RDC in Windows XP SP3 not working after Virus

I recently got one of those fake Security Center Viruses.  I cleaned off the computer with Malwarebytes Anti-Malware.  After it was cleaned my Remote Desktop Connection wont run.  I connect to a Terminal Server.  No errors come up and nothing in the Event Viewer.  I just click it and nothing happens.  I tried running it through Dos, the windows directory, etc.  I tried reinstalling it, reinstalled SP3, copied the files form a working computer and still nothing.

Also, something else strange.  When I go to www.google.com it takes me to www.google.co.uk.  I am in Los Angeles, CA.  Any help would be appreciated.  This is crucial to the business.  I attached the log file from the Malwarebytes Anti-Malware scan.
Who is Participating?
flubbsterConnect With a Mentor Commented:
I agree you have a bad hosts file that is redirecting you.

Paste the file here if you like. Be aware that some viruses corrupt the hosts file, then make a duplicate that you think is correct. Make sure that you have View Hidden and System files" turned on. See if there are two hosts files with slightly different names. The corrupt one may not allow you to modify or delete it. You will need a program like FileAssassin and Hostsexpert to delete and then restore a correct one. If you go here:


Then scroll down to the section labeled "Windows Protection Suite Removal (How to remove Windows Protection Suite)"

Follow the steps. You have already run MalwareBytes. As a matter of fact, if you look at the whole page, you wil see an almost identical listeing of what your log looks like.

Use the built-in Fileassassin tool, then hostsexpert and test the system. Also verify the proper services are running as mentioned above.
Have you tried also running HiJackThis (Trend Micro), I think you still have a few infected files lingering....   MalwareBytes is a great tool, but it's always best to run more than one utility when dealing with an infected computer.  Some of these rogue AV infections, also set a rootkit-like infection that is not always visible to standard utilities.  I've used IceSword to few any files hidden with restricted ACLs.  

Did you check your hosts file to make sure there is no hard-coded IP addresses there set by the virus?

If this was one of my PCs used for business, I would re-image it.  That is the best bet to ensure a clean PC.  We have an imaging server here and when we have a PC that crashes, we just push down another image.  
Thomas Zucker-ScharffSystems AnalystCommented:
Have you checked your hosts file? (windows->system32->drivers->etc->hosts)

It should look something like this:

# Copyright (c) 1993-1999 Microsoft Corp.
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
# For example:
#     rhino.acme.com          # source server
#     x.acme.com              # x client host       localhost

I always recommend using an alternate hosts file like the one hosted here:
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

Also, did you make sure Terminal Services was running under services?  After all the changes to your PC, make sure you still have Remote Desktop enabled as well and your not blocking RDP traffic on your machine's FW.
>Firstly, creste a restore point or install Erunt(reg backup program)

http://www.derfisch.de/lars/erunt-setup.exe >direct link

>Then run these scanners and save logfiles
TdssKiller and Hitmanpro.

>To fix IE problems, reset IE afterwards
Thomas Zucker-ScharffSystems AnalystCommented:
@optoma thank you for sharing the information on ERUNT.  I never came across it before and think I will find it useful in the future.
jborensteinAuthor Commented:
Thank you everybody for all the comments.  I am going to try them all out now and keep you updated as i try and figure it out.
@ Tzucker. You're welcome :)
jborensteinAuthor Commented:
I followed everything from that site and now everything is working again.  The one thing I did differently this time is I ran MalwareBytes’s Anti-Malware under the Administrator account and it found a few more things.
Glad it is working.

Take care
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.