Forum Thread: Broken Windows 7/10

Hello, I work at a University and I am running into a reoccurring problem. I have had 4 Windows 7 machines that are completely broken. I thought that it was a University thing and some service was breaking it, like Novell. But, my friend works somewhere else in the city and also works for a different company, he got a Windows 10 machine and same thing has happened to it, completely broken.

So you may ask, what is broken? - Well everything.. Cant login, when I safe boot it wont log me in.. I look at the file structure and there are a ton of files missing, but the structure is still pretty much the same.

So I thought VIRUS.. So far, we have ran 4 different scans, havent found anything and Trend Micro also never detected anything in the logs. I have booted in antivirus OS and that didnt find anything.

We are out of ideas. Any suggestions??

7 Responses

Maybe you've been hit by a 0 day? Normal AV scanners can't find fresh viruses.

-Phoenix750

Very possible. Its dates back to January 13th, that was the first time we had encountered this problem. Also, wouldn't we see more people than just 4? we have over a few thousand staff here.

Maybe it's a targeted attack?

-Phoenix750

That too. There are many possibilities since we don't have much details on the situation.

-Phoenix750

There are way to many possibilities for what may be going on with the limited information you have given us. If you work for a university with a few thousand staff and have a fear of infection you can't figure out or control then you should really be escalating the situation and not posting it to an online forum.

And I do ask what is broken. When you say you can't log into the affected machines do you mean via domain account or local account. The same goes for safe boot. How did you look at the file system if you can't log in? Did you mount the drives? Are they physical or virtual? What files are missing if the structure is the same?

Are the affected machines staff only or can anyone access them. Do you see anything odd in the network traffic. Really the questions could go on and on.

Dill's points are very promising and I would like to add to those.

Before leaping towards conclusions, try and remember how the affected machines functioned on their last successful boot. Which programs were running? Were any email attachments opened? Did users see any odd error messages and/or popups?

By analysing this information, you may discover clues as to where the problem lies and where it roots from.

TRT

Share Your Thoughts

  • Hot
  • Active