RDP Shared Shortcut

I have 2 terminal servers that our branches use RDP sessions.  There is one "funky" icon that I can't get removed.   The properties say this:   (This is on a Windows Server 2008 Enterprise R2)

General Tab:
Type of file:   Internet Shortcut
Description:  RDP_Kirk!!!!
Location \\domain\usr_desktop\username\Desktop

WebDocument Tab says:
URL:  file:///C:/Windows/system32/rdp_kirk.dll

But it has shown up on EVERYONES desktop.   I cant get it removed.  I go to our domain server, user_desktop and the user and delete it.   It comes right back when they log back on to the network.
bankwestCTO/CashierAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Patrick BogersDatacenter platform engineer LindowsCommented:
Hi

Sounds like you got yourself some sort of virus. Please download malwarebytes and scan your computers.
0
bankwestCTO/CashierAuthor Commented:
FYI:  I can do that, but we run AVG Anti Virus Business Edition and it's not finding anything.
0
Patrick BogersDatacenter platform engineer LindowsCommented:
Please make the scan, also check Group Policies -> user Desktop.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Newly released Acronis True Image 2019

In announcing the release of the 15th Anniversary Edition of Acronis True Image 2019, the company revealed that its artificial intelligence-based anti-ransomware technology – stopped more than 200,000 ransomware attacks on 150,000 customers last year.

bankwestCTO/CashierAuthor Commented:
Update:   Ran the Malwarebytes and it also comes up clean.
0
bankwestCTO/CashierAuthor Commented:
THANK YOU, THANK YOU.    Didn't even think to look there.   Found it and deleted it.
0
Patrick BogersDatacenter platform engineer LindowsCommented:
your welcome.
0
bankwestCTO/CashierAuthor Commented:
BTW:    I did a gpupdate /force and it's still there.    :(

And I logged off and back on.
0
Patrick BogersDatacenter platform engineer LindowsCommented:
Could it be in another GPO?
0
bankwestCTO/CashierAuthor Commented:
I can't find any others.  Is there a way to Search within the GP?
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Remote Access

From novice to tech pro — start learning today.