Rootkit Confirmed to Cause Win XP Update BSoDs
Windows XP Update foiled by malware!
Earlier this month, Microsoft issued an update for Windows XP machines that suddenly triggered occurrences of Blue Screen of Death and reboots. Microsoft went digging and found that the problem wasn't with the patch, but rather malware.
Windows XP users who were infected with the Alureon rootkit would experience the crashes following the Windows Update procedure.
Microsoft's Mike Reavey writes on its TechNet blog:
We wanted to provide you with an update on our ongoing investigation into the “blue screen” issues affecting a limited number of customers who installed MS10-015. We have been working around the clock with our customers, partners and several teams at Microsoft to determine the cause of these issues. Our investigation has concluded that the reboot occurs because the system is infected with malware, specifically the Alureon rootkit. We were able to reach this conclusion after the comprehensive analysis of memory dumps obtained from multiple customer machines and extensive testing against third party applications and software. The restarts are the result of modifications the Alureon rootkit makes to Windows Kernel binaries, which places these systems in an unstable state. In every investigated incident, we have not found quality issues with security update MS10-015. Our guidance remains the same: customers should continue to deploy this month’s security updates and make sure their systems are up-to-date with the latest anti-virus software.
Check out Sophos Anti-Virus for removal of the rootkit.
- Foxconn Guards Kick and Threaten Reporter
- Blizzard Wants Battle.Net As Gaming's Facebook
- S3 Dual-GPU Card Competes with ATI Eyefinity
- What Gates and Jobs Really Think of Each Other
- The StarCraft II Beta Part 1: Download, Install
- HP Planning to Beat Apple in Tablet Pricing War
- More iPad Cost Estimates Show Room for Price Cut
- ''Clash of the Titans'' PC Giveaway From Shuttle
- Asus Wants to be Another Apple; Has Killer Product
- Report: Most Windows 7 PCs Max Out RAM [UPD]
- Pick Your Browser: Microsoft Shows Off Ballot
- OCZ Vertex is Even Faster in Limited Edition SSD
- Kingston's 256GB USB Flash Drive is $1,108
- Nvidia CEO: Fermi to Hit the ''Full Stride'' in Q2
- Nvidia Reports Positive Q4 Results on GPU Sales
- Corsair USB Padlock 2 Has 256-bit AES, Keypad
- QOTD: Would You Ban Gadgets from Your House?
- Bad Company 2 PC Supports Eyefinity, 3D Vision
I knew that the article about how the latest updates from Microsoft made Windows XP have BSODs was bogus when I updated all the XP machines I support with the update and no BSODs showed up anywhere. Ah, a rootkit, comes to show how many people don't have "real" protection.
Oh man good thing I don't bother to update my XP anymore
Gotta love Windows 7.
Windows is almost never the problem. usually it is bad 3rd party stuff, viruses or, on occasion, on a failing piece of hardware.
yup, I am still on a updated XP machine both at home and at work....never had a problem....well, not never but you know, in reference to this latest BSOD ballyhoo
Don't worry guys, the rootkit developers were kind enough to issue a patch to resolve this BSOD issue that their software was causing!
The developers should made the patch compatible with the rootkit. Malware is a common enough application on Windows.
You guys HAVE to be kidding me. This isn't a windows issue? The Kernel binaries are modified without the user's knowledge or consent. Windows is so unsecure you HAVE to rely on 3rd party software to keep it from dying of aids and syphilis. Oh, and not to mention the vulnerabilities that MS Office presents. What good is your computer without any 3rd party software anyway?
I also would like to iterate the fact that their software is often overpriced and tends to revoke your control over your own system.
The equasion is pretty simple:
System works fine, update = BSOD.
Update causes this.
No update, no BSOD.
If windows was worth any money that you pay for it, it would check the integrity of the files that their patches are affecting. But Microsoft would rather say it's no fault of theirs and that you happen to be SOL.
7 may not be immune to these things but it is better equipped to resist them.
This is just another example of the new generation of malware or spyware... Its so sneaky even using the machine presents no obvious symptoms.
I bet Microsoft is sick of pulling resources to find out the problem wasn't created by them.
@bluekoala:
You will notice that every sane person with a minor understanding of how a fraud works never have these problems. Whatever Microsoft does, it won't help when idiots keep clicking everything they see on the web.
Keep Windows updated, use free anti-malware from Microsoft and don't be stupid = never get a virus.
When you tie your web browser with direct access to the kernel (Win 7 is affected) you have a serious security flaw built right into the OS. All MS OS's are Swiss Cheese designs with built in back doors for the FEDS, they are only good for gaming and that may change too as Linux grows.
bluekoala u do realize that all os's from this era had these problems and this is one reason that the uac of vista and 7 are a good thing for the casual user that doesnt no a good link from a virus... thats like saying its
Not surprising. Windows problems are almost always caused by user error like being stupid enough to get a rootkit installed on your machine. Windows would be perfect if Microsoft could release patches for people.
NegativeX,
The problem is your anti-rootkit software is probably not finding the issue...
replace the recommended files from the Windows XP cd and I bet your problem is solved... not all anti-rootkit software works and finds it... if this patch is causing a BSOD you are rootkitted, and your company should look for someone new to admin its machines..
NegativeX,The problem is your anti-rootkit software is probably not finding the issue...replace the recommended files from the Windows XP cd and I bet your problem is solved... not all anti-rootkit software works and finds it... if this patch is causing a BSOD you are rootkitted, and your company should look for someone new to admin its machines..
Probably true this rootkit is only discoverable by a bootable solution. This means Linux or some other solution. I believe the software in question resides in the OS files used to access the hard drive so its very difficult to load something to scan the hard drive and this malware has the ability to hide itself from the scan. Hmmm at that point it could just hide 99% of itself in the "empty" portion of the hard drive with only itself knowing how to read that area. Then all you need is a small stub loader in the SATA driver.
It was probably microsoft who designed an update to react to the malware, they're desperately trying to get people to stop using xp already and pay up for the new OS
Not surprising. Windows problems are almost always caused by user error like being stupid enough to get a rootkit installed on your machine. Windows would be perfect if Microsoft could release patches for people.
+1. Thanks GenKhan! The last sentence made my day!