Rootkit Could Cause Windows BSOD Problem

A rootkit infection possibly caused the problem of 'Windows Blue Screen of Death' that users of Windows XP experienced after they had deployed Microsoft's latest patches issued on February 9, 2010.

Some reports state that the users of Windows started inundating Windows support forums during the 2nd week of February 2010. They complained that they couldn't use their computers because of a BSOD (Blue-Screen-Of-Death) error following the updates' installation.

Windows users experiencing the difficulty state that it is the patch MS10-015 - which is the real issue. Uninstalling of this update makes their computers regain their usual functioning.

On February 11, 2010, Microsoft halted the patch's distribution and stated that its experts were investigating.

When Microsoft notified its customers about the latest status of investigation, Symantec explained that a TDSS rootkit variant namely 'TDL3' probably was responsible for the problems. The variant would call critical Application Programming Interface (API) addresses within Window's kernel so that TDL3 along with its malicious payload could be loaded via allocated memory.

Subsequently, on February 12, 2010, Microsoft presented an initial conclusion. It said that the problem might be due to malware. According to Jerry Bryant (Microsoft Spokesman), malicious software on the computer could result in the behavior. He added that while the company wasn't dismissing other possible reasons, it was still investigating, as reported by PCWorld on February 12, 2010.

For the time being, however, the security researchers suggested users to first clean their computers off the rootkit prior to fixing the problem or before deploying the patch. Users with the BSOD should take out their computers' hard drive, fix it to another computer and then run a scanner to check for infections and ensure they are caught.

Thereafter, Bryant directed users to put their hard drives back to the original systems and try rebooting. If the reboot didn't occur, then they might install a Windows repair. If that too failed, then they would've to reload their PCs.

Additionally, Microsoft's experts stated that customers should continuously run their antivirus programs and keep them up-to-date so that no malware infection could occur.

Related article: Rootkits Can Be Detected And Eradicated

» SPAMfighter News - 2/22/2010