We reported last year that the Blue Screen of Death was appearing on Windows7 causing shutdowns. Microsoft has admitted the problem, but denied that it had to do with one of their upgrade patches that was sent out. Not all computers are affected by this problem, but it now is three months and the problem is still affecting PC users.

What does the BSOD do?

Once Windows7 is installed, and security patches are downloaded and updated,  problems can occur. If there is a rootkit installed on the computer that bypassed the virus checkers, it becomes lodged in the system. The updates can cause the system to freeze and blue screen.

Fixes

Microsoft has provided an update, MS10-015, which originally shipped on Feb. 9. There were so many complaints, however, from users on the support forum that it was pulled from the Windows Updates’ automatic update two days later. Users who installed the update found that their machines refused to restart after they had installed the patch. The affected PCs stopped producing a blue screen, indicating a serious software error and crash in Windows.

Following that support debacle, Microsoft identified the source of the problem. They announced that  PCs infected with the “Alureon” rootkit were hit by the MS10-015 patch. Further they denied that there was any flaw in the security update itself.

The Win32/Alureon is a complex set of trojans that steal data. They let an attacker into a system to intercept Internet traffic coming in to a network or going out to obtain confidential information such as user names, passwords, and credit card data.

The New Update

To understand the updates, there are conditions on a PC system that may be from a computer virus that modifies some operating system files. These modifications may render the nfected computers incompatible with the MS10-015 update. Thus in some instances, installing security update MS10-015 may cause the computer to restart repeatedly.

The security bulletin, however, includes new detection logic for consumers that search for indications of the Alureon rootkit. If it detects conditions that are abnormal or problematic in any way relating to operating system configurations, the update will fail. The process will stop. Customers are given an error message that provides them with other support options. When this presents itself, Microsoft customer support will work with affected customers to resolve the issue.

Fix IT

So now you know about the problem and about the possible solution, but you are still unsure whether you should apply the update patch.  Microsoft does have a solution. Fix IT.

The Fix it solution allows users to run the program to determine whether a computer is compatible with security update 977165. This goes back to security bulletin MS10-015. The Fix It solution will allow IT administrators to see how this solution can be used. Especially it can be used to determine if computers in an enterprise and are compatible with security update 977165.

The Fix It solution is a bit of a misnomer. It does not resolve the issue. Instead, the Fix It solution only notifies you of a possible issue and suggests the next steps to take.

Next Release

Microsoft has not yet delivered on a detect-and-destroy virus removal tool that will clean infected PCs. A short time ago, they indicated that the tool would be ready in upcoming weeks. Likewise, the tools for both consumers and enterprise customers will be available sometime in the next month or so.

In the past, Microsoft has used the Malicious Software Removal Tool (MSRT), to seek out and destroy rootkits. They used to come out on Tuesday and so the next scheduled refresh of the MSRT program scheduled for March 9.

MS10-015 Microsoft Security Bulletin . The Fix IT solution can be accessed here.

See also:  Windows7 – How to Install MS Security Essentials – and Warning: Watch for ScareWare