Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 61
  • Last Modified:

Windows 7 Pcs on network booting can't find mbr

Hi. Fiend of mine has a few hundred pc environment, windows 7 and 10. Quite a few of the windows 7 systems are getting a virus and the result is booting up to can't find mbr. Windows 10 systems not affected

Makes me think that it's a network worm exploiting a hole in windows 7

Want to give him direction on what to packet trace for other than top talker

Anyone come across this where direction can be give on what to sniff the wire for??
0
jlavery
Asked:
jlavery
  • 3
  • 2
2 Solutions
 
John HurstBusiness Consultant (Owner)Commented:
About the only thing that will do that is a root kit virus. The only practical repair for many of these is to low level format and reinstall Windows. Make sure you are using top notch Anti Virus.
1
 
jlaveryAuthor Commented:
Thanks for the reply.  Really looking to stop the spread of it further by identifying what to sniff for in the wire
0
 
John HurstBusiness Consultant (Owner)Commented:
All that will stop root kit viruses is top notch Anti Virus. There are a number of high grade AV products and that is what you need.

Symantec (not Norton), Kaspersky, Trend Micro and others.
0
New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

 
dbruntonCommented:
You'd really need to take an affected hard disk across to another computer and use that second computer to rebuild the MBR.  Possibly use TestDisk http://www.cgsecurity.org/wiki/TestDisk (tutorials available on the site.  Be cautious).  Once the MBR is rebuilt then scan the disk with anti-virus and see if it can find the offending virus.

Don't know if it  would be a root kit but quite possibly the affected computers are all accessing a shared folder and a shared file.  That would be my guess.  Or possibly a shared email.
0
 
jlaveryAuthor Commented:
OK.. here is what it was..

false positive by malwarebytes..

My apologize for the inconvenience this has caused. We tried to work as quickly as possible to resolve this FP in a database update so as long as you have updated your database, you will not experience this issue again.

We have a few workarounds written up on our KB article here:
https://support.malwarebytes.com/customer/portal/articles/2647220-what-can-i-do-if-i-have-been-affected-by-the-kernel32-dll-false-positive-?b_id=6442
0
 
jlaveryAuthor Commented:
provided solutions by others were helpful but not the answer
0

Featured Post

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now