Tina Norris Fields
tinanfields at torchlake.com
Sat Oct 31 13:45:17 CDT 2009
Jim, I have forwarded to you a recent copy of the Redmond Report with an article about Win 7 migration woes - a handful of installations get part of the way through and then go into endless loops. The article mentions a workaround. I hope this helps. T Jim Lawrence wrote: > Hi John: > > I have thrown every virus and malware and rootkit product against the drives > that failed. Nothing! > > My current theory is that a Microsoft update is the culprit but have yet to > find any data on it. I checked the drive update logs and it reveals that MS > performed its last update at 3:00AM, the morning before the crash. The logs > show no errors or issues during the process but 5 hours later all the > computers were locked in an endless boot cycle. > > I have been combing the net but have as yet found no references to that > particular update and errors... > > Any thoughts? > > Jim > > > -----Original Message----- > From: dba-tech-bounces at databaseadvisors.com > [mailto:dba-tech-bounces at databaseadvisors.com] On Behalf Of John Bartow > Sent: Friday, October 30, 2009 8:06 AM > To: 'Discussion of Hardware and Software issues' > Subject: Re: [dba-Tech] Major site crash > > Hi Jim, > Holy crap! I haven't seen anything that extreme. > > If all the stations were the same hardware, it may have been a system > update. I've had the reboot cycle happen to a couple of PCs because of that. > Although having all the same hardware in one office sounds great maybe > that's a drawback and I should feel lucky I have to work on such menageries > of equipment ;o) > > If it was malicious software then it sounds like Vipre caught part of it > (probably a rootkit) and disabled it but missed another dependant part or > the malware damaged some part of the Windows startup system. If it is Vipre > Enterprise the malware detections would be listed in the server's > history/quarantine. I have mine set to now announce anything to the user but > to email the office administrator. > > I suggest contacting Sunbelt immediately upon issues like this. > > Of course if you have an imaging server system setup the easiest way to get > back up is to reimage all of the stations. > > In the meantime I'd dismount one of the stations hard drives and attach and > scan it with a "cleaning" machine loaded with Malwarebytes, AntiVir, > Stinger, Rootkit Revealer and any other anti-malware products you have > confidence in. (I install them without active protection type services > running.) Once done I remount the HD and start in safe mode. Using Autoruns > I would disable all unnecessary startups and services. Run a deep scan with > Vipre in safe mode to clean the registry. (If this is Vipre Enterprise and > the agent's options did not include these abilities via the GUI there are > command line options available.) > > If you copy the logs or zip the quarantine files from the other anti-malware > products you can submit them to Sunbelt via their support page. They > evaluate these and add them to their detections. > > BTW were these PCs, terminal server stations or what? Odd that the server > didn't get hit at all. I'd be very suspicious of that. What security > software was on the server? > > Arg, these mal-ware programmers are getting far too good at what they do. > > Best of luck in resolving it. > > _______________________________________________ > dba-Tech mailing list > dba-Tech at databaseadvisors.com > http://databaseadvisors.com/mailman/listinfo/dba-tech > Website: http://www.databaseadvisors.com > > _______________________________________________ > dba-Tech mailing list > dba-Tech at databaseadvisors.com > http://databaseadvisors.com/mailman/listinfo/dba-tech > Website: http://www.databaseadvisors.com > >