Tech Support banner

Status
Not open for further replies.
1 - 8 of 8 Posts

·
Registered
Joined
·
114 Posts
Discussion Starter #1
:eek:unable to browse to any server/workstation using UNC names after virus:eek:

removed all infected files, virusues dlls exes ect....

check the gpo and reg there is no disabled rights

sfc finished>reboot

even ran a script to edit the regitstry to clean up rights ( as per microsoft )

cd /d "%ProgramFiles%\Windows Resource Kits\Tools"
subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=administrators=f /grant=system=f
subinacl /subkeyreg HKEY_CURRENT_USER /grant=administrators=f /grant=system=f
subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=administrators=f /grant=system=f
subinacl /subdirectories %SystemDrive% /grant=administrators=f /grant=system=f
subinacl /subdirectories %windir%\*.* /grant=administrators=f /grant=system=f
secedit /configure /cfg %windir%\repair\secsetup.inf /db secsetup.sdb /verbose

reboot

from there checked all services, everything is running
masterbrowser, everything

however getting GPO errors

Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1030
Date: 9/3/2008
Time: 3:48:32 PM
User: *******
Computer: *********
Description:
Windows cannot query for the list of Group Policy objects. A message that describes the reason for this was previously logged by the policy engine.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1030
Date: 9/3/2008
Time: 3:46:38 PM
User: ********
Computer: *********
Description:
Windows cannot query for the list of Group Policy objects. A message that describes the reason for this was previously logged by the policy engine.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1058
Date: 9/3/2008
Time: 3:46:38 PM
User: ********
Computer: ********
Description:
Windows cannot access the file gpt.ini for GPO CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=***,DC=local. The file must be present at the location <\\***.local\sysvol\***.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini>. (Incorrect function. ). Group Policy processing aborted.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


HERE IS THE KICKER....

IF I MAP A DRIVE TO THE SERVER

O: \\server\share.... IT WORKS!!!!

Issue is that a application( accounting ) uses the UNC name to connect to the database on the server.... so of course if the computer cant resolve the unc the application also wont..

any help would be great!
 

·
Registered
Joined
·
5,246 Posts
To get Expert Help with malware removal:

I recommend that you read this article… ( Simply, click on the links to be re-directed.)

"Having problems with spyware and pop-ups? First steps;

IMPORTANT - Read This Before Posting For Malware Removal Help

Please follow the instructions very carefully; then, post all the requested logs and information; as instructed, in the HiJackThis Log Help Forum.

http://www.techsupportforum.com/security-center/hijackthis-log-help/

Please ensure that you create a new thread in the HiJackThis Log Help Forum; not back here in this one.

IMPORTANT - Read This Before Posting For Malware Removal Help

When carrying out The 5 Steps,

If you cannot complete any of them for whatever reason, just continue on with the next one until they are all completed.

However, it is extremely important to make mention of the fact that you could not complete any of the steps in your post to HiJackThis Log Help Forum.

http://www.techsupportforum.com/security-center/hijackthis-log-help/

Where an Analyst will assist you with other workarounds.

Once done, please be patient, as the Security Team Analysts are usually very busy; one of them will answer your request as soon as they can.
 

·
Registered
Joined
·
114 Posts
Discussion Starter #3
To get Expert Help with malware removal:

I recommend that you read this article… ( Simply, click on the links to be re-directed.)

"Having problems with spyware and pop-ups? First steps;

IMPORTANT - Read This Before Posting For Malware Removal Help

Please follow the instructions very carefully; then, post all the requested logs and information; as instructed, in the HiJackThis Log Help Forum.

http://www.techsupportforum.com/security-center/hijackthis-log-help/

Please ensure that you create a new thread in the HiJackThis Log Help Forum; not back here in this one.

IMPORTANT - Read This Before Posting For Malware Removal Help

When carrying out The 5 Steps,

If you cannot complete any of them for whatever reason, just continue on with the next one until they are all completed.

However, it is extremely important to make mention of the fact that you could not complete any of the steps in your post to HiJackThis Log Help Forum.

http://www.techsupportforum.com/security-center/hijackthis-log-help/

Where an Analyst will assist you with other workarounds.

Once done, please be patient, as the Security Team Analysts are usually very busy; one of them will answer your request as soon as they can.
??? this makes no since to my issue. but thats for the information.
 

·
Registered
Joined
·
5,246 Posts
You said you removed all infected viruses. . . Did an expert say this? Or you?

Just because an Anti-Virus program says you are clean, doesn't mean there is still some remaining pieces of the malware on your PC, which then, might infect the reason you aren't able to browse the server.

It's up to you, but I would advise you to do the steps and have an expert verify that your PC is clean.
 

·
Registered
Joined
·
114 Posts
Discussion Starter #5
You said you removed all infected viruses. . . Did an expert say this? Or you?

Just because an Anti-Virus program says you are clean, doesn't mean there is still some remaining pieces of the malware on your PC, which then, might infect the reason you aren't able to browse the server.

It's up to you, but I would advise you to do the steps and have an expert verify that your PC is clean.
i did :p witch is beyond an expert ^^

i understand you deal with eddie end user all day, however the computer is clean...

and for what ever reason wont hit unc names.....

thanks for the info
 

·
Registered
Joined
·
5,246 Posts
Not to be mean or snotty, but how do you know the PC is clean?

I'm going to stick to my guns on this one, and advise you to do the simple 5 step process and allow an expert analyze your PC.
 

·
Registered
Joined
·
114 Posts
Discussion Starter #7
ok well i solved it,

first thanks cool but it WAS not a infection.

for any one else in this issue it was a CLID / SID issue with the computer name in the AD.

rejoined it to the domain and everything is working fine.

thanks
 
1 - 8 of 8 Posts
Status
Not open for further replies.
Top