Expiring Today—Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Windows 7 64-bit BSOD 0x7B booting after Pihar and ZeroAccess removal

Posted on 2013-10-23
10
Medium Priority
?
732 Views
Last Modified: 2016-11-23
Dell Inspiron 1545 laptop with Windows 7 64-bit Home Prm.  Pulled hard drive for virus scan using NIS 2013 and removed ZeroAccess, Boot.Pihar, Maljava, and Trojan.Ransomlock.  Computer did successfully boot before removal, would run for a couple of minutes then BSOD.  Now during boot process - BSOD (STOP 0x7B).  

TDSS Killer doesn't find anything more than what was removed.  I have tried fixmbr and chkdsk.
0
Comment
Question by:Jason Johanknecht
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
10 Comments
 
LVL 23

Expert Comment

by:Patrick Bogers
ID: 39595139
Hi

You need to boot with Windows 7 x64 media and do a repair install. Some viruses like to replace bootfiles explaining you BSOD on boot.
Pretty sure this will fix your problem.
0
 
LVL 30

Expert Comment

by:Thomas Zucker-Scharff
ID: 39595256
Scanning a device with a windows OS should be done while the boot device is running as boot device to protect windows files. Win 7 x64 especially makes many engines think that a rootkit or key logger is active because of the way it tricks 32 bit programs. Check out this article:

http://www.experts-exchange.com/A_6650.html 

On malware fighting best practices by younghv.

As to your current situation, sounds like your only recourse is a repair install, unless you have a backup (the one you always do before trying to remove malware).
0
 
LVL 4

Author Comment

by:Jason Johanknecht
ID: 39595770
I have been doing virus removal this way for years, and this is the first one that didn't work and couldn't be resolved due to Windows files infected the scanner doesn't find or windows/registry settings that need to be corrected.   I am sure it is going to turn out that way, just haven't figured it out yet.  We repair atleast 200 virus infections a year using this method.  

Repair install is not possible, since you have to perform this from starting within the OS.
0
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

 
LVL 30

Expert Comment

by:Thomas Zucker-Scharff
ID: 39595878
You can do a repair by starting the repair console from a win 7 boot cd. Try using a sardu created boot disk (see my article).
0
 
LVL 4

Author Comment

by:Jason Johanknecht
ID: 39598422
How are you doing the repair install from the DVD?  I tried and keep getting the expected you must reboot, remove the DVD and start from within Windows.  I have googled and found nothing.
0
 
LVL 30

Expert Comment

by:Thomas Zucker-Scharff
ID: 39599299
If you download SARDU click on the win7 rescue disk and create a bootable device.
0
 
LVL 4

Accepted Solution

by:
Jason Johanknecht earned 0 total points
ID: 39599564
0
 
LVL 30

Expert Comment

by:Thomas Zucker-Scharff
ID: 39600841
Datapro,

Thanks for sharing what you found - great resource.  So does that mean you got everything up and running?
0
 
LVL 4

Author Comment

by:Jason Johanknecht
ID: 39635166
Everything works perfectly now!
0
 
LVL 4

Author Closing Comment

by:Jason Johanknecht
ID: 39644099
Worked perfectly!
0

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

These are on the increase and getting more common these days. Users who use the Google search engine may complain of having their search redirected to unwanted sites, regardless of what browser is used. This happens when the system is infected with…
PREFACE The purpose of this guide is to provide information to successfully install the MS SQL client tools for the Symantec Endpoint Protection Manager (SEPM) to function properly when installed on Windows 2008. AUDIENCE Information Technology…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question