Home › News › Security
Microsoft: Rootkit responsible for BSOD crashes
Preliminary findings revealed by Microsoft suggested malicious software may be to blame. Today the company was able to confirm this and shared a few more details through a blog post from Mike Reavey, director of the Microsoft Security Response Center. According to Reavey, the blue screen was a result of malware already installed on users' XP machines, specifically the Alureon rootkit, which makes modifications to Windows Kernel binaries and as a result leaves systems in an unstable state.
Microsoft stressed that there were no quality issues with its security update MS10-015, but didn't mention when it will resume distributing it via its Windows Update mechanism. For now the company is working on a simple solution to detect and remove Alureon from affected systems, which it hopes to release "in a few weeks."
User Comments (9)
Post a comment|
Guest
on February 18, 2010 12:15 PM |
I find that interesting as I have two XP machines cause problems after the updates, while all the windows 7 machines are fine. I have ran GMER on them and it does not find any root-kits. Both machines have had microsoft security essentials on them and both have had a full scan ran on them with no problems detected. I rolled back the video drivers on one and that seemed to fix it. Still trouble shooting the other one! |
|
Guest
on February 19, 2010 12:19 PM |
I have a Server 2003 system that got a BSOD after applying MS10-015. Have run 3 different Rootkit analyzers & two different AV programs. No problems found. Uploaded atapi.sys to VirusTotal - file is OK. Removed MS10-015, and system is OK. No rootkit here, so MS needs to dig a little deeper. |
|
Punkid
on February 19, 2010 2:11 PM |
its good to see Microsoft fixing BSOD crashes |
|
peas
on February 20, 2010 12:52 AM |
Anti-virus programs can be fooled by some rootkits, especially the more insidious ones. They hide very well and subvert detection. Microsoft Security Essentials is by no means fool-proof (nothing is). I've seen rootkit infections that no anti-virus program was able to detect. It took a manual boot into the recovery console (boot CD) to manually delete the rootkit. |
|
pmshah
on February 20, 2010 1:49 AM |
Recently I too have been having infrequent BSOD problems. Unfortunately the MS10-015 patch you are referring to is not to be seen in my update history. Can someone list the contents in KBxxxxx id's so I can remove them from my OS. It is especially irritating when it happens in the middle of the night and I have major downloading operation going. Most ISPs offer us special deals for night packages which by US standards appear to be practically free! For instance 9.00 pm to 9.00 am, unlimited true 2 mbps http download speed, costs only US$ 6/= per month. |
|
jobeard
on February 20, 2010 11:21 AM |
Computerworld - Microsoft late Thursday said it had halted distribution of a security update(*) linked to crippled Windows XP PCs that display the notorious Blue Screen of Death. As been debated (*) As of Feb 14, 2010 Confirmed reports show this statement to be false, at least when using Manual Updates instead of Autoupdate. see Horowitz |
|
Guest
on February 22, 2010 2:32 PM |
KB977165 is the one causing the issue |
|
jobeard
on February 22, 2010 3:10 PM |
agreed, but as noted by Horowitz, it has NOT been withdrawn |
|
Guest
on February 22, 2010 4:20 PM |
I had one machine with BSOD threw malwarebytes and combofix at it and copied the file also and it works fine now. Just an FYI and it was an XP machine. |
Most Popular
| Trending | Featured |
-
iOS 5.1.1 untethered jailbreak tool released, supports 4S, iPad 3
-
After five days, Facebook ranks as worst IPO flop of the decade
-
Rumor: Windows 8 RC will launch June 1, will ship with Adobe Flash
-
Rumor: AMD "Piledriver" FX CPU production to begin Q3 2012
-
Is Apple's USB wall adapter really worth $29?
Editors' Keyboard Picks
Subscribe to TechSpot
Get free exclusive content, learn about new features and tech breaking news.
