Jim Lawrence
accessd at shaw.ca
Sat Oct 31 12:52:13 CDT 2009
Hi John: I have thrown every virus and malware and rootkit product against the drives that failed. Nothing! My current theory is that a Microsoft update is the culprit but have yet to find any data on it. I checked the drive update logs and it reveals that MS performed its last update at 3:00AM, the morning before the crash. The logs show no errors or issues during the process but 5 hours later all the computers were locked in an endless boot cycle. I have been combing the net but have as yet found no references to that particular update and errors... Any thoughts? Jim -----Original Message----- From: dba-tech-bounces at databaseadvisors.com [mailto:dba-tech-bounces at databaseadvisors.com] On Behalf Of John Bartow Sent: Friday, October 30, 2009 8:06 AM To: 'Discussion of Hardware and Software issues' Subject: Re: [dba-Tech] Major site crash Hi Jim, Holy crap! I haven't seen anything that extreme. If all the stations were the same hardware, it may have been a system update. I've had the reboot cycle happen to a couple of PCs because of that. Although having all the same hardware in one office sounds great maybe that's a drawback and I should feel lucky I have to work on such menageries of equipment ;o) If it was malicious software then it sounds like Vipre caught part of it (probably a rootkit) and disabled it but missed another dependant part or the malware damaged some part of the Windows startup system. If it is Vipre Enterprise the malware detections would be listed in the server's history/quarantine. I have mine set to now announce anything to the user but to email the office administrator. I suggest contacting Sunbelt immediately upon issues like this. Of course if you have an imaging server system setup the easiest way to get back up is to reimage all of the stations. In the meantime I'd dismount one of the stations hard drives and attach and scan it with a "cleaning" machine loaded with Malwarebytes, AntiVir, Stinger, Rootkit Revealer and any other anti-malware products you have confidence in. (I install them without active protection type services running.) Once done I remount the HD and start in safe mode. Using Autoruns I would disable all unnecessary startups and services. Run a deep scan with Vipre in safe mode to clean the registry. (If this is Vipre Enterprise and the agent's options did not include these abilities via the GUI there are command line options available.) If you copy the logs or zip the quarantine files from the other anti-malware products you can submit them to Sunbelt via their support page. They evaluate these and add them to their detections. BTW were these PCs, terminal server stations or what? Odd that the server didn't get hit at all. I'd be very suspicious of that. What security software was on the server? Arg, these mal-ware programmers are getting far too good at what they do. Best of luck in resolving it. _______________________________________________ dba-Tech mailing list dba-Tech at databaseadvisors.com http://databaseadvisors.com/mailman/listinfo/dba-tech Website: http://www.databaseadvisors.com