Mar 06

Blue Screen of Death after installing Microsoft update.

This past February, before I put this blog online, I had an issue with some of my customers’ computers. Some of my customers called me asking for help because their computers wouldn’t load. They said their computers kept rebooting. I know it’s been almost a month now, but I think this issue deserves a post in this blog.

After troubleshooting the issue I traced down the source of the problem to a Microsoft update. More specifically to update KB977165/MS10-015. As soon as I removed this update the computer was able to load windows perfectly fine.

This was odd though. Other computers where the same update was installed didn’t have this issue. This indicated that the problem was caused by something else – not the Microsoft Update. I scanned the computer for viruses and found nothing. I re-installed the update and the computer entered the boot loop once again. After some more troubleshooting I traced the cause of the stop error to the file %System32\drivers\atapi.sys. There was a problem with this file. It had to be infected. I uploaded the file to virustotal.com, and the results came back clean in all but one of the scans. It just said that it was probably infected with a root kit, but it wouldn’t give me more information.

This made sense. Rootkits are designed to hide themselves or other malware from antivirus applications. This is probably why the anti-virus scan I ran didn’t catch anything.

I decided to take a different approach, and I took the hard-drive out of the computer. I connected the hard-drive to another computer and scanned it using an up to date anti-virus (Kaspersky). The scan found several items and cleaned them successfully. One of the infected files was atapi.sys. After this, I installed the update and the computer didn’t reboot again.

So there you have it. The problem was caused by a an infection on the PC.

My suspicions were later confirmed by Microsoft. They apparently took some customers’ computers with them to check them and found the source of the problem. They state on their security response blog that the problem was caused by the Alureon root kit.

They state on their blog:

the presence of Alureon does not allow for a successful boot of the compromised system. The Windows Engineering team continued testing different configurations, as well as retesting several third party applications, leading to our firm conclusion that the blue screen issue is the result of the Alureon rootkit.

So there you have it. They later released a version of the update that does not install if it detects the system is in a state that will cause it to enter this reboot loop.

If you are a victim of this problem, make sure your computer is free from infection. Microsoft recommends to re-install your operating system if you cannot get rid of the infection.

I don’t think this is necessary. If you are in the Phoenix Arizona area and need assistance with this issue, you can contact us and we will gladly help you.

Share
Mar 05

Microsoft will end support for some versions of Windows in 2010.

Support will end for Windows Vista with no service packs on April 13th 2010 and for Windows XP with Service PackĀ  2 on July 13th 2010. If you are running any of these versions, you should consider updating to the latest service pack.

What does this mean? This means that after these dates these products won’t be able to receive the latest security patches from the Microsoft Update website. If you want to stay protected, you should upgrade to the latest Service Pack.

Windows XP 64 bit is an exception. If you are running Windows XP 64 bit SP2, you have the latest version of the Operating System, and you will continue to receive security updates.

How do you find out what version of the operating system you are running? The easiest way to do this is to click on your Start Menu, right-click My Computer (or Computer for Windows Vista), and click Properties.

How do you install the latest service pack? The easiest way to do this is to turn on Windows Update and select a time to install the updates automatically.

To turn on Automatic Updates in Windows XP click on the start menu and click run, type sysdm.cpl and press the enter key, click on the Automatic Updates tab, select Automatic (recommended) Automatically download recommended updates for my computer and install them, and finally select a time to install the updates. Windows will connect to the internet for you and check for the latest updates and install them on the schedule you specified.

To turn on Automatic Updates in Windows Vista click on the start menu, click all programs, select Windows Update, in the left pane – click change settings, and choose the option you want. In this case we want to select the option to install the updates automatically.

Another option is to check for updates manually and install the latest service pack.

To do this in Windows XP open up Internet Explorer and go to the following site – windowsupdate.microsoft.com. Once you are on the site click the “Express” button to check for updates.

In Windows Vista click on the start menu and type Windows Update on the search bar, select Windows Update from the items on the search results, select check for updates in the left hand pane, and select install updates to install any found updates.

It is always good to keep your computer up to date with the latest security updates. This will protect your PC from attackers and viruses that may exploit any security holes on the operating system.

If you need any assistance with any of this don’t hesitate to contact us, and we will gladly help you.

Click Here for more information.

Share