Solved

Windows 7 Pcs on network booting can't find mbr

Posted on 2016-11-18
6
23 Views
Last Modified: 2016-11-27
Hi. Fiend of mine has a few hundred pc environment, windows 7 and 10. Quite a few of the windows 7 systems are getting a virus and the result is booting up to can't find mbr. Windows 10 systems not affected

Makes me think that it's a network worm exploiting a hole in windows 7

Want to give him direction on what to packet trace for other than top talker

Anyone come across this where direction can be give on what to sniff the wire for??
0
Comment
Question by:jlavery
  • 3
  • 2
6 Comments
 
LVL 90

Expert Comment

by:John Hurst
ID: 41893823
About the only thing that will do that is a root kit virus. The only practical repair for many of these is to low level format and reinstall Windows. Make sure you are using top notch Anti Virus.
1
 

Author Comment

by:jlavery
ID: 41893824
Thanks for the reply.  Really looking to stop the spread of it further by identifying what to sniff for in the wire
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 41893825
All that will stop root kit viruses is top notch Anti Virus. There are a number of high grade AV products and that is what you need.

Symantec (not Norton), Kaspersky, Trend Micro and others.
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 
LVL 47

Assisted Solution

by:dbrunton
dbrunton earned 500 total points
ID: 41893937
You'd really need to take an affected hard disk across to another computer and use that second computer to rebuild the MBR.  Possibly use TestDisk http://www.cgsecurity.org/wiki/TestDisk (tutorials available on the site.  Be cautious).  Once the MBR is rebuilt then scan the disk with anti-virus and see if it can find the offending virus.

Don't know if it  would be a root kit but quite possibly the affected computers are all accessing a shared folder and a shared file.  That would be my guess.  Or possibly a shared email.
0
 

Accepted Solution

by:
jlavery earned 0 total points
ID: 41897973
OK.. here is what it was..

false positive by malwarebytes..

My apologize for the inconvenience this has caused. We tried to work as quickly as possible to resolve this FP in a database update so as long as you have updated your database, you will not experience this issue again.

We have a few workarounds written up on our KB article here:
https://support.malwarebytes.com/customer/portal/articles/2647220-what-can-i-do-if-i-have-been-affected-by-the-kernel32-dll-false-positive-?b_id=6442
0
 

Author Closing Comment

by:jlavery
ID: 41902979
provided solutions by others were helpful but not the answer
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
It’s a strangely common occurrence that when you send someone their login details for a system, they can’t get in. This article will help you understand why it happens, and what you can do about it.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now