I usually use my home desktop computer to rdp into my laptop when I'm at home so I don't have to work with a different keyboard and mouse.
I recently hooked my laptop up to the network via ethernet and was creating a new rdp profile for it, when I noticed the following in the mui (recents) list:
You get the idea. I have removed a number of these from the list, but they keep showing up. When I click on one, windows pops up with: Invalid connection file (C:\users\USER\appdata\local\temp\tsp4958.tmp) specified
I looked in the directory and none of these files exist (I have my explorer settings set to show all, os, and hidden files, etc).
I searched my registry, but when I go into HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client, I only see the sessions I normally connect to or my known rdp file names and can't fund the MUI list where these are displayed.
I decided to create an account here since I cannot find anything about these temp files online and I don't use anything like bitvise tunnelier which might lead to temporary rdp files showing up in the MUI list (not sure if it does). I do have Real VNC client I use for a mac on the same network, but that's not RDP-related. I occasionally run mstsc.exe directly when not using and rdp file, but pinned the rdp exe to the desktop to use more convenient resolutions.
Anyone have any idea what these files might be, what might be creating them, etc? I'm attaching a screenshot of mui I see in the submenu for the rdp icon on my task bar.
Hopefully someone here can help me determine:
- What may be causing these temp rdp session files
- If I have a major security breach (e.g. rootkit, malware, trojan). I did a quick scan w/ Comodo AV, but didn't find anything relevant to virus or security threat.
This is on windows 7 with Comodo, so hopefully this is the right forum. Feel free to move it to some place more useful if that is not the case.
Edited by hamluis, 22 March 2018 - 04:11 AM.
Moved from Win 7 to Am I Infected - Hamluis.