How to Reset the Counter in *.DAT Files After Recovery from Crypto Ransom Ware Attack

Q - We were recently attacked by Crypto Ransomware.  We did implement the NTFS security based on the following Knowledge Base article:
        http://support.elliott.com/knowledgebase/articles/654601-elliott-8-directory-structure-and-ntfs-rights
However, we still have to restore the DAT files.  The DAT files contain counters like starting order number and starting invoice number.  How do I reset them to the values that match the current *.BTR file values?

A - The following is a list of *.DAT files that may be attacked by CryptoWall or CryptoLocker Ransom Ware:

APCTLFIL.DAT: This file contains information in A/P Setup.  The counter you need to reset is "13. Last Voucher Number Used?" You can find this value by following this procedure:
  • Go to New A/P Transaction Processing and print edit list.  If there are any transactions in the New A/P Trandaction edit list, then find the last voucher number used. 
  • If there's nothing in New A/P Transaction Processing, bring up the Pervasive control center, find the APOPN_VHR table, and execute the following SQL statement - select top 10 ap_open_voucher_no_v from "APOPNFIL_VHR" where ap_open_voucher_code = 'V' order by ap_open_voucher_no_v desc 
  • The last 10 vouchers used should show up.  The reason we choose to show the last 10 vouchers is because you could manually assign vouchers.  Showing the last 10 vouchers can help you to identify if that is your situation and help you to avoid drawing the wrong conclusions.
ARCTLFIL.DAT: This file contains information in A/R Setup.  The counter you need to reset is "1. Starting Invoice No."  You should first check to see if you have any unposted invoices in the CPORDHDR table.  You can find that out with the following procedure:
  • Use this SQL statement in Pervasive control center - select top 10 order_no, order_invoice_no, order_invoice_date from "CPORDHDR" where order_selection_code = 'X' order by order_invoice_no desc
  • If nothing shows up with the above SQL statement, it means all invoices are posted.  Then you need to use the following SQL statement to find it from the CPINVHDR table - select top 10 inv_no from cpinvhdr order by inv_no desc
  • Alternatively, you can go to COP -> Inquiry -> Invoice History Inquiry -> Inquiry -> Invoice Inquiry by Invoice.  Hit F1 at the customer number field, and then hit F1 to show the latest invoices.
BMCTLFIL.DAT: This file contains the BOMP Setup.  The counters you need to reset are:
  • "3. Next Legacy Work Order No"
  • "4. Next Engineering Change No"
  • "5. Next Material Work Order No"
  • "6. Next Plus Work Order No"
Depending on the features you use in BOMP module, you may not need to recover all of them.  For example, if you don't use Plus Work Order, then you don't need to recover the value of "6. Next Plus Work Order No".  The following is the procedure you can use to recover these values:
  • You can use the following SQL statement to recover legacy work order numbers - select top 10 prd_ord_order_no from bmordfil where prd_ord_order_type = 'O' order by prd_ord_order_no desc
  • Similarly, you can use the following SQL statement to recover material work order numbers - select top 10 prd_ord_order_no from bmordfil where prd_ord_order_type = 'M' order by prd_ord_order_no desc  
  • Similarly, you can use the following SQL statement to recover plus work order numbers -  select top 10 prd_ord_order_no from bmordfil where prd_ord_order_type = 'P' order by prd_ord_order_no desc
  • If you are using BOMP engineering change processing, you can find engineering changes by going to BOMP -> Processing -> Engineering Change Processing -> List.  If there are any entries, you will find the last Engineering Change No there.
  • If there is nothing in the Engineering Change Edit List, you can find out the last engineering change from history by using the following SQL statement - select top 10 eng_chg_hst_chg_no from bmenghst order by eng_chg_hst_chg_no desc
COMPFILE.DAT: This file contains both company setup and G/L setup.  It is unlikely that company setup would have any changes.  The counter values you need to recover in G/L Setup are "4. Starting Journal History No" and "5. Starting Transaction ID No."  You can use the following procedure to find this vale:
  • Go to G/L -> Reports -> Journal History Report. Print all packages for the last few days (a few days ahead of your backup date till now).  Look through each section.  The journal source looks like XX9999.  The largest 9999 will be at the end of each section.  Find the largest 9999 value among all sections.  That value + 1 will be the value for "4. Starting Journal History No."
  • Go to G/L -> Processing -> General Journal Trx Processing -> Entry-List.  If you have an unposted G/L Journal Trx in the edit list, you can find the last G/L Transaction ID used.
  • If there are no entries in the G/L Journal Trx edit list, then you will have to recover this value from the General Ledger table.  You can use the following SQL statement - select top 10 gl_trx_id from "GLTRXFIL" order by gl_trx_id desc
CPCTLFIL.DAT: This file contains the COP Setup.  The counter you need to reset is "1. Staring Order Number." You can find out this value by going to COP -> Inquiry -> Order Inquiry -> Inquiry -> Order Inquiry by Customer/Order.  At the customer field, press F1. Then, at the order field, press F2. This will be bring up the orders by reverse order number sequence.  The F2 key will ensure that even the posted orders will show up.

CPHSTPRD.DAT: This is the setting in COP -> Maintenance -> Sales Hist Period File. Unless the restoration of this file is over the month-end, the value in this file will not be changed.  If it is over the month-end period, you can simply go to this menu and change the current period.

GLFSPASS.DAT: There is no counter to recover from this table.  So you can simply restore the DAT files and nothing needs to be done.

GLPRDFIL.DAT: This and the GLPRDV66.DAT files comprise the G/L Period File.  You can access them by going to G/L -> Maintenance -> Accounting Period File.  Unless the restoration of this file is over the month-end period, the value in this file will not be changed.  If it is over the month-end period, you can simply go to the menu and change the current period accordingly.

GLPRDV66.DAT: See previous instructions for GLPRDFIL.DAT. 

IMATP001.DAT:  There is no counter to recover from this table.  So you can simply restore the DAT files and nothing needs to be done.

POCTLFIL.DAT: This is the setting in PO Setup. The counter you need to reset is "1. Starting Purchase Order No."  You can find out this value by going to PO -> Inquiry -> Purchase Order Inquiry -> Inquiry.  At  theVendor No. field, press F1. At the P.O. No field, press F1.  Then the Purchase Order will be displayed in the reverse sequence of PO number.

TERMBAL.DAT:  There is no counter to recover from this table.  So you can simply restore the DAT files and nothing needs to be done.

Grant Users Modify Right to *.DAT After Restore the DAT Files
Also, keep in mind that after you restore the *.DAT files, you will need to give your users modify right access by using commands like the following:'
    ICACLS *.dat /grant everyone:M

EMK

Systems Manager

  1. Mapped Drives Disappear After Logoff or Reboot
  2. Using Raw Data Pass Through for Dot Matrix Printer on Windows 10 Does Not Work
  3. How Do I Find The Workstation That's Infected with The Crypto Ransom Ware?
  4. How to Reset the Counter in *.DAT Files After Recovery from Crypto Ransom Ware Attack
  5. Aging Shows Differently After Database Rebuild
  6. What Do I Do When My Anti-virus Software Reports Elliott EXE File as a Virus?
  7. High CPU Usage and Performance Issues After Implementing NTFS Security
  8. "We can't verify who created this file. Are you sure you want to run this file?"
  9. Problem with Printer Configuration If Running Elliott from Multiple Workstations
  10. Inconsistent Elliott Error on Terminal Server
  11. How to Restore Elliott from CryptoWall Ransomware Attack
  12. Clarify Laser Forms Line Item Level Barcode Printing
  13. Is Dot Matrix Printer Still Supported in Elliott with Windows 10?
  14. Should I Install the 32-bit or 64-bit Outlook/Office?
  15. I Receive Error 114 When I Start Up Elliott on the Server
  16. Manage Data Execution Prevention (DEP) Through Registry Editing
  17. Windows Defender May Cause Elliott Start-Up Difficulties
  18. Why Do I Exceed Elliott User License Count When There are No or Very Few Users in Elliott?
  19. What Causes Load Error 198?
  20. How the Windows Scheme You Choose May Affect the Elliott Screen Display
  21. Still Get Error 114 After Adding All Elliott EXE Files to the DEP List
  22. How to Copy Laser Form Templates from Company to Company
  23. Weird Character Displayed for Backslash (\) Character
  24. Does Elliott Support Desktop Virtualization?
  25. Access Is Denied When Launching Elliott V8 Report Viewer
  26. User Cannot See Some Spooled Reports in Elliott V8
  27. Why Does the User List Function Take Forever to Bring Up?
  28. I Am Running Out of Invoice Numbers -- I Need Direction to Archive Invoices
  29. Algorithm to Speed Up eContacts List in Elliott V8
  30. Elliott Requires Volume Supporting 8dot3name
  31. Elliott Running Extremely Slow on Windows 8 with Trend Micro Anti Virus Software Installed
  32. What Causes "File Table Exceed Limit" Error?
  33. Mass Email Time Out
  34. Report Incomplete After 4 Hours: Event Stops Working After Upgrade to Elliott V8
  35. File Created in C:\ Root Directory Disappears
  36. Is There a Way to Create and Distribute Elliott Printer Configurations?
  37. What Are "COBOL Only" or "User Defined" Event Actions? Can We Use Them in Any Way?
  38. How to Purge WSORDHDR.BTR and WSORDLIN.BTR files?
  39. CPORDLS (Order Serial/Lot File) Btrieve Page Size
  40. Create PO Receiving Event to Trap Negative Qty on Hand Problem
  41. Reducing File Sizes for INITLFILE.LOG & SYACTLOG.BTR
  42. Windows 10 and Trend Micro Anti-Virus Software
  43. The Remote Certificate Is Invalid According to the Validation Procedure
  44. Customer Has Multiple Primary Contacts or No Primary Contact
  45. Btrieve Error 46 on S/M Activity Log File
  46. Multi-Currency Workarounds in Elliott
  47. Using the Export Processor to Export Data
  48. Instructions for Importing Laser Form Template
  49. I Am Unable to Post or Enter a Date for the New Year
  50. Does Elliott Work Under Virtualized Desktops Infrastructure (VDI)
  51. Btrieve Error 80 During Defer Processing
  52. Lauch CSV File -- There Was a Problem Sending the Command to the Program
  53. Feature - System Users File Integrity Check
  54. Receive Error in NWSMSCRN for Function Pf-Map-Coordinate-Space
  55. Not Able to Receive Event Emails from Certain Users
  56. Feature - Events for Add Note and Delete Note
  57. When and How to Use DDF2BTR.EXE Utility
  58. Elliott Last Printing Job Overrides Windows Default Printer on Windows 10
  59. Not Able to Change Attributes Added by Other Users
  60. Feature - New Context Menus in v8.0 Spooled Reports Manager
  61. Feature - Automatic Archiving of Spooled Reports in Elliott v8.0
  62. Feature - Enhanced Security for Attributes
  63. Feature - Deferred Processing Multiple Times Per Day
  64. Feature - Ability to Specify User ID in User Search
  65. Feature - Utility to Re-Calculate Item First Received and Last Received Date
  66. NSCTLMN1 Global Setup Time Clock Global Setup
  67. How to Set Up One-to-One Restriction of Customer and Item
  68. Recursion Error When Drill Down to Item File Inquiry
  69. Error Invoking Macro - Cannot Install Hook
  70. Feature - Record Navigation in Attribute Window
  71. Error Connecting VPN from Windows 10 to Windows 2008 Server
  72. How to Stop Users from Sending Elliott Reports through Email
  73. Does Elliott Support Windows 10?
  74. It Is Extremely Slow to Run Elliott over VPN Connection
  75. SYTIMCLK Systems Manager General Time Clock
  76. Feature - Recalculate AP Vendor YTD and Last Year Amount
  77. XCO0100 Systems Manager Design Your Own Order
  78. Feature - Restrict Recurring Event for Number of Times for a Specific Reference
  79. How Do I Limit the Companies for Users?
  80. Feature - Enforced Report Destinations
  81. I Am Unable to Create a New User in Elliott
  82. Feature - PDF Printing in Elliott V8.2
  83. Feature: PDF PostOffice in Elliott V8.2, Introduction
  84. Feature: PDF PostOffice in Elliott V8.2, Part 1
  85. Feature: PDF PostOffice in Elliott V8.2, Part 2
  86. Feature: PDF PostOffice in Elliott V8.2, Part 3
  87. Feature - Added Checkbox and Description to Attribute List and the SPS Commerce Create Attribute Register
  88. Feature - Performance Options for eContact Activity Tab
  89. Feature - Mass Change Salesman Utility
  90. Elliott Installer File-In-Use Warning During Installation
  91. Unable to Run Elliott from UNC Path
  92. V8 Program Desktop Startup Shortcuts - Internal Macro
  93. Event When Order Put On Hold at Invoice Printing
  94. Feature - Time Clock Logoff Type
  95. Feature - Added Distribution to G/L History Files
  96. Feature - Utility to Update eContact PDF PostOffice Flags
  97. Can I Use Elliott for Sales, Telemarketing and CRM Purposes?
  98. Emailing PDF with SSPI Failed After Online Charging Using Credit Card
  99. Can You Explain How Elliott Stores Serial Numbers in Its Database?
  100. Converting Elliott Internal Date to Conventional Date Format in Excel
  101. All of a Sudden, My Terminal Server's Elliott Default Changed to Someone Else's Settings
  102. WannaCry Ransomware Security Recommendation
  103. Symantec Endpoint Protection Versions 12 and 14 Cause Elliott Startup Error
  104. Notes Security - From Global Setup, Note Type to Supervisory Relationship
  105. Remote Desktop Workstation Name
  106. Which Anti-Virus Software Do You Recommend to Installing on the Elliott ERP Server?
  107. Menu Access Error - You Do Not Have Access to CP,INQ, Menu Item 01
  108. Ping Test to Isolate Inconsistent Load Error 198
  109. The Definitions of Extra Flags in System Period Control Setup
  110. How to Use Procdump.exe to Create a Memory Dump for PSQL Engine
  111. Feature - Group Location Security
  112. NSCTLMN4 Global Setup Bill of Lading 1
  113. NSCTLMN4 Global Setup Bill of Lading 2
  114. NSCTLMN4 Global Setup Bill of Lading 3
  115. NSCTLMN4 Global Setup Bill of Lading 4
  116. NSCTLMN4 Global Setup Bill of Lading 5
  117. NSCTLMN4 Global Setup Bill of Lading 6
  118. NSCTLMN4 Global Setup Bill of Lading 7
  119. NSCTLMN4 Global Setup Bill of Lading 8
  120. NSCTLMN4 Global Setup Bill of Lading 9
  121. NSCTLMN4 Global Setup Bill of Lading 10
  122. NSCTLMN4 Global Setup Bill of Lading: Index
  123. Feature - Support 12 Months History in Export Processor
  124. NSCTLMN3 Inventory Management Global Control Setup 1
  125. NSCTLMN3 Inventory Management Global Control Setup 2
  126. NSCTLMN3 Purchase Order Global Control Setup 1
  127. NSCTLMN3 Purchase Order Global Control Setup 2
  128. NSCTLMN3 Bill of Material and Production Order Global Control Setup
  129. NSCTLMN3 Distribution Modules Global Setup: Index
  130. NSCTLMN5 Global Setup Change Quote to Order 1
  131. NSCTLMN5 Global Setup Change Quote to Order 2
  132. NSCTLMN5 Global Setup Change Quote to Order 3
  133. NSCTLMN5 Global Setup Change Quote to Order 4
  134. NSCTLMN5 Global Setup Change Quote to Order 5
  135. NSCTLMN5 Global Setup Change Quote to Order 6
  136. NSCTLMN5 Global Setup Change Quote to Order: Index
  137. I Cannot See the Spooled Reports Even though I Am an Administrator Equivalent User
  138. Multi-Currency Exchange Handling in Elliott
  139. How to be a Good Elliott Citizen
  140. Salesman Security
  141. SYMENU System Manager Introduction 1
  142. SYMENU System Manager Introduction 2
  143. SYMENU System Manager Introduction 3
  144. SYMENU System Manager Introduction 4
  145. SYMENU System Manager Introduction 5
  146. SYMENU System Manager Introduction 6
  147. SYMENU System Manager Introduction 7
  148. SYMENU System Manager Introduction 8
  149. SYMENU System Manager Introduction 9
  150. SYMENU System Manager Introduction 10
  151. Feature - Audit Trail of Accumulator Clearing
  152. SYMENU System Manager Introduction 11
  153. SYMENU System Manager Introduction 12
  154. SYMENU System Manager Introduction 13
  155. SYMENU System Manager Introduction 14
  156. SYMENU System Manager Introduction 15
  157. SYMENU System Manager Introduction 16
  158. SYMENU System Manager Introduction 17
  159. SYMENU System Manager Introduction 18
  160. SYMENU System Manager Introduction 19
  161. SYMENU System Manager Introduction 20
  162. SYMENU System Manager Introduction 21
  163. SYMENU System Manager Introduction 22
  164. SYMENU System Manager Introduction 23
  165. SYMENU System Manager Introduction 24
  166. SYMENU System Manager Introduction 25
  167. SYMENU System Manager Introduction 26
  168. SYMENU System Manager Introduction 27
  169. SYMENU System Manager Introduction 28
  170. SYMENU System Manager Introduction 29
  171. SYMENU System Manager Introduction 30
  172. SYMENU System Manager Introduction 31
  173. SYMENU System Manager Introduction 32
  174. SYMENU System Manager Introduction 33
  175. SYMENU System Manager Introduction 34
  176. SYMENU System Manager Introduction 35
  177. SYMENU System Manager Introduction 36
  178. SYMENU System Manager Introduction 37
  179. SYMENU System Manager Introduction 38
  180. SYMENU System Manager Introduction 39
  181. SYMENU System Manager Introduction 40
  182. SYMENU System Manager Introduction 41
  183. SYMENU System Manager Introduction 42
  184. SYMENU System Manager Introduction 43
  185. SYMENU System Manager Introduction 44
  186. SYMENU System Manager Introduction 45
  187. SYMENU System Manager Introduction 46
  188. SYMENU System Manager Introduction 47
  189. SYMENU System Manager Introduction 48
  190. SYMENU System Manager Introduction 49
  191. SYMENU System Manager Introduction 50
  192. SYMENU System Manager Introduction 51
  193. SYMENU System Manager Introduction 52
  194. SYMENU System Manager Introduction: Index
  195. Elliott V7.0 Release Notes: What's New Since Elliott V6.7
  196. Elliott V7.1 Release Notes: What's New Since Elliott V7.0
  197. Elliott V7.2 Release Notes: What's New Since Elliott V7.1
  198. Elliott V7.3 Release Notes: What's New Since Elliott V7.2
  199. Elliott V8.1 Release Notes: What's New Since Elliott V8.0
  200. Elliott V7.4 Release Notes: What's New Since Elliott V7.3
  201. Elliott V7.5 Release Notes: What's New Since Elliott V7.4
  202. Elliott V8.0 Release Notes: What's New Since Elliott V7.5
  203. Elliott V8.2 Release Notes: What's New Since Elliott V8.1
  204. Drill Down and Receive Message You Do Not Have Access
  205. Problem Running Elliott After Upgrading Windows 10 to Fall Creator Edition
  206. MAPISendMail failed! Not supported [26]
  207. What Information Is Stored in System 12 Months Table (SY12MONS)?
  208. Elliott Telephony Integration with eContact Call Button

Feedback and Knowledge Base