Solved

Windows 7 Pcs on network booting can't find mbr

Posted on 2016-11-18
6
27 Views
Last Modified: 2016-11-27
Hi. Fiend of mine has a few hundred pc environment, windows 7 and 10. Quite a few of the windows 7 systems are getting a virus and the result is booting up to can't find mbr. Windows 10 systems not affected

Makes me think that it's a network worm exploiting a hole in windows 7

Want to give him direction on what to packet trace for other than top talker

Anyone come across this where direction can be give on what to sniff the wire for??
0
Comment
Question by:jlavery
  • 3
  • 2
6 Comments
 
LVL 93

Expert Comment

by:John Hurst
ID: 41893823
About the only thing that will do that is a root kit virus. The only practical repair for many of these is to low level format and reinstall Windows. Make sure you are using top notch Anti Virus.
1
 

Author Comment

by:jlavery
ID: 41893824
Thanks for the reply.  Really looking to stop the spread of it further by identifying what to sniff for in the wire
0
 
LVL 93

Expert Comment

by:John Hurst
ID: 41893825
All that will stop root kit viruses is top notch Anti Virus. There are a number of high grade AV products and that is what you need.

Symantec (not Norton), Kaspersky, Trend Micro and others.
0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 
LVL 48

Assisted Solution

by:dbrunton
dbrunton earned 500 total points
ID: 41893937
You'd really need to take an affected hard disk across to another computer and use that second computer to rebuild the MBR.  Possibly use TestDisk http://www.cgsecurity.org/wiki/TestDisk (tutorials available on the site.  Be cautious).  Once the MBR is rebuilt then scan the disk with anti-virus and see if it can find the offending virus.

Don't know if it  would be a root kit but quite possibly the affected computers are all accessing a shared folder and a shared file.  That would be my guess.  Or possibly a shared email.
0
 

Accepted Solution

by:
jlavery earned 0 total points
ID: 41897973
OK.. here is what it was..

false positive by malwarebytes..

My apologize for the inconvenience this has caused. We tried to work as quickly as possible to resolve this FP in a database update so as long as you have updated your database, you will not experience this issue again.

We have a few workarounds written up on our KB article here:
https://support.malwarebytes.com/customer/portal/articles/2647220-what-can-i-do-if-i-have-been-affected-by-the-kernel32-dll-false-positive-?b_id=6442
0
 

Author Closing Comment

by:jlavery
ID: 41902979
provided solutions by others were helpful but not the answer
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

The 21st century solution to antiquated pagers.
Data breaches are on the rise, and companies are preparing by boosting their cybersecurity budgets. According to the Cybersecurity Market Report (http://www.cybersecurityventures.com/cybersecurity-market-report), worldwide spending on cybersecurity …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

822 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question