topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Tuesday March 19, 2024, 3:42 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Last post Author Topic: Feb 9, 2010: Windows Patch Leaves Many XP Users With Blue Screens?  (Read 24824 times)

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,896
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Via Slashdot comes this report that people are experiencing blue screen crashes after applying Windows XP updates on tuesday:

"Tuesday's security updates from Microsoft have crippled Windows XP PCs with the notorious Blue Screen of Death (BSOD), users have reported on the company's support forum. Complaints began early yesterday, and gained momentum throughout the day."


from http://tech.slashdot...rs-With-Blue-Screens

cyberdiva

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,041
    • View Profile
    • Donate to Member
Re: Feb 9, 2010: Windows Patch Leaves Many XP Users With Blue Screens?
« Reply #1 on: February 11, 2010, 06:41 PM »
I'm both puzzled and nervous after reading this article.  Both my husband and I have computers running WinXP Pro with SP2, and we both installed all the patches Microsoft issued this Tuesday.  Neither of us has experienced the problem described in the article, and yes, we both have rebooted more than once since installing them.  It wasn't clear from my hurried reading what percentage of people who installed the patches (esp. the one that has been identified as the probably culprit, KB977165) are encountering this problem.  Does anyone have any additional knowledge about this?   :(

Bamse

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 410
    • View Profile
    • Donate to Member
Re: Feb 9, 2010: Windows Patch Leaves Many XP Users With Blue Screens?
« Reply #2 on: February 11, 2010, 08:03 PM »
I know some people advice to disable auto-update for reasons like this. Usually I think they are paranoid tossers who should know better and rather promote other OS if not even trusting updates. Then again... Hopefully it is a if and if and if limited problem no one could have foreseen. 

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 11,186
    • View Profile
    • Donate to Member
Re: Feb 9, 2010: Windows Patch Leaves Many XP Users With Blue Screens?
« Reply #3 on: February 11, 2010, 08:55 PM »
I have mine set to notify--  I apply them the next monday if I don't hear anything :)

Bamse

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 410
    • View Profile
    • Donate to Member
Re: Feb 9, 2010: Windows Patch Leaves Many XP Users With Blue Screens?
« Reply #4 on: February 11, 2010, 09:09 PM »
Well more like healthy skepticism but you can say SEE???  8) I was more thinking of little people who will follow such advice, and then not care about updates from that day. Not so many care to research. Pros outweighs cons but probably not easy to tell those in problems right now. Lets hope it is not a major worldwide problem and that details will be revealed.

New flash version out today btw. Look out for toolbars and what else they pre-tick for you ;)

cyberdiva

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,041
    • View Profile
    • Donate to Member
Re: Feb 9, 2010: Windows Patch Leaves Many XP Users With Blue Screens?
« Reply #5 on: February 11, 2010, 10:24 PM »
I have my updates set to Notify.  It was only after waiting a day, having my husband assure me he had encountered no problem, and going to one or two web sites to see whether anyone was reporting problems (and finding none) that I downloaded and installed the updates.  So I was taken aback by mouser's message at the start of this thread.  At this point, I'm perplexed and am wondering what triggered the widespread problems and yet didn't affect my husband's system or mine (knock on wood  :)  ).

CleverCat

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,164
    • View Profile
    • Donate to Member
Re: Feb 9, 2010: Windows Patch Leaves Many XP Users With Blue Screens?
« Reply #6 on: February 12, 2010, 12:49 AM »
No BSOD here!  :)

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: Feb 9, 2010: Windows Patch Leaves Many XP Users With Blue Screens?
« Reply #7 on: February 12, 2010, 01:42 AM »
Perhaps the people affected by the BSODs already have the malware the patch is trying to prevent, or some problematic antivirus package? Last time security firms went shouting about updates BSODing, it turned not to be MS's fault...
- carpe noctem

Bamse

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 410
    • View Profile
    • Donate to Member
Re: Feb 9, 2010: Windows Patch Leaves Many XP Users With Blue Screens?
« Reply #8 on: February 12, 2010, 04:37 AM »
May be https://patrickwbarn...ing-widespread-bsod/ ;)

I tried out some of those atapi.sys infections. Have been "popular" last few months. Can only recommend TDSSKiller from Kaspersky http://support.kaspe...utions?qid=208280684 Microsoft should bundle it with their removal tool. Does a safe replacement of whatever it finds. Breed like rats, now "third" generation of this rootkit so there could be more new stuff. Also check Hitman Pros changelog http://www.surfright.nl/en/whatsnew "TDL3".

This rootkit infects the hard disk driver (usually atapi.sys or iaStor.sys) and redirects Google search results.

Think that is what he refer to but there could be more to check than just atapi.sys. I see jraid.sys from Kaspersky page as well. Who knows what happen until they try, heh. Not that many tools can remove this, not when I tried a month ago. Catching up...
« Last Edit: February 12, 2010, 04:55 AM by Bamse »

cyberdiva

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,041
    • View Profile
    • Donate to Member
Re: Feb 9, 2010: Windows Patch Leaves Many XP Users With Blue Screens?
« Reply #9 on: February 12, 2010, 07:49 AM »
Many thanks, CleverCat, f0dder, and Bamse, for your helpful and reassuring replies.  The explanation about the patch causing havoc only on systems already infected makes some sense and would also explain why not everyone is affected.  I hope it turns out to be true.

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: Feb 9, 2010: Windows Patch Leaves Many XP Users With Blue Screens?
« Reply #10 on: February 12, 2010, 07:51 AM »
Many thanks, CleverCat, f0dder, and Bamse, for your helpful and reassuring replies.  The explanation about the patch causing havoc only on systems already infected makes some sense and would also explain why not everyone is affected.  I hope it turns out to be true.
Do note that a poster on a blog from one of Bamses links says he got the BSOD even though atapi.sys wasn't infected... so there might be problems on clean systems as well. Or that poster could have some other driver infected, or have pesky antivirus :)
- carpe noctem

Bamse

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 410
    • View Profile
    • Donate to Member
Re: Feb 9, 2010: Windows Patch Leaves Many XP Users With Blue Screens?
« Reply #11 on: February 12, 2010, 08:11 AM »
True but for what it is worth I can reproduce problem in a VM :) Evil loop of rebooting. I first installed rootkit, then all updates except 977165. Reboot, everything worked. After 977165 it is game over.

« Last Edit: February 12, 2010, 08:14 AM by Bamse »

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: Feb 9, 2010: Windows Patch Leaves Many XP Users With Blue Screens?
« Reply #12 on: February 12, 2010, 08:12 AM »
True but for what it is worth I can reproduce problem in a VM :) Evil loop of rebooting.
Hm? What does that screenshot tell? What's the app, and does "suspicious modification" mean rootkit? etc.
- carpe noctem

Bamse

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 410
    • View Profile
    • Donate to Member
Re: Feb 9, 2010: Windows Patch Leaves Many XP Users With Blue Screens?
« Reply #13 on: February 12, 2010, 08:15 AM »
It is GMER, one of the best rootkit scanners. Atapi.sys is modified, show no sign of being from MS etc. when looking at properties. All tabs are gone. Generic file now. Startpage in IE was changed as well btw. Porn... I can pm you the link I used for rootkit if you like. There are tons of them but this works on atapi.sys like the blogger hinted was a problem - or one of them. There could be more to this.
« Last Edit: February 12, 2010, 08:20 AM by Bamse »

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: Feb 9, 2010: Windows Patch Leaves Many XP Users With Blue Screens?
« Reply #14 on: February 12, 2010, 08:19 AM »
It is GMER, one of the best rootkit scanners. Atapi.sys is modified, show no sign of being from MS etc. when looking at properties. Startpage in IE was changed as well btw. Porn...
Ah, I thought you could reproduce BSODs without infected driver :)
- carpe noctem

Bamse

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 410
    • View Profile
    • Donate to Member
Re: Feb 9, 2010: Windows Patch Leaves Many XP Users With Blue Screens?
« Reply #15 on: February 12, 2010, 08:21 AM »
No and it would not count anyways since in a VM but for now I think he has a point ;) Don't feel like testing for real. I am listing to a Linux podcast so lets say it is evil MS scheme to promote Microsoft Security Essentials if not Windows 7 64bit, heh.
« Last Edit: February 12, 2010, 08:24 AM by Bamse »

Bamse

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 410
    • View Profile
    • Donate to Member
Re: Feb 9, 2010: Windows Patch Leaves Many XP Users With Blue Screens?
« Reply #16 on: February 12, 2010, 08:28 AM »
Forgot to say I failed at first infection. Ran Dr. Web Cureit and it removed or rather cured problem. Did not select report only. Dr. Web is pretty good with the latest and greatest but perhaps most tools can remove by now.

techidave

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,044
    • View Profile
    • Donate to Member
Re: Feb 9, 2010: Windows Patch Leaves Many XP Users With Blue Screens?
« Reply #17 on: February 12, 2010, 02:03 PM »
I just ran the windows update on a new install of xpsp3 and didn't see the KB977165 listed.  Perhaps MS has pulled it.

cmpm

  • Charter Member
  • Joined in 2006
  • ***
  • default avatar
  • Posts: 2,026
    • View Profile
    • Donate to Member
Re: Feb 9, 2010: Windows Patch Leaves Many XP Users With Blue Screens?
« Reply #18 on: February 12, 2010, 03:55 PM »
Yes they did pull it according to this article-

http://www.ghacks.ne...dows-restart-issues/

Bamse

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 410
    • View Profile
    • Donate to Member
Re: Feb 9, 2010: Windows Patch Leaves Many XP Users With Blue Screens?
« Reply #19 on: February 12, 2010, 06:01 PM »
They have not really said much yet though http://blogs.technet...alling-ms10-015.aspx

However, we have not confirmed that the issue is specific to MS10-015 or if it is an interoperability problem with another component or third-party software.

3rd. party software includes rootkits but he did not say that  8) Would be useful if those with reboot problem would scan with a bootable Dr. Web or whatever.

CleverCat

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,164
    • View Profile
    • Donate to Member
Re: Feb 9, 2010: Windows Patch Leaves Many XP Users With Blue Screens?
« Reply #20 on: February 13, 2010, 12:43 AM »
Never had a virus! Thanks Kaspersky....  :Thmbsup:

Bamse

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 410
    • View Profile
    • Donate to Member
Re: Feb 9, 2010: Windows Patch Leaves Many XP Users With Blue Screens?
« Reply #21 on: February 13, 2010, 01:00 AM »
Well good luck with Kaspersky http://www.virustota...cad77628d-1266031238  8)

Possible failing AVs work much better when exe is fired of. Possible... Expect hit rate to be random regardless of brand.

The file I used was 1-2 weeks old so result is far from impressive. Massive amount of logic in update causing problems or "conflicts" with this type of rootkit.
« Last Edit: February 13, 2010, 01:02 AM by Bamse »

CleverCat

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,164
    • View Profile
    • Donate to Member
Re: Feb 9, 2010: Windows Patch Leaves Many XP Users With Blue Screens?
« Reply #22 on: February 13, 2010, 01:13 AM »
It might help if they used the latest version i.e. 9 - 7 is old... ;)

Bamse

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 410
    • View Profile
    • Donate to Member
Re: Feb 9, 2010: Windows Patch Leaves Many XP Users With Blue Screens?
« Reply #23 on: February 13, 2010, 01:16 AM »
Not necessarily since this is only a dumb filescan. Still a pretty poor result but of course not a problem if resident shields catch everything, heh. Kaspersky is on top of things with their TDSSkiller tool so at least they can remove/fix problem.

I wonder how many AVG users still use version 8.x which did not have any resident protection against rootkits.
« Last Edit: February 13, 2010, 01:23 AM by Bamse »

CleverCat

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,164
    • View Profile
    • Donate to Member
Re: Feb 9, 2010: Windows Patch Leaves Many XP Users With Blue Screens?
« Reply #24 on: February 13, 2010, 01:28 AM »
Shields up No.1....  ;D