Solved

RDC in Windows XP SP3 not working after Virus

Posted on 2011-02-23
10
429 Views
Last Modified: 2012-05-11
I recently got one of those fake Security Center Viruses.  I cleaned off the computer with Malwarebytes Anti-Malware.  After it was cleaned my Remote Desktop Connection wont run.  I connect to a Terminal Server.  No errors come up and nothing in the Event Viewer.  I just click it and nothing happens.  I tried running it through Dos, the windows directory, etc.  I tried reinstalling it, reinstalled SP3, copied the files form a working computer and still nothing.

Also, something else strange.  When I go to www.google.com it takes me to www.google.co.uk.  I am in Los Angeles, CA.  Any help would be appreciated.  This is crucial to the business.  I attached the log file from the Malwarebytes Anti-Malware scan.
LogFile.txt
0
Comment
Question by:jborenstein
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +2
10 Comments
 
LVL 6

Expert Comment

by:Melannk24
ID: 34962628
Have you tried also running HiJackThis (Trend Micro), I think you still have a few infected files lingering....   MalwareBytes is a great tool, but it's always best to run more than one utility when dealing with an infected computer.  Some of these rogue AV infections, also set a rootkit-like infection that is not always visible to standard utilities.  I've used IceSword to few any files hidden with restricted ACLs.  

Did you check your hosts file to make sure there is no hard-coded IP addresses there set by the virus?

If this was one of my PCs used for business, I would re-image it.  That is the best bet to ensure a clean PC.  We have an imaging server here and when we have a PC that crashes, we just push down another image.  
0
 
LVL 29

Expert Comment

by:Thomas Zucker-Scharff
ID: 34962691
Have you checked your hosts file? (windows->system32->drivers->etc->hosts)

It should look something like this:

# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

127.0.0.1       localhost


I always recommend using an alternate hosts file like the one hosted here:
http://www.mvps.org/winhelp2002/hosts.htm
0
 
LVL 6

Expert Comment

by:Melannk24
ID: 34962698
Also, did you make sure Terminal Services was running under services?  After all the changes to your PC, make sure you still have Remote Desktop enabled as well and your not blocking RDP traffic on your machine's FW.
0
Are You Headed to Black Hat USA 2017?

Getting ready for Black Hat next week? Kick things off with the WatchGuard Badge Challenge and test your puzzle and cipher skills. Do you have what it takes to earn our limited edition Firebox Badge? Get started today - https://crimsonthorn.net

 
LVL 22

Expert Comment

by:optoma
ID: 34962719
>Firstly, creste a restore point or install Erunt(reg backup program)

http://www.larshederer.homepage.t-online.de/erunt/
http://www.derfisch.de/lars/erunt-setup.exe >direct link

>Then run these scanners and save logfiles
TdssKiller and Hitmanpro.
http://support.kaspersky.com/viruses/solutions?qid=208280684
http://www.surfright.nl/en/hitmanpro

>To fix IE problems, reset IE afterwards
http://support.microsoft.com/kb/923737
0
 
LVL 29

Expert Comment

by:Thomas Zucker-Scharff
ID: 34962831
@optoma thank you for sharing the information on ERUNT.  I never came across it before and think I will find it useful in the future.
0
 
LVL 30

Accepted Solution

by:
flubbster earned 500 total points
ID: 34963172
I agree you have a bad hosts file that is redirecting you.

Paste the file here if you like. Be aware that some viruses corrupt the hosts file, then make a duplicate that you think is correct. Make sure that you have View Hidden and System files" turned on. See if there are two hosts files with slightly different names. The corrupt one may not allow you to modify or delete it. You will need a program like FileAssassin and Hostsexpert to delete and then restore a correct one. If you go here:

http://www.malwarehelp.org/windows-protection-suite-analysis-and-removal-2009.html

Then scroll down to the section labeled "Windows Protection Suite Removal (How to remove Windows Protection Suite)"

Follow the steps. You have already run MalwareBytes. As a matter of fact, if you look at the whole page, you wil see an almost identical listeing of what your log looks like.

Use the built-in Fileassassin tool, then hostsexpert and test the system. Also verify the proper services are running as mentioned above.
0
 

Author Comment

by:jborenstein
ID: 34963446
Thank you everybody for all the comments.  I am going to try them all out now and keep you updated as i try and figure it out.
0
 
LVL 22

Expert Comment

by:optoma
ID: 34963476
@ Tzucker. You're welcome :)
0
 

Author Closing Comment

by:jborenstein
ID: 34964196
I followed everything from that site and now everything is working again.  The one thing I did differently this time is I ran MalwareBytes’s Anti-Malware under the Administrator account and it found a few more things.
Thanks!
0
 
LVL 30

Expert Comment

by:flubbster
ID: 34964406
Glad it is working.

Take care
0

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes people don't understand why download speed shows differently for Windows than Linux.Specially, this article covers and shows the solution for throughput difference for Windows than a Linux machine. For this, I arranged a test scenario.I…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question