How to Reset the Counter in *.DAT Files After Recovery from Crypto Ransom Ware Attack

Q - We were recently attacked by Crypto Ransomware.  We did implement the NTFS security based on the following Knowledge Base article:
        http://support.elliott.com/knowledgebase/articles/654601-elliott-8-directory-structure-and-ntfs-rights
However, we still have to restore the DAT files.  The DAT files contain counters like starting order number and starting invoice number.  How do I reset them to the values that match the current *.BTR file values?

A - The following is a list of *.DAT files that may be attacked by CryptoWall or CryptoLocker Ransom Ware:

APCTLFIL.DAT: This file contains information in A/P Setup.  The counter you need to reset is "13. Last Voucher Number Used?" You can find this value by following this procedure:
  • Go to New A/P Transaction Processing and print edit list.  If there are any transactions in the New A/P Trandaction edit list, then find the last voucher number used. 
  • If there's nothing in New A/P Transaction Processing, bring up the Pervasive control center, find the APOPN_VHR table, and execute the following SQL statement - select top 10 ap_open_voucher_no_v from "APOPNFIL_VHR" where ap_open_voucher_code = 'V' order by ap_open_voucher_no_v desc 
  • The last 10 vouchers used should show up.  The reason we choose to show the last 10 vouchers is because you could manually assign vouchers.  Showing the last 10 vouchers can help you to identify if that is your situation and help you to avoid drawing the wrong conclusions.
ARCTLFIL.DAT: This file contains information in A/R Setup.  The counter you need to reset is "1. Starting Invoice No."  You should first check to see if you have any unposted invoices in the CPORDHDR table.  You can find that out with the following procedure:
  • Use this SQL statement in Pervasive control center - select top 10 order_no, order_invoice_no, order_invoice_date from "CPORDHDR" where order_selection_code = 'X' order by order_invoice_no desc
  • If nothing shows up with the above SQL statement, it means all invoices are posted.  Then you need to use the following SQL statement to find it from the CPINVHDR table - select top 10 inv_no from cpinvhdr order by inv_no desc
  • Alternatively, you can go to COP -> Inquiry -> Invoice History Inquiry -> Inquiry -> Invoice Inquiry by Invoice.  Hit F1 at the customer number field, and then hit F1 to show the latest invoices.
BMCTLFIL.DAT: This file contains the BOMP Setup.  The counters you need to reset are:
  • "3. Next Legacy Work Order No"
  • "4. Next Engineering Change No"
  • "5. Next Material Work Order No"
  • "6. Next Plus Work Order No"
Depending on the features you use in BOMP module, you may not need to recover all of them.  For example, if you don't use Plus Work Order, then you don't need to recover the value of "6. Next Plus Work Order No".  The following is the procedure you can use to recover these values:
  • You can use the following SQL statement to recover legacy work order numbers - select top 10 prd_ord_order_no from bmordfil where prd_ord_order_type = 'O' order by prd_ord_order_no desc
  • Similarly, you can use the following SQL statement to recover material work order numbers - select top 10 prd_ord_order_no from bmordfil where prd_ord_order_type = 'M' order by prd_ord_order_no desc  
  • Similarly, you can use the following SQL statement to recover plus work order numbers -  select top 10 prd_ord_order_no from bmordfil where prd_ord_order_type = 'P' order by prd_ord_order_no desc
  • If you are using BOMP engineering change processing, you can find engineering changes by going to BOMP -> Processing -> Engineering Change Processing -> List.  If there are any entries, you will find the last Engineering Change No there.
  • If there is nothing in the Engineering Change Edit List, you can find out the last engineering change from history by using the following SQL statement - select top 10 eng_chg_hst_chg_no from bmenghst order by eng_chg_hst_chg_no desc
COMPFILE.DAT: This file contains both company setup and G/L setup.  It is unlikely that company setup would have any changes.  The counter values you need to recover in G/L Setup are "4. Starting Journal History No" and "5. Starting Transaction ID No."  You can use the following procedure to find this vale:
  • Go to G/L -> Reports -> Journal History Report. Print all packages for the last few days (a few days ahead of your backup date till now).  Look through each section.  The journal source looks like XX9999.  The largest 9999 will be at the end of each section.  Find the largest 9999 value among all sections.  That value + 1 will be the value for "4. Starting Journal History No."
  • Go to G/L -> Processing -> General Journal Trx Processing -> Entry-List.  If you have an unposted G/L Journal Trx in the edit list, you can find the last G/L Transaction ID used.
  • If there are no entries in the G/L Journal Trx edit list, then you will have to recover this value from the General Ledger table.  You can use the following SQL statement - select top 10 gl_trx_id from "GLTRXFIL" order by gl_trx_id desc
CPCTLFIL.DAT: This file contains the COP Setup.  The counter you need to reset is "1. Staring Order Number." You can find out this value by going to COP -> Inquiry -> Order Inquiry -> Inquiry -> Order Inquiry by Customer/Order.  At the customer field, press F1. Then, at the order field, press F2. This will be bring up the orders by reverse order number sequence.  The F2 key will ensure that even the posted orders will show up.

CPHSTPRD.DAT: This is the setting in COP -> Maintenance -> Sales Hist Period File. Unless the restoration of this file is over the month-end, the value in this file will not be changed.  If it is over the month-end period, you can simply go to this menu and change the current period.

GLFSPASS.DAT: There is no counter to recover from this table.  So you can simply restore the DAT files and nothing needs to be done.

GLPRDFIL.DAT: This and the GLPRDV66.DAT files comprise the G/L Period File.  You can access them by going to G/L -> Maintenance -> Accounting Period File.  Unless the restoration of this file is over the month-end period, the value in this file will not be changed.  If it is over the month-end period, you can simply go to the menu and change the current period accordingly.

GLPRDV66.DAT: See previous instructions for GLPRDFIL.DAT. 

IMATP001.DAT:  There is no counter to recover from this table.  So you can simply restore the DAT files and nothing needs to be done.

POCTLFIL.DAT: This is the setting in PO Setup. The counter you need to reset is "1. Starting Purchase Order No."  You can find out this value by going to PO -> Inquiry -> Purchase Order Inquiry -> Inquiry.  At  theVendor No. field, press F1. At the P.O. No field, press F1.  Then the Purchase Order will be displayed in the reverse sequence of PO number.

TERMBAL.DAT:  There is no counter to recover from this table.  So you can simply restore the DAT files and nothing needs to be done.

Grant Users Modify Right to *.DAT After Restore the DAT Files
Also, keep in mind that after you restore the *.DAT files, you will need to give your users modify right access by using commands like the following:'
    ICACLS *.dat /grant everyone:M

EMK

Systems Manager

  1. Using Raw Data Pass Through for Dot Matrix Printer on Windows 10 Does Not Work
  2. How Do I Find The Workstation That's Infected with The Crypto Ransom Ware?
  3. How to Reset the Counter in *.DAT Files After Recovery from Crypto Ransom Ware Attack
  4. Aging Shows Differently After Database Rebuild
  5. What Do I Do When My Anti-virus Software Reports Elliott EXE File as a Virus?
  6. High CPU Usage and Performance Issues After Implementing NTFS Security
  7. "We can't verify who created this file. Are you sure you want to run this file?"
  8. Problem with Printer Configuration If Running Elliott from Multiple Workstations
  9. Inconsistent Elliott Error on Terminal Server
  10. How to Restore Elliott from CryptoWall Ransomware Attack
  11. Clarify Laser Forms Line Item Level Barcode Printing
  12. Is Dot Matrix Printer Still Supported in Elliott with Windows 10?
  13. Should I Install the 32-bit or 64-bit Outlook/Office?
  14. I Receive Error 114 When I Start Up Elliott on the Server
  15. Manage Data Execution Prevention (DEP) Through Registry Editing
  16. Windows Defender May Cause Elliott Start-Up Difficulties
  17. Why Do I Exceed Elliott User License Count When There are No or Very Few Users in Elliott?
  18. What Causes Load Error 198?
  19. How the Windows Scheme You Choose May Affect the Elliott Screen Display
  20. Still Get Error 114 After Adding All Elliott EXE Files to the DEP List
  21. How to Copy Laser Form Templates from Company to Company
  22. Weird Character Displayed for Backslash (\) Character
  23. Does Elliott Support Desktop Virtualization?
  24. Access Is Denied When Launching Elliott V8 Report Viewer
  25. User Cannot See Some Spooled Reports in Elliott V8
  26. Why Does the User List Function Take Forever to Bring Up?
  27. I Am Running Out of Invoice Numbers -- I Need Direction to Archive Invoices
  28. Algorithm to Speed Up eContacts List in Elliott V8
  29. Elliott Requires Volume Supporting 8dot3name
  30. Elliott Running Extremely Slow on Windows 8 with Trend Micro Anti Virus Software Installed
  31. What Causes "File Table Exceed Limit" Error?
  32. Mass Email Time Out
  33. Report Incomplete After 4 Hours: Event Stops Working After Upgrade to Elliott V8
  34. File Created in C:\ Root Directory Disappears
  35. Is There a Way to Create and Distribute Elliott Printer Configurations?
  36. What Are "COBOL Only" or "User Defined" Event Actions? Can We Use Them in Any Way?
  37. How to Purge WSORDHDR.BTR and WSORDLIN.BTR files?
  38. CPORDLS (Order Serial/Lot File) Btrieve Page Size
  39. Create PO Receiving Event to Trap Negative Qty on Hand Problem
  40. Reducing File Sizes for INITLFILE.LOG & SYACTLOG.BTR
  41. Windows 10 and Trend Micro Anti-Virus Software
  42. The Remote Certificate Is Invalid According to the Validation Procedure
  43. Customer Has Multiple Primary Contacts or No Primary Contact
  44. Btrieve Error 46 on S/M Activity Log File
  45. Multi-Currency Workarounds in Elliott
  46. Using the Export Processor to Export Data
  47. Instructions for Importing Laser Form Template
  48. I Am Unable to Post or Enter a Date for the New Year
  49. Does Elliott Work Under Virtualized Desktops Infrastructure (VDI)
  50. Btrieve Error 80 During Defer Processing
  51. Lauch CSV File -- There Was a Problem Sending the Command to the Program
  52. Feature - System Users File Integrity Check
  53. Receive Error in NWSMSCRN for Function Pf-Map-Coordinate-Space
  54. Not Able to Receive Event Emails from Certain Users
  55. Feature - Events for Add Note and Delete Note
  56. When and How to Use DDF2BTR.EXE Utility
  57. Elliott Last Printing Job Overrides Windows Default Printer on Windows 10
  58. Not Able to Change Attributes Added by Other Users
  59. Feature - New Context Menus in v8.0 Spooled Reports Manager
  60. Feature - Automatic Archiving of Spooled Reports in Elliott v8.0
  61. Feature - Enhanced Security for Attributes
  62. Feature - Deferred Processing Multiple Times Per Day
  63. Feature - Ability to Specify User ID in User Search
  64. Feature - Utility to Re-Calculate Item First Received and Last Received Date
  65. NSCTLMN1 Global Setup Time Clock Global Setup
  66. How to Set Up One-to-One Restriction of Customer and Item
  67. Recursion Error When Drill Down to Item File Inquiry
  68. Error Invoking Macro - Cannot Install Hook
  69. Feature - Record Navigation in Attribute Window
  70. Error Connecting VPN from Windows 10 to Windows 2008 Server
  71. How to Stop Users from Sending Elliott Reports through Email
  72. Does Elliott Support Windows 10?
  73. It Is Extremely Slow to Run Elliott over VPN Connection
  74. SYTIMCLK Systems Manager General Time Clock
  75. Feature - Recalculate AP Vendor YTD and Last Year Amount
  76. XCO0100 Systems Manager Design Your Own Order
  77. SYMENU Systems Manager - Index
  78. SYMENU Systems Manager - Installation
  79. SYMENU Systems Manager - Introduction
  80. SYMENU Systems Manager - Getting Started With Elliott
  81. SYMENU Systems Manager - Screen User Interface
  82. Feature - Restrict Recurring Event for Number of Times for a Specific Reference
  83. How Do I Limit the Companies for Users?
  84. Feature - Enforced Report Destinations
  85. I Am Unable to Create a New User in Elliott
  86. Feature - PDF Printing in Elliott V8.2
  87. Feature: PDF PostOffice in Elliott V8.2, Introduction
  88. Feature: PDF PostOffice in Elliott V8.2, Part 1
  89. Feature: PDF PostOffice in Elliott V8.2, Part 2
  90. Feature: PDF PostOffice in Elliott V8.2, Part 3
  91. Feature - Added Checkbox and Description to Attribute List and the SPS Commerce Create Attribute Register
  92. Feature - Performance Options for eContact Activity Tab
  93. Feature - Mass Change Salesman Utility
  94. Elliott Installer File-In-Use Warning During Installation
  95. Unable to Run Elliott from UNC Path
  96. V8 Program Desktop Startup Shortcuts - Internal Macro

Feedback and Knowledge Base