Solved

remote desktop only work once and once only

Posted on 2008-10-25
8
938 Views
Last Modified: 2013-11-22
Hi, Experts:
I am having a headache problem now.
The controller's  desktop has remote desktop enable, she use remote desktop to access that from laptop.
Since last week, desktop won't allow remote desktop in. I found the sysmantec (10.1.7) block the process because SAV think it is tamper. But checking virius from safe mode found noting.
If I disable the tamper protection, the desktop only allow remote desktop in once and only once. Once I log out, I can't login even just right way. So I uninstall SAV, same situation. I reinstall SAV 11, same problem.
Another thing maybe related, since last week, when I login in to desktop locally, I will get error message
"Exploer,exe failed to initialize", I can press ALT Ctrl Del and log off, then I can login for no problem, Just error message for first time login after computer reboot.
I read all the other article, 3389 port is open, process is listening, telnet 3389 get blank line. But still allow one time remote login, and one time only
0
Comment
Question by:kzhu197258
8 Comments
 
LVL 15

Expert Comment

by:tenaj-207
ID: 22805642
kzhu197258,

One great trouble shooting technique is to open msconfig (click on start then run and type in msconfig in the text box) go to the startup tab and uncheck everything (there's a disable all button to make this easy).  Then go the the services tab check the box to  "Hide all Microsoft services"and uncheck the rest of the non-Microsoft services.  Then reboot and check to see if it works.  If it does then go back to msconfig and start rechecking programs you need, starting with the most important things first.

-tenaj
0
 

Author Comment

by:kzhu197258
ID: 22805796
tenaj-207:
Thanks for quick reply
Tried uncheck every nono-microsoft service and start up item, still the same problem.
It doesn't show the "explorer.exe " error message.
So it seems microsoft service get comprised?
0
 
LVL 63

Accepted Solution

by:
SysExpert earned 250 total points
ID: 22805852
I would run malware checks

malware - Leetutor list
Have you tried running virus scans and spyware scans  This could be a problem with viruses/trojans/spyware or other malware. Some free online virus scanners:

http://housecall.antivirus.com 

http://www.pcpitstop.com/antivirus/default.asp

http://www.pandasoftware.com/activescan/com/activescan_principal.htm

Also try these free programs to rid your system of spyware, trojans, and other malware:

http://download.com.com/3000-2144-10194058.html?tag=lst-0-1
Spybot - Search & Destroy

http://download.com.com/3000-2094-10045910.html?legacy=cnet
LavaSoft Ad-aware  

I use BOTH of the above programs on my 3 Windows systems; what one program misses, the other catches.  Also make sure to download the most up-to-date data before you run the programs.

Another very good freeware program for ridding yourself of spyware is this:

http://www.superantispyware.com/
SuperAntiSpyware

You might also try this free program (HijackThis) -- install it in its own folder, don't download to your Desktop:

http://www.spychecker.com/download/download_hijackthis.html

HijackThis is a tool that is for advanced users, because it lists all the installed browser add-on and startup items, allowing you to inspect them and then optionally remove any ones you select.  You must be careful in choosing what to remove, although the program can create a backup of your original settings.  But put a check mark to fix any home page or search page setting that HijackThis detects which you have not entered yourself.  The program has an option to download online updates of the hijack data.

You should first post the log at this site:  

http://www.hijackthis.de/index.php?langselect=english

and it will be automatically analyzed for you (after you click on the button labeled "Analyze" near the bottom of the page), telling you which entries (called "Nasty") should be fixed.  You will also be told if you have any items that are "Possibly Nasty", or "Unnecessary", or "Unknown". If you don't know what to do about these, you might find something on the module name by doing a Google search of the internet.

If you have any questions about what it is asking you to fix that you would like the E-E experts to comment on, then do this:  right above the Analyze button you will see this message: "The following analyses has been stored temporarily", and there will be a link where the analysis file will be saved (for a period of three days). Click on it and then copy the link of that page from the address bar of your browser and paste it here, and experts can check it for you.  (Please DON'T post the entire log itself in your question.)

In case you would like to learn more yourself how to use HijackThis, here are a couple of urls:

http://www.tomcoyote.org/hjt/
HijackThis Quick Start


http://www.spywareinfo.com/~merijn/htlogtutorial.html
HijackThis log tutorial


I hope this helps !
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 
LVL 4

Expert Comment

by:spidey23
ID: 22805864
Alternate Solution:

I say forget that altogether and try logmein.com.

It's free for personal and commercial use and it uses port 80 so you don't need to worry about any port configuration.

I use it for all of my small-business clients. Try it you will love it.
0
 
LVL 15

Expert Comment

by:tenaj-207
ID: 22806251
Uninstall the SAV suite (all of it).
Then uninstall the NIC (through device manager)
Next reboot (upon reboot the NIC will automatically reinstall)
Disable the windows FW
Try Remote desktop
If that fails then us msconfig as outlined above and try again.
If that fails then double check all the remote desktop settings are correct by remoting into yourself, which if it works will just lock the screen.




0
 

Expert Comment

by:bravaldi
ID: 23198636
On top of just running scans against malware, you should also delete any cache files that are in any of the user profiles in the host machine. These files are under %USERPROFILE%\Local Settings\Application Data\Microsoft\Terminal Server Client\Cache. I had this problem for the last two days and deleting the cache files resolved the problem.
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

These are on the increase and getting more common these days. Users who use the Google search engine may complain of having their search redirected to unwanted sites, regardless of what browser is used. This happens when the system is infected with…
My previous article  (http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/A_4466-A-beginners-guide-to-installing-SCCM2007-on-Windows-2008-R2-Server.html)detailed one possible method to get SCCM 2007 installed an…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question