Solved

Windows 7 Pcs on network booting can't find mbr

Posted on 2016-11-18
6
29 Views
Last Modified: 2016-11-27
Hi. Fiend of mine has a few hundred pc environment, windows 7 and 10. Quite a few of the windows 7 systems are getting a virus and the result is booting up to can't find mbr. Windows 10 systems not affected

Makes me think that it's a network worm exploiting a hole in windows 7

Want to give him direction on what to packet trace for other than top talker

Anyone come across this where direction can be give on what to sniff the wire for??
0
Comment
Question by:jlavery
  • 3
  • 2
6 Comments
 
LVL 93

Expert Comment

by:John Hurst
ID: 41893823
About the only thing that will do that is a root kit virus. The only practical repair for many of these is to low level format and reinstall Windows. Make sure you are using top notch Anti Virus.
1
 

Author Comment

by:jlavery
ID: 41893824
Thanks for the reply.  Really looking to stop the spread of it further by identifying what to sniff for in the wire
0
 
LVL 93

Expert Comment

by:John Hurst
ID: 41893825
All that will stop root kit viruses is top notch Anti Virus. There are a number of high grade AV products and that is what you need.

Symantec (not Norton), Kaspersky, Trend Micro and others.
0
U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

 
LVL 48

Assisted Solution

by:dbrunton
dbrunton earned 500 total points
ID: 41893937
You'd really need to take an affected hard disk across to another computer and use that second computer to rebuild the MBR.  Possibly use TestDisk http://www.cgsecurity.org/wiki/TestDisk (tutorials available on the site.  Be cautious).  Once the MBR is rebuilt then scan the disk with anti-virus and see if it can find the offending virus.

Don't know if it  would be a root kit but quite possibly the affected computers are all accessing a shared folder and a shared file.  That would be my guess.  Or possibly a shared email.
0
 

Accepted Solution

by:
jlavery earned 0 total points
ID: 41897973
OK.. here is what it was..

false positive by malwarebytes..

My apologize for the inconvenience this has caused. We tried to work as quickly as possible to resolve this FP in a database update so as long as you have updated your database, you will not experience this issue again.

We have a few workarounds written up on our KB article here:
https://support.malwarebytes.com/customer/portal/articles/2647220-what-can-i-do-if-i-have-been-affected-by-the-kernel32-dll-false-positive-?b_id=6442
0
 

Author Closing Comment

by:jlavery
ID: 41902979
provided solutions by others were helpful but not the answer
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Should One Always Sign Out Of Admin User A/C 5 74
Connecting a New Subnet to Network 4 42
ASP server side get value 15 35
How does ADMT SID History work? 1 21
Examines three attack vectors, specifically, the different types of malware used in malicious attacks, web application attacks, and finally, network based attacks.  Concludes by examining the means of securing and protecting critical systems and inf…
If you are looking at this article, you have most likely been hit by some version of ransomware and are trying to find out if there is anything you can do, or what way you should react - READ ON!
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

789 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question