Solved

Domain XP systems not restarting after 0x0000007b error

Posted on 2009-07-06
17
320 Views
Last Modified: 2012-05-07
Several Windows XP machines have failed today.  The symptoms are normal until the machine is rebooted and then I receive an 0x0000007b error at blue screen.  Does it seem possible a DC is pushing out bad info causing these issues, or maybe some other system distribution method?  The problem is only happening at one site (one network) even though they are all connected across a WAN.  I have no idea and any help would be very appreciated.
IMG00112-20090706-1550.jpg
0
Comment
Question by:SNWadmin
  • 7
  • 4
  • 3
  • +2
17 Comments
 
LVL 12

Expert Comment

by:Gary Dewrell
ID: 24790980
It is more likely that you are dealing with a boot sector virus.
It was not clear from you post,  but if you can get the machines to boot at all you need to run a virus detection software that checks the boot sector. I personally keep a copy stinger.exe from McAfee on my usb stick.

Oh, and remove the PCs from the network until you have ruled a virus out.

 
0
 
LVL 10

Expert Comment

by:Datedman
ID: 24790981
Very likely a boot-sector virus.  What antivirus are you using?

Could also be a hard disk device driver thing if you're pushing device driver updates i guess but if several machines do this in short order most likely a virus.
0
 

Author Comment

by:SNWadmin
ID: 24790986
Great.  Any idea how to contain a boot sector virus?  Also we are running Symantec Endpoint v11.

We are not pushing any drivers to clients.
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 10

Expert Comment

by:Datedman
ID: 24791008
I'd pop one of those drives out and scan it in another computer (as a secondary drive) using SEP, superantispyware (www.superantispyware.com) and malwarebytes (www.malwarebytes.com) and combofix, all free solutions besides SEP (and SEP will take much longer for some reason when it finds infections so run it last maybe.)

Once you have identified the virus it'll be easier to figure out how to stop it I think.
0
 
LVL 12

Expert Comment

by:Gary Dewrell
ID: 24791022
I use a linux bootable cd called UBCD that comes packed with utilities to inlude a virus product that will allow you to boot to the cd and run a complete scan.  You can download it from www.ultimatebootcd.com.

As for containing, you have to find the source. It could have been brought in by an employee on a CD, usb stick, ipod, etc.........

I would start by using the ubcd to determine for sure if you are dealing with a boot sector virus or not.
0
 
LVL 13

Expert Comment

by:murgroup
ID: 24791351
Have you tried a system restore from the command prompt? Can you boot into safe mode?
0
 
LVL 10

Expert Comment

by:Datedman
ID: 24791369
Don't think these systems will boot to command prompt nor is it likely a system restore will fix, first order of biz is to ascertain if it's a boot virus, yes?
0
 
LVL 13

Expert Comment

by:murgroup
ID: 24791419
I always start with the easy stuff first. Why would you think it can't boot to a command prompt? I have done this many times in this situation. Sometimes it works sometimes not. If not I go to the next step.
If you don't care about how much time it takes to fix the virus then he can spend time worrying about what it is. If time is an issue then pull the drive and connect it to an isolated workstation. Pull the important data. Additionally he can put the drive off to the side and install a new drive. Install a fresh copy of the OS and get the user up and running. It takes less time to do this and you know the virus is gone. He can them pull data from the old drive and scan it for viruses before moving it back.

Datedman I am kind of thick so let me know if I missed the point?
0
 
LVL 10

Expert Comment

by:Datedman
ID: 24791426
Sorry...just not the way I see it?  I'm always paranoid that if there's something wrong it'll get worse. Possibly very quickly. :)
0
 
LVL 13

Expert Comment

by:murgroup
ID: 24791444
Well that's the beauty about this forum... we all get to give our opinion. I see your point and respect it.

Cheers,
0
 

Expert Comment

by:artieman209
ID: 24791515
0
 

Author Comment

by:SNWadmin
ID: 24793746
Thanks for all the responses thus far...

So Microsoft believe's this is not a boot sector virus because we can create a new OS install on a seperate partiion believing that a boot sector virus would trash the HD entirely.  The problem has spread to another site across the WAN and I'm not sure how or what is causing this problem.   I'm currently scanning a system using a Linex CD, and its already reported no malware found on master boot records.  Once the user/computer has this problem, no boot option works.
0
 

Author Comment

by:SNWadmin
ID: 24793758
Oh, one more thing...   The infected systems seem to have the same Volume created date and time of, 02/26/01  04:38p
0
 
LVL 10

Expert Comment

by:Datedman
ID: 24793899
Hard to believe it's not a virus if it's *spreading*.  

*Scratches head*
0
 
LVL 10

Expert Comment

by:Datedman
ID: 24793912
Have you tried my initial suggestion of putting a drive in another computer and scanning with a suite of AV programs?
0
 

Accepted Solution

by:
SNWadmin earned 0 total points
ID: 24805925
Thanks again for all the responses, here is the scope of the issue.

Problem description:  HP Notebook computers blue screen with 0x0000007b after reboot.  

Summary:  Specific HP Notebook computers running HPs Accelerometer tool along with Sunbelt Counterspy Software definition version 5225 and 5226.  The Counterspys agent was removing the accelerometer system file from the computer due to a false-positive in threat definitions 5225 and 5226.

Resolution:  Follow the steps from this website to recover from this error.
http://support.sunbeltsoftware.com/Default.aspx?answerid=1871
0
 
LVL 10

Expert Comment

by:Datedman
ID: 24806087
lol so the Counterspy software was the virus :)
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

822 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question