Posted on 02/15/2010 6:13:53 AM PST by Gomez
The presence of a hard-to-detect rootkit may have caused Windows XP machines to freeze up after applying a patch from Microsoft last week, according to preliminary analysis of the problem from Microsoft's security team.
Microsoft's users forums filled up with reports of Windows XP users experiencing the dreaded Blue Screen of Death (BSOD) after applying the 13 patches released by Redmond last week. The problem was later linked to one specific update - MS10-015 - a patch for an "important" kernel flaw - and it was discovered that uninstalling this package unfroze affected machines.
The Blue Screen problem affected a minority of machines but was far from isolated, with many reported cases. Subsequent security sleuthing by sysadmin Patrick Barnes revealed that Windows XP machines that hit a brick wall after applying the update may have been infected with the TDSS rootkit.
Microsoft's security team has since confirmed that the malware may explain the Blue Screen issue in many cases, without ruling out other possibilities.
In our continuing investigation into the restart issues related to MS10-015 that a limited number of customers are experiencing, we have determined that malware on the system can cause the behavior. We are not yet ruling out other potential causes at this time and are still investigating.
Microsoft is asking affected users to send memory dumps in order to aid its ongoing investigation something,. But it acknowledges this is tricky when users who hit the problem are left with unbootable machines.
Redmond's security team suggested on Thursday that users may want to hold off on the potentially troublesome MS010-015 update and apply a workaround for that particular problem instead. Sysadmins following this advice are strongly advised to apply to other 12 patches issued by Microsoft last Tuesday.
Are your antivirus and firewall free versions? Which companies are they?
Looks like I might have dodged this bullet. I found and checked the KB977165.log file and it’s rife with install failures. Apparently there were other things screwed up in my computer that caused it not to install.
I have Trend Micro on 2 machines and F-Secure on another PC that I don’t use very much.
If they are paid versions then they probably offer some rootkit protection, if you keep them updated.
Windowsdefender deals with root kits and it won’t interfere with any of your antivirus programs.
You can only run one antivirus and one firewall at a time, but anti spyware/malware/rootkit programs don’t interfere with each other.
I back up my entire hard drive once a week, all files are backed up daily. If my hard drive crashes, I just wipe it clean or get another and put my ghost image back on. When I turn it on, it’s just like it was before. I might lose a couple of days, but it sure beats reinstalling windows and all of my software.
I never let them install updates. It pops up and tells me there are new updates. I choose what I want to install, the rest I uncheck and tell it never to ask me about them again. Many of those updates are BS and you do NOT need them.
I set my updates on automatic and everything goes great.
You do realize that it downloads stuff that you don’t need, right? You have NO way of knowing if what is in those downloads. If you trust Microsoft, so for it. I don’t.
I use the discarded computers of other people that have theories and do not keep current with their updates.
I take their discards clean all the viruses and spy ware off it, catch up to all the windows updates and service pack three, IE8 and so on and everything works fine for me.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.