Microsoft Says Rootkit Causes XP 'Blue Screens'

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

A week after users began complaining that a recent security update for Windows that aims to patch a 17-year-old bug caused uncontrolled reboots and "Blue Screens of Death" (BSoD) for Windows XP users, Microsoft says it's chased down the root of the problem -- literally.

The problem, the company said in a blog post Wednesday evening, is caused by a rootkit malware infestation -- not by Microsoft's update.

"Our investigation has concluded that the reboot occurs because the system is infected with malware, specifically the Alureon rootkit," Mike Reavey, director of the Microsoft Security Response Center (MSRC), said in the post.

"We were able to reach this conclusion after the comprehensive analysis of memory dumps obtained from multiple customer machines and extensive testing against third-party applications and software," Reavey added. Only 32-bit versions of XP were affected.

The solution? Get a good antivirus package, make sure it's up-to-date, and remove the nasty little bugger.

"Our guidance remains the same: customers should continue to deploy this month's security updates and make sure their systems are up-to-date with the latest anti-virus software."

A post-Patch Tuesday fiasco

Problems erupted almost immediately following this month's Patch Tuesday bug fix event.

A thread started on Microsoft's community forums recounted users' horrific experiences after installing a patch meant to block a recently discovered security flaw in old Windows NT code that still exists in current versions of Windows.

Early analysis by users and community forum moderators appeared to finger the bug patch, known as MS10-015, so Microsoft pulled the update until it could analyze the problems.

In the meantime, the number of posts and views on the community thread skyrocketed. By Thursday, Feb. 18, users had posted 407 entries and more than 185,000 others had viewed the discussion -- ostensibly searching for relief for their problems.

By early Thursday afternoon, publication of the fix apparently had an impact as there were only a handful of new posts mentioning the rootkit problem.

"I performed first a virus scan and found … Win32/Alureon!rootkit. My CA anti-virus deleted the iastor.sys so I copied a clean one from the XP CD. plugged drive back in my pc and started again," said a post by a user whose screen name is Weust2.

According to Microsoft, users impacted by the Alureon rootkit, can get free help here. Alternately, users can call the PC Safety hotline at 1-866-727-2338.

Stuart J. Johnston is a contributing writer at InternetNews.com, the news service of Internet.com, the network for technology professionals.