Earlier this month, Microsoft issued an update for Windows XP machines that suddenly triggered occurrences of Blue Screen of Death and reboots. Microsoft went digging and found that the problem wasn't with the patch, but rather malware.
Windows XP users who were infected with the Alureon rootkit would experience the crashes following the Windows Update procedure.
Microsoft's Mike Reavey writes on its TechNet blog:
We wanted to provide you with an update on our ongoing investigation into the “blue screen” issues affecting a limited number of customers who installed MS10-015. We have been working around the clock with our customers, partners and several teams at Microsoft to determine the cause of these issues. Our investigation has concluded that the reboot occurs because the system is infected with malware, specifically the Alureon rootkit. We were able to reach this conclusion after the comprehensive analysis of memory dumps obtained from multiple customer machines and extensive testing against third party applications and software. The restarts are the result of modifications the Alureon rootkit makes to Windows Kernel binaries, which places these systems in an unstable state. In every investigated incident, we have not found quality issues with security update MS10-015. Our guidance remains the same: customers should continue to deploy this month’s security updates and make sure their systems are up-to-date with the latest anti-virus software.
Check out Sophos Anti-Virus for removal of the rootkit.
