Jump to content

Malware broke Remote Desktop Client


Recommended Posts

I recently fixed a problem with a piece of scareware (as my boss calls it) on one of my user's system.

Malwarebytes Anti-malware did find and remove a number of hijacks in

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\

but it didn't notice that

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mstsc.exe\debug

was pointed at svchost.

I removed the entire mstsc.exe branch from the registry to resolve the issue, as on a working system, this branch didn't exist.

If you are having problems with the Remote Desktop Client after removing malware from a system, check to see if this key exists.

It might be an idea to add a check for this to Malwarebytes Anti-malware as well.

A. Townsend

Link to post
Share on other sites

I was under the impression that MBAM already looked for all of those, but it might just be one we haven't seen before. Someone from the research team would have to jump in and let us know, but they don't spend too much time in the general sections of the forum (lots of malware to research).

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.