Windows 7 Pcs on network booting can't find mbr

Hi. Fiend of mine has a few hundred pc environment, windows 7 and 10. Quite a few of the windows 7 systems are getting a virus and the result is booting up to can't find mbr. Windows 10 systems not affected

Makes me think that it's a network worm exploiting a hole in windows 7

Want to give him direction on what to packet trace for other than top talker

Anyone come across this where direction can be give on what to sniff the wire for??
jlaveryAsked:
Who is Participating?
 
jlaveryAuthor Commented:
OK.. here is what it was..

false positive by malwarebytes..

My apologize for the inconvenience this has caused. We tried to work as quickly as possible to resolve this FP in a database update so as long as you have updated your database, you will not experience this issue again.

We have a few workarounds written up on our KB article here:
https://support.malwarebytes.com/customer/portal/articles/2647220-what-can-i-do-if-i-have-been-affected-by-the-kernel32-dll-false-positive-?b_id=6442
0
 
JohnBusiness Consultant (Owner)Commented:
About the only thing that will do that is a root kit virus. The only practical repair for many of these is to low level format and reinstall Windows. Make sure you are using top notch Anti Virus.
1
 
jlaveryAuthor Commented:
Thanks for the reply.  Really looking to stop the spread of it further by identifying what to sniff for in the wire
0
Get Certified for a Job in Cybersecurity

Want an exciting career in an emerging field? Earn your MS in Cybersecurity and get certified in ethical hacking or computer forensic investigation. WGU’s MSCSIA degree program was designed to meet the most recent U.S. Department of Homeland Security (DHS) and NSA guidelines.  

 
JohnBusiness Consultant (Owner)Commented:
All that will stop root kit viruses is top notch Anti Virus. There are a number of high grade AV products and that is what you need.

Symantec (not Norton), Kaspersky, Trend Micro and others.
0
 
dbruntonCommented:
You'd really need to take an affected hard disk across to another computer and use that second computer to rebuild the MBR.  Possibly use TestDisk http://www.cgsecurity.org/wiki/TestDisk (tutorials available on the site.  Be cautious).  Once the MBR is rebuilt then scan the disk with anti-virus and see if it can find the offending virus.

Don't know if it  would be a root kit but quite possibly the affected computers are all accessing a shared folder and a shared file.  That would be my guess.  Or possibly a shared email.
0
 
jlaveryAuthor Commented:
provided solutions by others were helpful but not the answer
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.