STOP 0x7B and viruses

Page 1 of 2 12 LastLast

  1. Posts : 5,705
    Win7 x64 + x86
       #1

    STOP 0x7B and viruses


    I've found (on a Vista 32 bit system at work) that there is a virus infection that will change the ACL's of a system in order to prevent booting.

    I'm running SUBINACL in Windows PE Mode to (hopefully) reset the ACL's.

    The registry is mounted - but I don't know if SUBINACL will find it. Since the registry is mounted in the HKLM key of the PE Mode, it's presumable that the commands will fix it.

    Then I should be able to use normal fixes to enable booting without the STOP 0x7B

    I'll report back with more details as things progress.
      My Computer


  2. Posts : 28,845
    Win 8 Release candidate 8400
       #2

    Ugh, how did you get that?
      My Computer


  3. Posts : 11,990
    Windows 7 Ultimate 32 bit
       #3

    That one is nasty. Do keep us informed.
      My Computer


  4. Posts : 5,705
    Win7 x64 + x86
    Thread Starter
       #4

    Still having issues with fixing the ACL
    - SUBINACL didn't work
    - Tried ICACLS *.* /reset /T /C - and dunno if it worked

    Only way I've got to see if it's "fixed" is to run Startup Repair and let it fail - the "Details" of the failure will list "CorruptAcl"
      My Computer


  5. JMH
    Posts : 7,952
    Win 7 Ultimate 64-bit. SP1.
       #5

    This I will follow with interest........
      My Computer


  6. Posts : 5,705
    Win7 x64 + x86
    Thread Starter
       #6

    It's looking like the culprit was atapi.sys (I have to check with the tech who discovered this to find out how).
    Funny thing is that we used a different recovery CD and it fixed it without any further issues.
    I'm able to boot into Windows and can remove the rest of the "crud" from the system.

    Additional note - system has both Trend Micro and Norton antivirus installed
      My Computer


  7. Posts : 11,990
    Windows 7 Ultimate 32 bit
       #7

    Thank you for the update. I am glad to hear you are well on your way to a clean system again.
      My Computer


  8. JMH
    Posts : 7,952
    Win 7 Ultimate 64-bit. SP1.
       #8

    usasma said:
    It's looking like the culprit was atapi.sys (I have to check with the tech who discovered this to find out how).
    Funny thing is that we used a different recovery CD and it fixed it without any further issues.
    I'm able to boot into Windows and can remove the rest of the "crud" from the system.

    Additional note - system has both Trend Micro and Norton antivirus installed
    Ugh!..............
    Glad to hear things are [ almost] working again.....
    Last edited by JMH; 17 Apr 2010 at 19:08.
      My Computer


  9. Posts : 5,705
    Win7 x64 + x86
    Thread Starter
       #9

    Well, it's "sorta" working. I'm still not happy with it, but I didn't get to talk with the other tech today - and I don't work again until Monday.
      My Computer


  10. JMH
    Posts : 7,952
    Win 7 Ultimate 64-bit. SP1.
       #10

    What you are still "unhappy" with can wait........in the meantime enjoy your weekend.
      My Computer


 
Page 1 of 2 12 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 05:36.
Find Us