Solved

Domain XP systems not restarting after 0x0000007b error

Posted on 2009-07-06
17
314 Views
Last Modified: 2012-05-07
Several Windows XP machines have failed today.  The symptoms are normal until the machine is rebooted and then I receive an 0x0000007b error at blue screen.  Does it seem possible a DC is pushing out bad info causing these issues, or maybe some other system distribution method?  The problem is only happening at one site (one network) even though they are all connected across a WAN.  I have no idea and any help would be very appreciated.
IMG00112-20090706-1550.jpg
0
Comment
Question by:SNWadmin
  • 7
  • 4
  • 3
  • +2
17 Comments
 
LVL 12

Expert Comment

by:Gary Dewrell
Comment Utility
It is more likely that you are dealing with a boot sector virus.
It was not clear from you post,  but if you can get the machines to boot at all you need to run a virus detection software that checks the boot sector. I personally keep a copy stinger.exe from McAfee on my usb stick.

Oh, and remove the PCs from the network until you have ruled a virus out.

 
0
 
LVL 10

Expert Comment

by:Datedman
Comment Utility
Very likely a boot-sector virus.  What antivirus are you using?

Could also be a hard disk device driver thing if you're pushing device driver updates i guess but if several machines do this in short order most likely a virus.
0
 

Author Comment

by:SNWadmin
Comment Utility
Great.  Any idea how to contain a boot sector virus?  Also we are running Symantec Endpoint v11.

We are not pushing any drivers to clients.
0
 
LVL 10

Expert Comment

by:Datedman
Comment Utility
I'd pop one of those drives out and scan it in another computer (as a secondary drive) using SEP, superantispyware (www.superantispyware.com) and malwarebytes (www.malwarebytes.com) and combofix, all free solutions besides SEP (and SEP will take much longer for some reason when it finds infections so run it last maybe.)

Once you have identified the virus it'll be easier to figure out how to stop it I think.
0
 
LVL 12

Expert Comment

by:Gary Dewrell
Comment Utility
I use a linux bootable cd called UBCD that comes packed with utilities to inlude a virus product that will allow you to boot to the cd and run a complete scan.  You can download it from www.ultimatebootcd.com.

As for containing, you have to find the source. It could have been brought in by an employee on a CD, usb stick, ipod, etc.........

I would start by using the ubcd to determine for sure if you are dealing with a boot sector virus or not.
0
 
LVL 13

Expert Comment

by:murgroup
Comment Utility
Have you tried a system restore from the command prompt? Can you boot into safe mode?
0
 
LVL 10

Expert Comment

by:Datedman
Comment Utility
Don't think these systems will boot to command prompt nor is it likely a system restore will fix, first order of biz is to ascertain if it's a boot virus, yes?
0
 
LVL 13

Expert Comment

by:murgroup
Comment Utility
I always start with the easy stuff first. Why would you think it can't boot to a command prompt? I have done this many times in this situation. Sometimes it works sometimes not. If not I go to the next step.
If you don't care about how much time it takes to fix the virus then he can spend time worrying about what it is. If time is an issue then pull the drive and connect it to an isolated workstation. Pull the important data. Additionally he can put the drive off to the side and install a new drive. Install a fresh copy of the OS and get the user up and running. It takes less time to do this and you know the virus is gone. He can them pull data from the old drive and scan it for viruses before moving it back.

Datedman I am kind of thick so let me know if I missed the point?
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 10

Expert Comment

by:Datedman
Comment Utility
Sorry...just not the way I see it?  I'm always paranoid that if there's something wrong it'll get worse. Possibly very quickly. :)
0
 
LVL 13

Expert Comment

by:murgroup
Comment Utility
Well that's the beauty about this forum... we all get to give our opinion. I see your point and respect it.

Cheers,
0
 

Expert Comment

by:artieman209
Comment Utility
0
 

Author Comment

by:SNWadmin
Comment Utility
Thanks for all the responses thus far...

So Microsoft believe's this is not a boot sector virus because we can create a new OS install on a seperate partiion believing that a boot sector virus would trash the HD entirely.  The problem has spread to another site across the WAN and I'm not sure how or what is causing this problem.   I'm currently scanning a system using a Linex CD, and its already reported no malware found on master boot records.  Once the user/computer has this problem, no boot option works.
0
 

Author Comment

by:SNWadmin
Comment Utility
Oh, one more thing...   The infected systems seem to have the same Volume created date and time of, 02/26/01  04:38p
0
 
LVL 10

Expert Comment

by:Datedman
Comment Utility
Hard to believe it's not a virus if it's *spreading*.  

*Scratches head*
0
 
LVL 10

Expert Comment

by:Datedman
Comment Utility
Have you tried my initial suggestion of putting a drive in another computer and scanning with a suite of AV programs?
0
 

Accepted Solution

by:
SNWadmin earned 0 total points
Comment Utility
Thanks again for all the responses, here is the scope of the issue.

Problem description:  HP Notebook computers blue screen with 0x0000007b after reboot.  

Summary:  Specific HP Notebook computers running HPs Accelerometer tool along with Sunbelt Counterspy Software definition version 5225 and 5226.  The Counterspys agent was removing the accelerometer system file from the computer due to a false-positive in threat definitions 5225 and 5226.

Resolution:  Follow the steps from this website to recover from this error.
http://support.sunbeltsoftware.com/Default.aspx?answerid=1871
0
 
LVL 10

Expert Comment

by:Datedman
Comment Utility
lol so the Counterspy software was the virus :)
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
Issue: Unstable cursor in Windows XP and Windows runs extremely slow in that any click will bring up the Hour glass (sometimes for several seconds before giving you what you want) . Troubleshooting Process and the FINAL FIX: This issue see…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now