Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PC Networking issue in AD domain ( after cryptolocker removed)


  • Please log in to reply
9 replies to this topic

#1 b.groves

b.groves

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:04:41 AM

Posted 21 January 2014 - 02:58 PM

Techs:
W7 Pro pc in MS SBS W2003 AD environment got infected with cryptolocker. Thanks to your assistance, we got rid of the infection but did loose some data. Now the user cannot connect to any of the internal network resources by DNS or UNC name. For example in Windows Explorer typing \\ServerOne gives an error message that you can't connect to it. I can't map a drive to the server with net use R: \\ServerOne\Apps . I can't run any network application . The error is "The file is located outside your local network. We cannot verify who created this file". Network File Sharing will not stay turned on.
I can map a drive if I use the IP address, net use R: \\192.168.1.10\Apps .

Just seems to be affecting domain resources? Any suggestions what I might look at to correct?

Thx,
bg


Edited by hamluis, 22 January 2014 - 10:18 AM.
Moved from Win 7 to Win NT - Hamluis.l


BC AdBot (Login to Remove)

 


#2 OldPhil

OldPhil

    Doppleganger


  • Members
  • 4,070 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Long Island New York
  • Local time:05:41 AM

Posted 21 January 2014 - 03:50 PM

Might try this.

 

http://www.tech-recipes.com/rx/1600/vista_dns_cache_flush/

 

Phil


Honesty & Integrity Above All!


#3 Sneakycyber

Sneakycyber

    Network Engineer


  • BC Advisor
  • 6,107 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ohio
  • Local time:05:41 AM

Posted 22 January 2014 - 08:04 PM

Does entering nslook up in the command prompt show your DNS server? Possbily when removing the infection your dns settings for your domain may have been set incorrectly. Are you able to browse websites ok?


Chad Mockensturm 

Systems and Network Engineer

Certified CompTia Network +, A +


#4 JohnnyJammer

JohnnyJammer

  • Members
  • 1,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:QLD Australia
  • Local time:07:41 PM

Posted 23 January 2014 - 12:48 AM

Mate the best thing is to reset the machien account using netdom

If the server cannot view its own files (And i have had this issue before after the tombstone period ran out).

 

Run this command

netdom resetpwd /s:anotherdomaincontroller /ud:yourdomainname\administrator /pd:passwordhere

anotherdomaincontroller == a domain controller thats hosting KDC. Reboot the server and then see if the reverse DNS works like so

 

ping /a 192.168.1.100 or what ever your IP is.

Then make sure you flushdns and register dns with this command (All one line)

ipconfig /flushdns && ipconfig /registerdns

Make sure that the server can then view its files both through UNC and also full DFS name.

 

Seehow that goes



#5 JohnnyJammer

JohnnyJammer

  • Members
  • 1,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:QLD Australia
  • Local time:07:41 PM

Posted 23 January 2014 - 12:52 AM

I forgot to mention, have you checked the replication state using

repadmin /showrepl *

also use this to get a summary of failures etc etc etc.

repadmin /replsum *

You might have to manually sync using repadmin, also make sure the time is set to another server using

net time \\someotherdomaincontroller /set /y

Edited by JohnnyJammer, 23 January 2014 - 12:54 AM.


#6 b.groves

b.groves
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:04:41 AM

Posted 23 January 2014 - 11:04 AM

Update:
ipconfig /flushdns did not resolve the issue.

Email, Web Browsing all work just fine.

I only have the one domain controller - ServerOne (W2003 SBS). It does not appear to have any issues. The problem just lies on one of 15 workstations in the small network.

I'll try the remaining suggested tasks asap and report back.

Thanks,
BG

#7 JohnnyJammer

JohnnyJammer

  • Members
  • 1,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:QLD Australia
  • Local time:07:41 PM

Posted 23 January 2014 - 05:51 PM

i would then install RAT (Remote Administrative Tools) on Windows7 machine from Microsfot and then use the same netdom command shown above. Its faster that rejoining the domain.



#8 b.groves

b.groves
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:04:41 AM

Posted 02 March 2014 - 03:49 PM

Follow Up.  The problem followed the network login to a different pc.  I created a new network account (domain\newusername) for the user.  Transferred all the data.  Problem went away.  Thanks,  Brian



#9 Sneakycyber

Sneakycyber

    Network Engineer


  • BC Advisor
  • 6,107 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ohio
  • Local time:05:41 AM

Posted 02 March 2014 - 09:19 PM

Thanks for posting your solution  :busy:


Chad Mockensturm 

Systems and Network Engineer

Certified CompTia Network +, A +


#10 aranix700

aranix700

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:11 PM

Posted 18 August 2014 - 02:32 AM

Thanks friends. This was helpful






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users