Redmond (ip-192.com): A hard-to-detect rootkit may be causing Windows XP systems to crash after applying patch MS10-015, according to Microsoft. As reported by ip-192.com (our stories are here and here), Windows users began flooding Windows support forums almost immediately after installing Microsoft's February security update, saying that their computers had been rendered unusable with a blue-screen-of-death (BSOD) error. Microsoft now says that malicious software may be to blame.
"In our continuing investigation in to the restart issues related to MS10-015 that a limited number of customers are experiencing, we have determined that malware on the system can cause the behavior," said Microsoft spokesman Jerry Bryant on The Microsoft Security Response Center (MSRC). “We are not yet ruling out other potential causes at this time and are still investigating.”
Microsoft support engineers have actually driven to customer locations and picked up affected systems to analyze the data contained in crash files, according to Bryant.
Meanwhile, security company Kaspersky Lab has released a standalone utility to remove rootkit.win32.tdss. The website states that for Windows operating systems, the term rootkit stands for a program that infiltrates the system and hooks system functions (Windows API). By hooking and modifying low-level API functions, such malware can effectively hide its presence in a system. Moreover, rootkits as a rule are able to conceal in the system any processes, folders and files on a disk as well as registry keys described in its configuration. Many rootkits install own drivers and services (hidden as well) into the system.
The utility, tdsskiller.exe, can be found here, together with instructions on how to disinfect an infected system. The utility will only clean 32-bit systems.
Recent Comments