Solved

mapped network folder won't stay mapped

Posted on 2013-01-02
21
1,143 Views
Last Modified: 2013-02-01
Hi

I have seen issues similar to mine but none that match exactly and no answer that has solve my problem.

I have a 2003 AD network with XP Pro clients.
I use a member server as a file and printer sharing server.  I share out one folder, named “Y drive”, from this machine and map my clients to it using windows explorer. MAP NETWORK DRIVE.
This has worked for years with no issue.
Now we had a virus/malware that changed the attributes of the files in the folder and throughout the machine.  I have cleaned out the virus/malware from the machine.
I have moved the files to a new folder and fixed the attributes of the files and sub folders within and deleted the old “Y drive “folder.  This had to be done to clean up the virus/malware.
Now when I remap a client to this new folder it works until the client machine is rebooted, then the map is gone and I have to remap the folder again.

I have check the security settings for the fold compared to other folders that are shared and mapped and everything looks proper.
Any help would be great.

Thanks
0
Comment
Question by:KenBlessing
  • 9
  • 7
  • 2
  • +3
21 Comments
 
LVL 11

Expert Comment

by:BillBondo
ID: 38737993
We use kixtart and run a script so every logon the drives are mapped.
0
 
LVL 16

Expert Comment

by:Shaik M. Sajid
ID: 38738136
to make it shure

try on  a machine  put a windows xp cd in to cd rom

go to command promt

sfc /scannow

it'll repair the system files...

it'll make sure that system files issue couse of that .. mostly.. when we run spyware tools or third party tools these kind of issues are common... and even you can check it by restoring the backup while you virus  removal delete time..

all the best
0
 

Author Comment

by:KenBlessing
ID: 38738576
do you know how long this scan should take?  i need to be sure it can be done while the users are out to lunch or i'll have to wait to do it after hours.

Thank you.
0
 
LVL 6

Expert Comment

by:crash2000
ID: 38739625
Try mapping via command line with the /p switch (Make permanent)
net use  y: \\computer\sharename /p

Mark
0
 
LVL 24

Expert Comment

by:lionelmm
ID: 38739852
Are you checking the box that says "reconnect at logon" (using windows explorer)? Best way to deal with this though is to add it to your logon script then it will always be there and you can set your logon script to notify you if the network connection isn't made.
0
 
LVL 11

Expert Comment

by:Venugopal N
ID: 38740225
Is the issue for a single client or for the all the client.
Are you sure you ahve select "reconnect at logon" option as said by Lionelmm.
SFC /Scannow will take few Mins (@ max 5-10mins)
0
 

Author Comment

by:KenBlessing
ID: 38741516
I have not had a chance yet to run the SFC /scannow.

The issue is for any client that had the virus/malware problem, not every client was infected.  my machine for example has no problem with the mapping.

yes, the reconnect at logon box is checked.

I do understand that i could write a script to map the drive at logon but that just covers over the problem and leaves what ever is broken still broken, and i really don't like to put bandaids on things.  they always come apart at the worst time.  So i would really like to find out what is broken and fix it properly so it dosn't bite me in the butt later.

Thanks
0
 

Author Comment

by:KenBlessing
ID: 38741994
ok now a new twist.  I went to boot the clients machine into safe mode to run the sfc scan, i get an error that the NTOSKRNL.exe is missing.
0
 
LVL 24

Expert Comment

by:lionelmm
ID: 38742086
I totally missed that critical point (that its only happening to systems that were infected)--sorry about that. OK so have run boot time scans with a product like AVG rescue disk (this runs before you get into Windows)? As well as products like malwarebytes?
0
 

Author Comment

by:KenBlessing
ID: 38742096
i have run malwaarebytes and norton endpoint
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 

Author Comment

by:KenBlessing
ID: 38812394
anyone else have any input on this?
0
 
LVL 24

Expert Comment

by:lionelmm
ID: 38812532
Did you run boot time scans or scans once logged onto Windows?
0
 

Author Comment

by:KenBlessing
ID: 38820830
i ran avg boot scan (no infected files) i ran malwarebytes (no issues) symantec endpoint (no viruses Detected)  but it will boot into safe mode now, i don't know what happened there.

so now what?
0
 
LVL 24

Expert Comment

by:lionelmm
ID: 38822009
It seem to me that at some point the time wasted trying to recover a drive attacked by a virus is best spent re-creating the system. However if you can get in via safe mode what error are you getting now for a normal boot--still the same? In safe mode check the event logs for errors and let us know what those are. I would instead make a clone of one of the systems that are working (instead of a doing a system by system reinstall) and clone the systems, run sysprep and go from there. If you are interested in this let me know, otherwise let me know what you find in safe mode--thanks.
0
 

Author Comment

by:KenBlessing
ID: 38828652
Hi Lionelmum
First, thank you for your help on this issue so far....but I think something has been lost in the post trail.
I am not tring to recover a drive on any machine.
The problem is that I have a shared folder no one of my servers and when I map that folder from a client machine the map does not stay on the client after a reboot.  it is not that the map is in active or can't connect it is just gone from the client and has to be remapped.
Now I understand that a script could be written to remap the drive at login but that does not explain why a map the used to stay now does not.

This only happens on some of the machines that that were on the network at the time of the virus, new machines have no issue.

going back to your last responce I get no Errors on the clients anywhere reguarding this issue.

again thanks for your help
Ken
0
 
LVL 24

Expert Comment

by:lionelmm
ID: 38829240
What I was trying to say is that if the only systems that are affected are the ones that were infected by the virus, then it may be best to think of starting new installs on those systems. It is very common for infected systems to be non-recoverable, unable to get them back to functioning normally.
0
 

Author Comment

by:KenBlessing
ID: 38833073
I agree that rebuilding the system is the foolproof easy way out of this and I have rebuilt a few machines but for some systems this is not a viable option for various reasons.

But I am getting the idea that this is something that no one knows how to fix.

So for now I am going to look for a Band-Aid (drive mapping script) to put on this until I can rebuild all the systems that have been affected.
0
 
LVL 24

Accepted Solution

by:
lionelmm earned 500 total points
ID: 38833129
I can write a batch script for you; either to run during logon or which can be run manually or through scheduled tasks. Let me know.

The reason its so tough to "fix" is because if there are no errors in the event logs and 'all' the other systems are not doing it and only the ones that were infected means the virus did something. Some of these hackers are very, very smart and sometimes anti virus software simply stops the damage but its not always possible to know exactly what damage they do--my guess it there is some dll that has been affected but with nothing to guide us along its tough to say what or even if my guess is right.
0
 
LVL 24

Expert Comment

by:lionelmm
ID: 38833152
Quick Example

Rem Run "dir" to see if Y is still active or not
dir y:
If Errorlevel 1 goto NetUse
GoTo End

:NetUse
net use y: /d
net use Y: \\servername\sharename /p:y
If Errorlevel 1 goto Error
GoTo End

:Error
Echo There was an error creating a connection to Drive Y on Servername
Pause
(Or Net Send AdminComputerName Problem on %ComputerName% creating connection to drive Y)

:End
Rem Exit Remove REM once you are done testing so script will exit
0
 
LVL 6

Expert Comment

by:crash2000
ID: 38834281
As it's XP Pro, you could always boot from CDROM and go to reinstall, but choose repair.
That should fix the DLL's if there damaged.
After that, you would only need to reinstall the updates.
Might be worth trying that on one machine, to see if it works.
You wouldn't need to reinstall all the sofwtare.

Mark
0
 

Author Comment

by:KenBlessing
ID: 38836534
It is (fixed) for now with a script.   I tried the XP repair on an unimportant machine and lost the whole machine.
I will have to rebuild the machines as time allows.

Thanks for your help.
Ken
0

Featured Post

Free book by J.Peter Bruzzese, Microsoft MVP

Are you using Office 365? Trying to set up email signatures but you’re struggling with transport rules and connectors? Let renowned Microsoft MVP J.Peter Bruzzese show you how in this exclusive e-book on Office 365 email signatures. Better yet, it’s free!

Join & Write a Comment

If you need to start windows update installation remotely or as a scheduled task you will find this very helpful.
When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup". After a while, you have entered a loop for Auto repair which does not fix anything and you will be in a  panic as all your work w…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now