Posted on 02/12/2010 10:34:08 AM PST by zeugma
"Tuesday's security updates from Microsoft have crippled Windows XP PCs with the notorious Blue Screen of Death, users have reported on the company's support forum. Complaints began early yesterday, and gained momentum throughout the day. 'I updated 11 Windows XP updates today and restarted my PC like it asked me to,' said a user identified as 'tansenroy' who kicked off a growing support thread: 'From then on, Windows cannot restart again! It is stopping at the blue screen with the following message: 'A problem has been detected and Windows has been shutdown to prevent damage to your computer.' Others joined in with similar reports. Several users posted solutions, but the one laid out by 'maxyimus' was marked by a Microsoft support engineer as the way out of the perpetual blue screens."
Update: 2/12/2010:
"A rootkit infection may be the cause of a Windows Blue Screen of Death issue experienced by Windows XP users who applied the latest round of Microsoft patches. It appears that the affected Windows PCs had the rootkit infection prior to deploying the Microsoft patches. Researcher Patrick W. Barnes, investigating the issue, has isolated the infection to the Windows atapi.sys file, a driver used by Windows to connect hard drives and other components. Barnes identified the infection as the Tdss-rootkit, which surfaced last November and has been spreading quickly, creating zombie machines for botnet activity."
That's probably excellent advice. How many people here, including me, don't have a clue as to what you are talking about?
WiFi went out for me
According to the websites you provided, even when rootkits are detected, unless you know what you’re doing, wiping out the hard-drive and reinstalling windows may be the only way to eliminate them. That sounds pretty radical.
Since you probably can’t read this, you won’t know that your problem was not an isolated one. Many others had the same issue. By the time you’ve reinstalled a clean version of Windows and reinstalled all of your aps, you probably won’t care either
As an aside to rootkits Microsoft will be tagging computers starting Feb 16th against pirated copies of Windows 7 thru your AUTOMATIC UPDATES. Turn off Automatic Updates and install manually / the number of the deadly update is : KB971033 see http://lauren.vortex.com
Sorry, my geek was showing.
There are programs used to validate the content of a given file, so you can be reasonably sure that the file hasn't been tampered with. md5sum is one such program. 'checksum' and 'sha1sum' are others. Here's a quick example of how they might be used...
I don't have a copy of windows presently, so this is an example of what it looks like in unix, but you should be able to get similar results from a DOS prompt if you have a copy of md5sum or a similar program...
$ echo "aaaaaaaaaaa" > aaa.txt
$ echo "aaaaaaaaaab" > bbb.txt
$ echo "aaaaaaaaaaa" > ccc.txt
$ md5sum *txt
d8ce56398c88e1b4d9e5f83e64c79098 aaa.txt
5f2e08f7acea184ff78f8053ca712be0 bbb.txt
d8ce56398c88e1b4d9e5f83e64c79098 ccc.txt
$
Notice that in the above the only difference between the first two text files I created was that I changed the final "a" to a "b", yet you get vastly different results from md5sum when you check them. The "ccc.txt" file reports the same sum as the "aaa.txt" file because they are identical except for their name. Checksums like this are used to validate the integrity of ISO images that you use to burn CD/DVDs with. When I want to download a copy of the latest Fedora Linux, rather than going to a website and just downloading the ISO file, I download it from a bittorrent site. Once the download is complete, I can validate that noone did anything malicious to any of the data by going to Fedora's website and making note of what the checksum of the file should be, and verifying it against what I have from my downloaded file.
Hope that clears things up.
Google should be able to locate a copy of md5sum for windows that you can use for this purpose, if you don't already have it or something like it.
Looking for a free anti virus program . How the free Avira ?
Excellent post about different types of rootkits! Thanks for sharing.
When I got back to the office at 7:00 p.m. yesterday, there were two computers from customers that had blue screened from these updates. In both cases, it was a driver issues. Sometimes Microsoft overwrites drivers and its not a good thing. Booting from the recovery disk and reinstalling the drivers fixed both.
On the subject of rootkits. I would NEVER assume a rootkit was cleaned by any software package available free or otherwise. I would always reformat. I’ve seen the result of that assumption and its just not worth it.
It was a big batch of updates and the larger the number of updates the more likely there will be an uh-oh.
Given the diversity of installed hardware and software base in the real world, it is not surprising that bad things happen.
Even though I sound all sweet and resonable, that’s not how I feel. I’ve been fighting some kind of obscure issue for two days and am thoroughly sick and tired of technology.
After I got up off the floor I decided I didn't have a clue either! LOLOLO!!!!! Oh my that was funny! LOLOLOL!!!
You can write your current md5sum on the inside of your left palm for convenient future reference.
In many cases, that's the only choice you have.
Rootkits are bad juju.
Rootkits are bad juju.
I'd go further and say that it's always the only choice you have. How the heck could you ever trust a computer that had been rooted? I sure as heck wouldn't.
From what I can gather, IceSword is one tool that can kill rootkits dead. The creator of one of the strongest rootkits out there even said that IceSword is the one tool that he can't beat. (yet).
But, in the great majority of cases, Windows users will be best served by doing a reinstall.
Me too; I've used nothing but Mac OS X since 2002 and have never once had a virus, worm or other malware problem, in spite of never running antivirus software. (Of course, this is typical for virtually all Mac users)
It just mystifies me that people who know better continue to put up with such abuse by MS Windows.
I update every time windows has an up date available and have no problems. How come some do and some don’t.
I have Windows XP.
Zone alarm security suite does rootkits - PC tool’s Regristry Mechanic might be better...
If you’d been running in a virtual machine, that exploit might have been a non problem, just a suggestion......
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.