Skip to main content

RDP won't work after virus

More
16 years 3 months ago #27219 by cjsmith22
i am unable to remote into a pc inside our lan at work after removing a nasty virus called buritos.exe (it shows up as a red cross in your system tray saying your pc is infected with spyware) . the machine in question runs xpsp2. I've disabled all antivirus programs, remote desktop is enabled, all relevent services are started, i can ping it, i can telnet to it on 3389, i can also remote to other machines from it, however, as soon as i try to remote to it, it instantly pops up with 'the client could not establish a connection.....'.
anyone any ideas?
More
16 years 3 months ago #27220 by chitti
I did face the same kind of issue in my LAN (network), but then after upgrading that comp to SP3 It was fine. That was not the only changes that I made there were few more changes, Try patching SP3 and see how it goes !!!
More
16 years 3 months ago #27237 by cjsmith22
cheers chitti - tried sp3 and still no joy :( think I'm just gonna have to
reinstall xp.
More
16 years 3 months ago #27238 by S0lo
Replied by S0lo on topic Re: RDP won't work after virus
This problem has been bugging many lately. You probably tried this, but just in case, just before you give up, do the following in sequence:

1. Shut down your firewall, if any. (I know 3389 works but just to clear out doubts from other ports)
2. REMOVE all users from the allowed remote users. (from the remote tab)
3. DISABLE remote desktop. i.e Uncheck "allow users to connect remotely to this computer"
4. Restart the PC
5. Create a new administrator account. say "admin2". login and logoff with it to make sure the profile is created.
6. ENABLE remote desktop.
7. Add the new "admin2" user to the list of the allowed.

Now try it with admin2.

Studying CCNP...

Ammar Muqaddas
Forum Moderator
www.firewall.cx
More
16 years 2 months ago #27510 by cjsmith22
cheers solo, I followed your instructions and it worked! i also scanned the machine using nod32 and it seems to have gotten rid of all traces of that buritos.exe which seemed to be the original problem.

however,(i'm about to give up on it it's really annoying me now!), since installing nod32 it's started doing something which i've not seen before - if the machine is left idle for more than 5 minutes, it goes through a continuous cycle of blue screening (with a different blue screen error message each time) followed by windows rebooting followed by blue screen..etc, however, while its doing this continuous blue screen/reboot cycle, if i remote into it from a different machine i go straight to the desktop no problems! whats all that about?
More
16 years 2 months ago #27511 by S0lo
Replied by S0lo on topic Re: RDP won't work after virus
lol heheh, Thats troubled.

Blue screens usually happen because of hardware or driver problems (Which I doubt is your case here). Another reason for it could be corrupted hard disk structures or bad clusters. To fix this latter possibility, try this:

1. Right click on your hard disk (C:\) and click properties.
2. Click the [tools] tab. Then click [Check Now] button.
3. Check both [Automatically fix file system errors] and [Scan for and attempt recovery of bad sectors]. Then click [Start] button.
4. If you see a dialog box stating that the scan can not be done now. Click [Yes]. This will schedule the disk scan for the next start. Now, Restart your PC and the scan will begin automatically.

The disk scan can take 30 minutes or more depending on the amount of damage and disk size. I recommend you do this for all local hard drives you have (D:\ E:\....) if any.

For the AV. I haven't tried NOD32. But I don't think it's guilty in causing the blue screens.

Studying CCNP...

Ammar Muqaddas
Forum Moderator
www.firewall.cx
Time to create page: 0.143 seconds