posted 22 December 2014 - 02:32 PM

Your explanation sounds reasonable to me. Happy Holidays !


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,734 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:37 AM

Posted 22 December 2014 - 03:49 PM

When Remote Desktop Connection first opens, you have to manually enter the computer name and then click the Connect button. However, if you do not click to connect, a hidden Default.rdp 0-byte file will automatically be created in the %My Documents% folder. The file is used to store information for Remote Desktop Connection...see the notepad screensot here. Information stored also includes Passwords.

The Microsoft Terminal Services Client (mstsc.exe) also creates a Default.rdp file in the %My Documents% folder.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 Stannaz

Stannaz

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:37 PM

Posted 22 December 2014 - 03:51 PM

This is usually not malicious at all. If you have EVER opened Remote Desktop Connection, the file will appear. I have the file as I regulary use RDP.



#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,734 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:37 AM

Posted 22 December 2014 - 03:57 PM

I kinda just explained it was legit.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 wisecracker

wisecracker
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:37 AM

Posted 22 December 2014 - 04:52 PM

Ah, okay! Thank you! Yeah, the file was 0 bytes and contained no info. I'm thinking I definitely accidentally clicked it but quickly closed out that I forgot it even happened. 



#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,734 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:37 AM

Posted 22 December 2014 - 05:02 PM

You're welcome on behalf of the Bleeping Computer community.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users