Microsoft Says Rootkit Causes XP 'Blue Screens'
After a week-long investigation, Microsoft bug sleuths claim they've hunted down the cause of multiple reboots and crashes inflicted on Windows XP users.
A week after users began complaining that a recent security update for Windows that aims to patch a 17-year-old bug caused uncontrolled reboots and "Blue Screens of Death" (BSoD) for Windows XP users, Microsoft says it's chased down the root of the problem -- literally.
The problem, the company said in a blog post Wednesday evening, is caused by a rootkit malware infestation -- not by Microsoft's update.
"Our investigation has concluded that the reboot occurs because the system is infected with malware, specifically the Alureon rootkit," Mike Reavey, director of the Microsoft Security Response Center (MSRC), said in the post.
"We were able to reach this conclusion after the comprehensive analysis of memory dumps obtained from multiple customer machines and extensive testing against third-party applications and software," Reavey added. Only 32-bit versions of XP were affected.
The solution? Get a good antivirus package, make sure it's up-to-date, and remove the nasty little bugger.
"Our guidance remains the same: customers should continue to deploy this month's security updates and make sure their systems are up-to-date with the latest anti-virus software."
A post-Patch Tuesday fiasco
Problems erupted almost immediately following this month's Patch Tuesday bug fix event.
A thread started on Microsoft's community forums recounted users' horrific experiences after installing a patch meant to block a recently discovered security flaw in old Windows NT code that still exists in current versions of Windows.
In the meantime, the number of posts and views on the community thread skyrocketed. By Thursday, Feb. 18, users had posted 407 entries and more than 185,000 others had viewed the discussion -- ostensibly searching for relief for their problems.
By early Thursday afternoon, publication of the fix apparently had an impact as there were only a handful of new posts mentioning the rootkit problem.
"I performed first a virus scan and found Win32/Alureon!rootkit. My CA anti-virus deleted the iastor.sys so I copied a clean one from the XP CD. plugged drive back in my pc and started again," said a post by a user whose screen name is Weust2.
According to Microsoft, users impacted by the Alureon rootkit, can get free help here. Alternately, users can call the PC Safety hotline at 1-866-727-2338.
February 18, 2010
Mozilla offers Firefox 3.0.18 and 3.5.8 patches for a trio of critical security vulnerabilities that Mozilla fixed a month ago for Firefox 3.6 users.