Solved

remote desktop only work once and once only

Posted on 2008-10-25
8
934 Views
Last Modified: 2013-11-22
Hi, Experts:
I am having a headache problem now.
The controller's  desktop has remote desktop enable, she use remote desktop to access that from laptop.
Since last week, desktop won't allow remote desktop in. I found the sysmantec (10.1.7) block the process because SAV think it is tamper. But checking virius from safe mode found noting.
If I disable the tamper protection, the desktop only allow remote desktop in once and only once. Once I log out, I can't login even just right way. So I uninstall SAV, same situation. I reinstall SAV 11, same problem.
Another thing maybe related, since last week, when I login in to desktop locally, I will get error message
"Exploer,exe failed to initialize", I can press ALT Ctrl Del and log off, then I can login for no problem, Just error message for first time login after computer reboot.
I read all the other article, 3389 port is open, process is listening, telnet 3389 get blank line. But still allow one time remote login, and one time only
0
Comment
Question by:kzhu197258
8 Comments
 
LVL 15

Expert Comment

by:tenaj-207
Comment Utility
kzhu197258,

One great trouble shooting technique is to open msconfig (click on start then run and type in msconfig in the text box) go to the startup tab and uncheck everything (there's a disable all button to make this easy).  Then go the the services tab check the box to  "Hide all Microsoft services"and uncheck the rest of the non-Microsoft services.  Then reboot and check to see if it works.  If it does then go back to msconfig and start rechecking programs you need, starting with the most important things first.

-tenaj
0
 

Author Comment

by:kzhu197258
Comment Utility
tenaj-207:
Thanks for quick reply
Tried uncheck every nono-microsoft service and start up item, still the same problem.
It doesn't show the "explorer.exe " error message.
So it seems microsoft service get comprised?
0
 
LVL 63

Accepted Solution

by:
SysExpert earned 250 total points
Comment Utility
I would run malware checks

malware - Leetutor list
Have you tried running virus scans and spyware scans  This could be a problem with viruses/trojans/spyware or other malware. Some free online virus scanners:

http://housecall.antivirus.com  

http://www.pcpitstop.com/antivirus/default.asp

http://www.pandasoftware.com/activescan/com/activescan_principal.htm

Also try these free programs to rid your system of spyware, trojans, and other malware:

http://download.com.com/3000-2144-10194058.html?tag=lst-0-1
Spybot - Search & Destroy

http://download.com.com/3000-2094-10045910.html?legacy=cnet
LavaSoft Ad-aware  

I use BOTH of the above programs on my 3 Windows systems; what one program misses, the other catches.  Also make sure to download the most up-to-date data before you run the programs.

Another very good freeware program for ridding yourself of spyware is this:

http://www.superantispyware.com/
SuperAntiSpyware

You might also try this free program (HijackThis) -- install it in its own folder, don't download to your Desktop:

http://www.spychecker.com/download/download_hijackthis.html

HijackThis is a tool that is for advanced users, because it lists all the installed browser add-on and startup items, allowing you to inspect them and then optionally remove any ones you select.  You must be careful in choosing what to remove, although the program can create a backup of your original settings.  But put a check mark to fix any home page or search page setting that HijackThis detects which you have not entered yourself.  The program has an option to download online updates of the hijack data.

You should first post the log at this site:  

http://www.hijackthis.de/index.php?langselect=english

and it will be automatically analyzed for you (after you click on the button labeled "Analyze" near the bottom of the page), telling you which entries (called "Nasty") should be fixed.  You will also be told if you have any items that are "Possibly Nasty", or "Unnecessary", or "Unknown". If you don't know what to do about these, you might find something on the module name by doing a Google search of the internet.

If you have any questions about what it is asking you to fix that you would like the E-E experts to comment on, then do this:  right above the Analyze button you will see this message: "The following analyses has been stored temporarily", and there will be a link where the analysis file will be saved (for a period of three days). Click on it and then copy the link of that page from the address bar of your browser and paste it here, and experts can check it for you.  (Please DON'T post the entire log itself in your question.)

In case you would like to learn more yourself how to use HijackThis, here are a couple of urls:

http://www.tomcoyote.org/hjt/
HijackThis Quick Start


http://www.spywareinfo.com/~merijn/htlogtutorial.html
HijackThis log tutorial


I hope this helps !
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 
LVL 4

Expert Comment

by:spidey23
Comment Utility
Alternate Solution:

I say forget that altogether and try logmein.com.

It's free for personal and commercial use and it uses port 80 so you don't need to worry about any port configuration.

I use it for all of my small-business clients. Try it you will love it.
0
 
LVL 15

Expert Comment

by:tenaj-207
Comment Utility
Uninstall the SAV suite (all of it).
Then uninstall the NIC (through device manager)
Next reboot (upon reboot the NIC will automatically reinstall)
Disable the windows FW
Try Remote desktop
If that fails then us msconfig as outlined above and try again.
If that fails then double check all the remote desktop settings are correct by remoting into yourself, which if it works will just lock the screen.




0
 

Expert Comment

by:bravaldi
Comment Utility
On top of just running scans against malware, you should also delete any cache files that are in any of the user profiles in the host machine. These files are under %USERPROFILE%\Local Settings\Application Data\Microsoft\Terminal Server Client\Cache. I had this problem for the last two days and deleting the cache files resolved the problem.
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

The purpose of this Article is to provide information for a newly released variant of malware – with the assumption that many EE Members will have need of the information. According to “Computerworld”, well over one million web sites have been co…
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now