Domain XP systems not restarting after 0x0000007b error

Several Windows XP machines have failed today.  The symptoms are normal until the machine is rebooted and then I receive an 0x0000007b error at blue screen.  Does it seem possible a DC is pushing out bad info causing these issues, or maybe some other system distribution method?  The problem is only happening at one site (one network) even though they are all connected across a WAN.  I have no idea and any help would be very appreciated.
IMG00112-20090706-1550.jpg
SNWadminAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Gary DewrellSenior Network AdministratorCommented:
It is more likely that you are dealing with a boot sector virus.
It was not clear from you post,  but if you can get the machines to boot at all you need to run a virus detection software that checks the boot sector. I personally keep a copy stinger.exe from McAfee on my usb stick.

Oh, and remove the PCs from the network until you have ruled a virus out.

 
0
DatedmanCommented:
Very likely a boot-sector virus.  What antivirus are you using?

Could also be a hard disk device driver thing if you're pushing device driver updates i guess but if several machines do this in short order most likely a virus.
0
SNWadminAuthor Commented:
Great.  Any idea how to contain a boot sector virus?  Also we are running Symantec Endpoint v11.

We are not pushing any drivers to clients.
0
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

DatedmanCommented:
I'd pop one of those drives out and scan it in another computer (as a secondary drive) using SEP, superantispyware (www.superantispyware.com) and malwarebytes (www.malwarebytes.com) and combofix, all free solutions besides SEP (and SEP will take much longer for some reason when it finds infections so run it last maybe.)

Once you have identified the virus it'll be easier to figure out how to stop it I think.
0
Gary DewrellSenior Network AdministratorCommented:
I use a linux bootable cd called UBCD that comes packed with utilities to inlude a virus product that will allow you to boot to the cd and run a complete scan.  You can download it from www.ultimatebootcd.com.

As for containing, you have to find the source. It could have been brought in by an employee on a CD, usb stick, ipod, etc.........

I would start by using the ubcd to determine for sure if you are dealing with a boot sector virus or not.
0
murgroupCommented:
Have you tried a system restore from the command prompt? Can you boot into safe mode?
0
DatedmanCommented:
Don't think these systems will boot to command prompt nor is it likely a system restore will fix, first order of biz is to ascertain if it's a boot virus, yes?
0
murgroupCommented:
I always start with the easy stuff first. Why would you think it can't boot to a command prompt? I have done this many times in this situation. Sometimes it works sometimes not. If not I go to the next step.
If you don't care about how much time it takes to fix the virus then he can spend time worrying about what it is. If time is an issue then pull the drive and connect it to an isolated workstation. Pull the important data. Additionally he can put the drive off to the side and install a new drive. Install a fresh copy of the OS and get the user up and running. It takes less time to do this and you know the virus is gone. He can them pull data from the old drive and scan it for viruses before moving it back.

Datedman I am kind of thick so let me know if I missed the point?
0
DatedmanCommented:
Sorry...just not the way I see it?  I'm always paranoid that if there's something wrong it'll get worse. Possibly very quickly. :)
0
murgroupCommented:
Well that's the beauty about this forum... we all get to give our opinion. I see your point and respect it.

Cheers,
0
artieman209Commented:
0
SNWadminAuthor Commented:
Thanks for all the responses thus far...

So Microsoft believe's this is not a boot sector virus because we can create a new OS install on a seperate partiion believing that a boot sector virus would trash the HD entirely.  The problem has spread to another site across the WAN and I'm not sure how or what is causing this problem.   I'm currently scanning a system using a Linex CD, and its already reported no malware found on master boot records.  Once the user/computer has this problem, no boot option works.
0
SNWadminAuthor Commented:
Oh, one more thing...   The infected systems seem to have the same Volume created date and time of, 02/26/01  04:38p
0
DatedmanCommented:
Hard to believe it's not a virus if it's *spreading*.  

*Scratches head*
0
DatedmanCommented:
Have you tried my initial suggestion of putting a drive in another computer and scanning with a suite of AV programs?
0
SNWadminAuthor Commented:
Thanks again for all the responses, here is the scope of the issue.

Problem description:  HP Notebook computers blue screen with 0x0000007b after reboot.  

Summary:  Specific HP Notebook computers running HPs Accelerometer tool along with Sunbelt Counterspy Software definition version 5225 and 5226.  The Counterspys agent was removing the accelerometer system file from the computer due to a false-positive in threat definitions 5225 and 5226.

Resolution:  Follow the steps from this website to recover from this error.
http://support.sunbeltsoftware.com/Default.aspx?answerid=1871
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
DatedmanCommented:
lol so the Counterspy software was the virus :)
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows XP

From novice to tech pro — start learning today.