Lost all associations, eveything shows as a .INK in a RDS profile.

Posted on 2012-09-06
Medium Priority
Last Modified: 2012-09-11
Hi Guys,

One of our client have somehow managed to Loose all associations within a terminal session.
Litterally cannot open anything with a .exe.
Iv recreated her profile within AD and the issue is still there.
I realy dont want to have to make her a whole new account then re attach the mailbox as she is overseas and cannot contact her (but she still needs email).
Iv used a reg fix i found on her local profile on laptop and that has fixed the laptop.
When iv tried withtin the TS it has no effect.

Any idea's?

Question by:stellarsystems
  • 2
LVL 44

Expert Comment

by:Davis McCarn
ID: 38374004
Having file associations change is a sure sign of an infection and the fact that it happened at her end demands that her system be addressed first.
If she is running XP, you're in deep kimchi; but, if it is Vista or 7 performing a system restore to before she was infected has an 80% chance of fixing things.  It is best done by booting to the install DVD, then choosing Repair my computer; but, if that is not possible, have her tap F8 repeatedly while the Dell/HP/Gateway/(etc.) logo is on the screen to get the starup menu.  Choose Repair my computer, choose the correct language, her login name (and password).  Then, when the menu appaears, choose the second item, Restore My Computer ...  Make sure you pick a restore point which says Windows Update; they are the most complete.
Pray a little and have her do an antivirus update then a full scan if it seems better.

On your end, have you tried logging in as her?  If that is gescrewdefay, you'd be crazy not to delete her entirely and only recrete a new user after her machine is clean.

Don't underestimate the cybercriminals.  Currently, they rake in 220 Billion US dollars per year and they're not stupid.

Accepted Solution

stellarsystems earned 0 total points
ID: 38374871
Removing the usewrs registry keys when logged in as admin on the TS seemede to have worked.

Remove HKEY_USERS - users key.
Remove HKEY_LOCAL_MACHIEN - users key.
Rename profile.
Log in as user to TS.
And copy data from old profile to new profile.

99.9% sure it was not a virus as the user was intentionally trying to change a file extension however she obviosly did it wrong lol.

Author Closing Comment

ID: 38386099
it works

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction RemoteFX is already in use today, but you're probably not aware of it.  With the advent of Windows 2012 and Windows 8, RDP has gotten a whole lot better due to the fact that RDP now uses even more RemoteFX technologies to make desktop …
Know what services you can and cannot, should and should not combine on your server.
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question