Jump to content

BoxTechs

Members
  • Posts

    1
  • Joined

  • Last visited

Everything posted by BoxTechs

  1. Hello Everyone, I currently support a large number of computers that have been hit with this false positive. I had a range of issues from machines that could be fixed easy to those that were in a KSOD state. Below is what we have found through our entire process. Please use this info for your own knowledge and backup your PC fully before giving these a try. Also, These instructions are written for advanced users. I have many other machines to fix and will not be able to help these out. I am placing this up here simply to help this cause, as I know having to redo a large number of machines is not a good option. To Malwarebytes, Please dont let this happen again. I am not a programmer so I could not fix your tools, but the flaw we did find is it fails to apply security permissions on the Wiinsxs folder. It does attempt the takeowner, but that only provides the ability to adjust permissions and does not give rights to replace the files. As I said above is our method and is working as far as we can tell. But please use at your own risk as this method was found through a desparation. Even though we have found it to work in jsut about all scenarios across a large number of computers it is still risky. For Windows 7 users that can boot into Safe Mode: 1. Boot into Safe Mode with Networking 2. Give Ownership to Everyone on the C:\Windows\winsxs folder 3. Give Full Control to Everyone on the C:\Windows\Winsxs Folder 4. Open MBAM and goto Qurantine Tab and restore all. If you can not open MBAM run the FP Fix tool provided by Malwarebytes, if you have version 1 it runs much faster. 5. Remove the permisions you added for the winsxs folder 6. Give ownership back to Trusted Installer 7. Reboot. 8. If all went well it should be fixed after reboot. Windows 7 KSOD - Black Screen only Mouse Arrow on Boot. 1. find your Windows 7 Install CD (Has to be the proper CD or this will not work) 2. Boot in the DVD press the first Install now button 3. Press the repair button to open the repair console 4. take note to which drive letter the console finds Windows. In normal setups this is Generally D: but check to be sure. 5. Type the following at the command prompt I am using D: in the example substitute your drive letter: sfc /scannow /offbootdir=d:\ /offwindir=d:\windows 6. Once the scan completes boot back into Safe Mode with Networking 7. follow the steps above for bootable machines. Windows 7 KSOD - SFC doesnt work. This is a very intrusive method and can break your PC, but we have found it does work. 1. Remove your hard drive from your PC 2. Connect the Hard Drive to another working Windows 7 PC that has the same version(Pro, Ultimate, etc.) 3. Navigate to the slave drive and give ownership of Windows\System32 to Everyone 4. Give full permission to Everyone on the Windows\System32 on the slave drive 5. Navigate on the Slave drive to Windows\winsxs and give ownership to everyone 6. Give full security permissions to Everyone on the Windows\winsxs folder 7. Once all permissions are modified copy the files in your c:\Windows\System32 (files only no Sub Directories very important) to the slave Windows\system32 allow the PC to overwrite all files 8. Copy the Enitre c:\Windows\winsxs folder from your PC to the Windows folder on the slave. Again allow all folders and files too overwrite. 9. Once all copying is done boot you should now be able to boot to safe mode and apply the fix from section on above for Bootable Windows 7 10. Once the fix is done be sure to put the security permissions back as they were before starting. We unfortunatly have not had any major issues with Windows XP, but we did see that some system32 files were quarantined. Even with the quarantine all of ours were bootable and able to be recovered by just restoring the quarantine.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.