Profile & Share Permission Problems:(

[Athlona]

Hi

 

I have removed 2 viruses from our large network Conflicker & Auto.inf it spread onto 3 servers one MIS and Domain Controller and a file share server also a number of clients too. Removed the virus from all, But now all the shares are playing up teacher & students aren't able to see the Shared programs also profiles fails to save to server they attempt to save to local hard drive due to them been a roaming account but Ranger prevents them from doing so... I have found out that the profiles are missing the user entry so they can't access them, put all 200 user back into the profile folders with full access that seems ok now not log of errors, But I am still unable to get both to access the shared programs keeps on saying access denied... Any help would e great...

Logged in as a Administrator on the file share server I could access the my document of the Staff account kept on saying access denied I took ownership of the share folder that seems to have fixed that... Its just the share for teachers & students I can’t get to work now... 

 

Thanks

[Athlona]

Anyone out there?

[techy32]

We had a problem with confiker last year.

 

Did you completely removed the Confiker yet or not?

By reading your post it looks to me that it has spread on the network if it was on the file server because it spread through share drives. Share problem means that the machines are still affected with this virus. Check the logs on the clients & domain controller.

 

Stop the autorun from the group policy which will stop it spreading and check the log files. Particularly for failed authentication logs. There may be machines on your network which are trying to log on to all machines. Remove the machines from network immediately which are affected. Configure Antivirus aggressively to delete any suspicious file or programme like a virus.

 

We did not have this kind of problem ( Share & Profile ) on our network. It locked everyone's account on our network. Confiker spread on every machine on our network because it was not updated with windows update and no antivirus. Check the link below

 

http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx

 

We struggled for at least two weeks and had to reinstall our ISA Server & almost all the network machines ( about 550 machines ).

Let me know if you want to speak about Confiker removal. PM me with your email or phone number and I will contact you on Monday or even before if you want.

 

Very important to beat confiker

 

1. Stop the Autorun from group policy

2. MS Windows update

3. up to date anti virus must be properly configure ( on access Read & Write) Scanning

4. Install File Server Resource Manager on your file server ( Block autorun.inf ) This will block all the USB which are carrying confiker to spread on the network

Edited April 23, 2010 by techy32

[SYNACK]

If the virus is still floating around on clients then your server AV could be restricting access to the server shares, had this with Symatec Endpoint Protection after they finally updated their defs to kill a new virus that showed up on our network.

[p858snake]

Did you assign the permissions on the profile folders manually? because windows doesn't like that, It likes it when it does it automatically.

If you can I would just scrape them and give them new profile folders and it recreate everything (unless you store documents in the profile and not a redirected directory).

 

As for the other shares, Make sure there is no rules preventing them in either NTFS or Share permissions (Deny always trumps a Allow* (Eg: Users=Deny and Student Security Group=Allow they will be denied)). And have you restarted the servers recently, I know conflickr likes to max out net connections which causes access issues.

 

*I believe there are certain circumstances that it doesn't work that way, but its the general rule.