Networking Issues (Mac to PC w/ shared external drive)

[freshform]

My configuration is as-follows:
- Cable Modem
- Sonicwall Firewall
- Switch
- 3 PowerMac G5s (10.5 on two, 10.4 on one)
- 1 iMac (10.4+)
- 1 Windows XP (w/ shared external Maxtor 250Gb drive)
- 2 Networked printers

Via the Macs, we've been accessing the external drive with no issues via the Network / Workgroups / PC_Name and also via a number of folder aliases we have established.

We recently backed up lots of data to the external drive as we migrated to Leopard.

Here are the odd occurrences that happened on the external drive that have me scratching my head.

1. Duplicate folders appeared on the external drive. The existing is "folder" and the newly duplicated folders were created with an underscore (ie "_folder".)
   
2. A folder called "private" and a sub folder called "tmp" were created. Inside tmp was a series of long alphanumberic file names for files that appeared to have CSS.
   
3. Another folder was created and had something call the "mrtstub.exe"
   Here's reference...
   http://www.microsoft.com/communitie...&tid=c0b6f0d6-4894-4fe8-9ea2-82a6c4eee208&p=1
   
   At this point, I'm convinced it's some Virus that's eventually going to eat up all my data.
   
   I deleted the Private and other folder with the .EXE and then downloaded, installed and ran TrendMicro's antivirus software.(http://us.trendmicro.com/us/home/).
   
   Unfortunately, it didn't get better...
   
4. Today our Network window changes appearance. The Network no longer has Workgroups, Servers, etc. All shared computers are listed as aliases in the root of Network.
   
5. The network printers became unaccessible from the G5s with Leopard, but fine on the others.
   
6. All the Macs can no longer see or access the PC or its external drive.

Anyone ever come across something like this? This set up has run great for the past 6 months. The latest change was an install of Leopard on two of the systems.

I'm at a loss here... So, any thoughts, insight or even sympathy might help at this point.

 

[Bobbi Flekman]

Hi freshform,

I have a feeling that you are getting worked up for nothing. 😉 Mrtstub.exe is the Malware Removal Tool STUB program for Microsoft's malware remover.

Even though this explains the program file, this doesn't explain the other folders.

If you'd like to get to the bottom of this I suggest you go to one of the Malware Removal Sites on the net like

Bleeping Computer
GeeksToGo
Gladiator

and post a log from HijackThis there. B.t.w. you can PM me at the sites I mentioned.

In the meantime, these "underscore-folders" are they everywhere? Or just in a certain location? I mean do you have c:\Windows and c:\_Windows?

I would need to more about the contents of those Private and Tmp folders to make some sort of judgment on them.

All the Macs can no longer see or access the PC or its external drive.

The Macs still do see each other?

Could it be that the deletion of the files eradicated the network information on the Windows machine? What is the workgroup name of the Windows machine?

 

[freshform]

Thanks for the references Bobbi.

I've researched the Mrtstub.exe file, but it still makes me uneasy when files appear out of the blue. 😡

The underscore folders only appeared in a certain location on the external drive. For example: (F) / Projects / Group / A, B, C (and then _A, _B, _C were created in the same directory).

But the odd thing was that the "Projects" directory also had a "Projects 2" created and some of the sub directories were created as well, but completely empty.

The Macs still do see each other?

Yes, all the Macs can still see and access one another.

Could it be that the deletion of the files eradicated the network information on the Windows machine? What is the workgroup name of the Windows machine?

No, I don't think so, since these were all files located on the external drive. Nothing was deleted on the Windows box itself. The workgroup name was the default, which I think was "workgroup".


So, here the update...
I tried to do a number of suggestions I found (and mostly already knew about) on Apples support site, all with no luck.

I also have a Windows Vista box and set up sharing and tried to connect the Windows XP box to the Windows Vista box. Still no luck. At this point Mac nor Windows Vista can see the XP box on the network, but I were able to set up the Vista box and the Macs can see that if you use: Go : Connect to Server, and type in the IP directly using SMB://IPAddress/.

All the files can now be seen and no data appears to be lost.

Could the network card have gone bad in the XP box? The XP box can still connect to the Internet and and it could still see and display all the external drives contents, so I know it wasn't a bad cable.

 

[Bobbi Flekman]

I've researched the Mrtstub.exe file, but it still makes me uneasy when files appear out of the blue. 😡

That's the effect with temp files/folders.

The underscore folders only appeared in a certain location on the external drive. For example: (F) / Projects / Group / A, B, C (and then _A, _B, _C were created in the same directory).

But the odd thing was that the "Projects" directory also had a "Projects 2" created and some of the sub directories were created as well, but completely empty.

If they appeared only in a certain location this sounds like the work of a program. Could the double folders have a certain program in common? Like.... Could it be a backup folder? Or an accumulation of changes that would still need to be incorporated as in a database? Once you delete them, do they come back? If so, and they come back at the restart of the computer then you are in trouble. That would mean some unnamed program is recreating them, and that program is somewhere in an autostart location. In that case I do suggest a trip to one of the malware sites that I frequent (the ones I mentioned in the previous post). If they don't then it is a question of which program is responsible, and why... Lots and lots of research with our buddy Google.

No, I don't think so, since these were all files located on the external drive. Nothing was deleted on the Windows box itself. The workgroup name was the default, which I think was "workgroup".

Can you check if the names are the same? In Windows networking, if the domain is not the same you will not be able to get onto the computer. If you see the computer, but there are no discs to look at then the sharing of the disc got messed up.

I also have a Windows Vista box and set up sharing and tried to connect the Windows XP box to the Windows Vista box. Still no luck. At this point Mac nor Windows Vista can see the XP box on the network, but I were able to set up the Vista box and the Macs can see that if you use: Go : Connect to Server, and type in the IP directly using SMB://IPAddress/.

All the files can now be seen and no data appears to be lost.

Recoup: Vista and Mac play nice with each other, but the XP one is left outside. Does Vista see XP? If the Workgroup, Username and password are the same the login should be automatically.

Do you know the IP address, or the computername of the XP machine. Sometimes my Mac doesn't show the Windows machine either and I simply connect the same way you said (through Samba). No problem, and once connected to the machine all the shared discs automagically pop up.

Could the network card have gone bad in the XP box? The XP box can still connect to the Internet and and it could still see and display all the external drives contents, so I know it wasn't a bad cable.

Of course it could have, but it is unlikely. With hardware everything could be dying. Have you tried a different socket in the router? Might be that that one went belly-up. The reason I hadn't talked about that is that usually it is unlikely for something to die all of a sudden. Most of the time there are bad spurts leading up to it. As an example, I had a hard disc that died on me a few years back, but that was giving me a hard time with not connecting and spontaneous reboots a long time before it actually rolled over and shut up forever.

 

[freshform]

Could the double folders have a certain program in common? Like.... Could it be a backup folder? Or an accumulation of changes that would still need to be incorporated as in a database?

Unfortunately, no. There wasn't anything in common with the folders. The files were a variety of documents, graphics, audio, video, etc. Each was a bit different.

Once you delete them, do they come back?

No. Not yet anyway, and I have restarted the system.

Can you check if the names are the same? In Windows networking, if the domain is not the same you will not be able to get onto the computer. If you see the computer, but there are no discs to look at then the sharing of the disc got messed up.

It appears that nothing there was changed. It's the same as it always has been. I did think it was the sharing settings at first, but I've gone through the same steps as Ive done in the past. I did try setting up the "sharing" on the shared drive, so it went through the permissions setup for all the files like I've done in the past. Nothing out of the ordinary is standing out.

Does Vista see XP?

No. Essentially, XP is invisible to everything else on the network.

Do you know the IP address, or the computername of the XP machine.

Yes and I tried this, but no luck. I also tried to PING the XP box from my mac and no luck.

At this point, my conclusion is that the XP box has the issue. The network is fine and all the macs can share and all the systems now can see the Vista shared drive.

 

[Bobbi Flekman]

Unfortunately, no. There wasn't anything in common with the folders. The files were a variety of documents, graphics, audio, video, etc. Each was a bit different.
...
No. Not yet anyway, and I have restarted the system.

I'd keep an eye on it, just to be sure. When they return try and find out what happened to make them return. Maybe a backup program ran or so, that normally doesn't run. At the moment I don't have further ideas about this.

It appears that nothing there was changed. It's the same as it always has been. I did think it was the sharing settings at first, but I've gone through the same steps as Ive done in the past. I did try setting up the "sharing" on the shared drive, so it went through the permissions setup for all the files like I've done in the past. Nothing out of the ordinary is standing out.

No. Essentially, XP is invisible to everything else on the network.

Yes and I tried this, but no luck. I also tried to PING the XP box from my mac and no luck.

At this point, my conclusion is that the XP box has the issue. The network is fine and all the macs can share and all the systems now can see the Vista shared drive.

As long as the workgroup name is the same, the other computers will have to acknowledge the existence of the machine. So the first step is getting the other machines to see the XP machine. I assume that you have a router into which all the computers are plugged in. From there the connected computers can share Internet, and each other. Is it possible to use the cable from the Vista machine and the socket of it, hook that up to the XP one and check whether the others see the XP one. If so, then either the cable is busted or the socket, or both. To check the cable, put the working cable in a different socket, or put the cable that was attached to XP in the socket that you are using. Is the XP-system still visible to the rest of the world?

If so, you know what is wrong. Change the cable, change the socket (or the router) and you're back in business. Check the share permissions and everything should be fine. If not, then open a DOS box on the XP machine and execute the following command ping localhost. Do you get answers? If the TCP/IP protocol is still okay you should.