ARN

Blue screen reboots after patch could mean malware

Microsoft today confirmed it has traced rebooting problems after installing a recent Windows patch to the Alureon rootkit.

Redmond announced today it has found the cause of reported rebooting problems after some Windows users installed a recent patch: The systems were infected with malware.

Specifically, the Alureon rootkit, a type of stealth malware that's used to hide other malware infections. Rootkits typically change important system files to perform their obfuscation, and in this case Microsoft says those system changes caused major problems after the MS10-015 kernel patch, shipped during the last Patch Tuesday, was installed.

A Microsoft Security Response Center post says that the company first heard of the reboot problems on the 10th, and halted the distribution of MS10-015 via Automatic Updates while it investigated. That research confirmed the problem with the rootkit.

According to the post, the Alureon varieties seen by Microsoft only affect 32-bit systems. Also, problem reports have largely involved Windows XP systems. For that reason, Redmond says it will resume distributing the MS10-015 patch for 64-bit systems via Windows Update.

While I'm more than willing to take Microsoft to task when they screw up, in this case I don't think anyone could hold Redmond at fault here when the root cause is a malware infection. It could even be a good thing, since the only thing worse than dealing with a constantly rebooting system is unknowingly using an infected system and having all your passwords and financial info stolen.  

Another post from the Microsoft Malware Protection Center provides some technical details on Alureon, and also notes that the latest varieties of the malware no longer conflict with MS10-015. Also, if your own PC has been constantly rebooting since applying this patch and you think you might be infected with the rootkit, Microsoft says it will provide free technical support at its PC Safety hotline at 1-866-727-2338.

Come socialise with us! Facebook | LinkedIn

More about: Microsoft
References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the ARN comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: Microsoft, malware, Alureon
ARN Directory | Distributors relevant to this article
ASI Solutions , Bluechip Infotech , Compucon Computers , Dicker Data , Express Data , Express Online , Impact Systems Technology , Ingram Micro Australia , Leader Computers , Leading Pacific Australia , NewLease , Simms International (For Simms International please see Express Online) , Synnex Australia , Topstar Computer International , Westan , XiT Distribution , Xpress I.T.
rhs_login_lockGet exclusive access to ARN's news, research and invitation only events.
ARN Distributor Directory
Find distributors by name | vendor | location
Channel Deals
/deals/transition-systems-australia/2010-12-09_354_polycom
Transition Systems Australia

Polycom

More details »
ARN Vendor Directory
Find vendors by name | category

iAsset is a channel management ecosystem that automates all major aspects of the entire sales,marketing and service process, including data tracking, integrated learning, knowledge management and product lifecycle management.