Sage 100

 View Only
Back to discussions
Expand all | Collapse all

A client returned from lunch to find that their Mo

  • 1.  A client returned from lunch to find that their Mo

    Posted 08-11-2015 12:44
      |   view attached
    A client returned from lunch to find that their Module listing has turned into gibberish. They cannot access any modules from the top line menu and nothing appears when you try to click ""File."" Any ideas?


  • 2.  RE: A client returned from lunch to find that their Mo

    Posted 08-11-2015 12:49
    they probably have that crypto wall malware - they will need to find the owner of the encrypted files and shut down that station, then restore mas90\home, and mas90\launcher from backup.


  • 3.  RE: A client returned from lunch to find that their Mo

    Posted 08-11-2015 12:50
    Look in the \MAS90 folder for crypto/encrypt references. Then get prepared to quote them a price for disaster recovery when they invariably find that their backups haven't worked for the past 17 years...


  • 4.  RE: A client returned from lunch to find that their Mo

    Posted 08-11-2015 12:51
    Also restore any .txt files in mas90\mas_system and they may need to restore their paperless office folders, too. the crypto malware doesn't encrypt the sage data files, but it will encrypt any .jpg .pdf .txt


  • 5.  RE: A client returned from lunch to find that their Mo

    Posted 08-11-2015 12:55
    You normally can recover from this as the .SOA and .M4T files are not encrypted, but some of the TXT files that drive the system are encrypted (menus etc.) - so although they can lose time using their system, they normally don't lose data. make a copy of the mas90 folder before you start. Good Luck


  • 6.  RE: A client returned from lunch to find that their Mo

    Posted 08-11-2015 12:55
    Boy, that must have been a strong liquid lunch!


  • 7.  RE: A client returned from lunch to find that their Mo

    Posted 08-11-2015 12:59
    Give them a price quote for diagnosis before you do anything that could lead you down a rabbit hole


  • 8.  RE: A client returned from lunch to find that their Mo

    Posted 08-11-2015 13:01
    If you are not their IT support, I recommend you get their IT professionals involved


  • 9.  RE: A client returned from lunch to find that their Mo

    Posted 08-11-2015 13:12
    There is no point in doing any reconstruction until the source has been found and banished by their IT folks. If they are using Sage Intelligence those Excel files are at risk as well.


  • 10.  RE: A client returned from lunch to find that their Mo

    Posted 08-11-2015 13:22
    Yes, I just found the ""Crypto Crap"" in the directories affected. Definitely a cryptowall 3.0. I've made the client aware that they must get IT to fix this before we can go any further. On another note, I was just telling @JerryNorman exactly what should be done to the horrible scourge of the Earth that inflicts these sorts of viruses. Torture, Exquisite Torture.


  • 11.  RE: A client returned from lunch to find that their Mo

    Posted 08-11-2015 19:08
    Have seen this twice. The ones we encountered were BIOS virus'. Had to resort to a ""cold flash"" of the BIOS (found a guy who had a set of tools that could flash the BIOS with the PC's power off). The damn thing was able to reinstall itself even after flashing the bios using Dell's tools and low level formatting the harddrives. As to the Sage datafiles, they were unaffected, (agree with @JeffFiddelman and @MaryMays on that) we ended up reinstalling Sage programs, recreating the system stuff, users, company codes etc... and restoring the MAS_xxx folder. Unfortunately all their documents (pdf, doc, xls, etc...) were encrypted.


  • 12.  RE: A client returned from lunch to find that their Mo

    Posted 08-12-2015 10:17
    OMG - what a PITA!!!!!!


Related Content