Lost all associations, eveything shows as a .INK in a RDS profile.

Posted on 2012-09-06
Last Modified: 2012-09-11
Hi Guys,

One of our client have somehow managed to Loose all associations within a terminal session.
Litterally cannot open anything with a .exe.
Iv recreated her profile within AD and the issue is still there.
I realy dont want to have to make her a whole new account then re attach the mailbox as she is overseas and cannot contact her (but she still needs email).
Iv used a reg fix i found on her local profile on laptop and that has fixed the laptop.
When iv tried withtin the TS it has no effect.

Any idea's?

Question by:stellarsystems
    LVL 42

    Expert Comment

    by:Davis McCarn
    Having file associations change is a sure sign of an infection and the fact that it happened at her end demands that her system be addressed first.
    If she is running XP, you're in deep kimchi; but, if it is Vista or 7 performing a system restore to before she was infected has an 80% chance of fixing things.  It is best done by booting to the install DVD, then choosing Repair my computer; but, if that is not possible, have her tap F8 repeatedly while the Dell/HP/Gateway/(etc.) logo is on the screen to get the starup menu.  Choose Repair my computer, choose the correct language, her login name (and password).  Then, when the menu appaears, choose the second item, Restore My Computer ...  Make sure you pick a restore point which says Windows Update; they are the most complete.
    Pray a little and have her do an antivirus update then a full scan if it seems better.

    On your end, have you tried logging in as her?  If that is gescrewdefay, you'd be crazy not to delete her entirely and only recrete a new user after her machine is clean.

    Don't underestimate the cybercriminals.  Currently, they rake in 220 Billion US dollars per year and they're not stupid.
    LVL 1

    Accepted Solution

    Removing the usewrs registry keys when logged in as admin on the TS seemede to have worked.

    Remove HKEY_USERS - users key.
    Remove HKEY_LOCAL_MACHIEN - users key.
    Rename profile.
    Log in as user to TS.
    And copy data from old profile to new profile.

    99.9% sure it was not a virus as the user was intentionally trying to change a file extension however she obviosly did it wrong lol.
    LVL 1

    Author Closing Comment

    it works

    Featured Post

    Find Ransomware Secrets With All-Source Analysis

    Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

    Join & Write a Comment

    Introduction RemoteFX is already in use today, but you're probably not aware of it.  With the advent of Windows 2012 and Windows 8, RDP has gotten a whole lot better due to the fact that RDP now uses even more RemoteFX technologies to make desktop …
    Citrix XenApp, Internet Explorer 11 set to Enterprise Mode and using central hosted sites.xml file.
    In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
    Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    13 Experts available now in Live!

    Get 1:1 Help Now