AfterDawn: Tech news

Malware caused Windows systems to crash on security update

Written by James Delahunty (Google+) @ 20 Feb 2010 5:35 User comments (8)

Malware caused Windows systems to crash on security update Microsoft has identified a malware infection that caused Windows systems to crash when installing a security update last week. The malware in question disguises itself using rootkit methods, and modifies the operating system kernel; changes that led to the system crashing when the update was installing.
"The restarts are the result of modifications the Alureon rootkit makes to Windows Kernel binaries, which places these systems in an unstable state," Mike Reavey, director of the Microsoft Security Response Center, wrote. "In every investigated incident, we have not found quality issues with security update MS10-015."

Until a solution is available, Microsoft will not offer the patch for 32-bit Windows through Automatic Updates, but will offer it for 64-bit systems.

"A malware compromise of this type is serious, and if customers cannot confirm removal of the Alureon rootkit using their chosen anti-virus/anti-malware software, the most secure recommendation is for the owner of the system to back up important files and completely restore the system from a cleanly formatted disk," Microsoft said.

The Win32/Alureon malware makes changes to DNS settings and hijacks user searches. It also makes fraudulent "clicks" on advertisements.

Previous Next  

8 user comments

120.2.2010 11:53
jony218
Inactive

I apologize to Microsoft for "badmouthing" them for there incompetence when this problem first came up. Even though they declared they weren't at fault, me like everyone else doubted there statements of innocence.
But this just goes to prove that there are many people out there surfing the internet without any antivirus or basic security.

220.2.2010 13:08

I don't know if this malware was responsible for my "hyjacking" of my system, but i just bought a laptop yest and by the evening time, i had a file called SECURITY ROOT, and when i clicked on it not intentionally of course it told me that i was infected with a worm and whenever i clicked on a program it woild not open it, so to get it off i had to an hour-long dissecting of my system and put a malware program on it to get it off, which it worked when i rebooted my computer. If anybody in Afterdawnland has a problem with this there's a fix go to www.bleepingcomputer.com/virus-removal/remove-security-tool there's a step-by-steo guide that helped me get this shit off. Like i said, i dont know if this is what that specific problem was or something else but it saved me from ruining my OS. - BLUEBOY

320.2.2010 13:33

Ah, good old Auto Updates. Have never used them, never will. I prefer to put my time & energy into programs like anti-virus, malware checks etc., those i keep up to date, but Auto Updates, they can stay out there in Microsoft land thanks.




Main PC ~ Intel C2Q Q6600 (G0 Stepping)/Gigabyte GA-EP45-DS3/2GB Crucial Ballistix PC2-8500/Zalman CNPS9700/Antec 900/Corsair HX 620W
Network ~ DD-WRT ~ 2node WDS-WPA2/AES ~ Buffalo WHR-G54S. 3node WPA2/AES ~ WRT54GS v6 (inc. WEP BSSID), WRT54G v2, WRT54G2 v1. *** Forum Rules ***

420.2.2010 17:27

Originally posted by creaky:
Ah, good old Auto Updates. Have never used them, never will. I prefer to put my time & energy into programs like anti-virus, malware checks etc., those i keep up to date, but Auto Updates, they can stay out there in Microsoft land thanks.
Still, keeping the underlying OS updated is highly important. Having an OS with anti-virus etc. doesn't mean much if it doesn't have updates that are critical and have been out for a while.

520.2.2010 17:45

No, 'fraid i disagree with keeping the OS up to date. I'm happily using XP SP2, so my OS is only as up to date with whatever fixes were in SP2 ie my OS is basically 6 years out of date. I couldn't be happier, it's 100% stable, and 'just works'. I don't buy into the idea that it's automatically insecure because it's old and because there's 65 million vulnerabilities that have been fixed since SP2. Each to their own i say, i'll continue using my out of date OS with all it's insecurities, other people can do whatever they want with their own OS.
At the end of the day i use linux as my main OS anyway, i only keep Windows machines for the Windows-specific programs that i have.

This message has been edited since its posting. Latest edit was made on 20 Feb 2010 @ 17:46



Main PC ~ Intel C2Q Q6600 (G0 Stepping)/Gigabyte GA-EP45-DS3/2GB Crucial Ballistix PC2-8500/Zalman CNPS9700/Antec 900/Corsair HX 620W
Network ~ DD-WRT ~ 2node WDS-WPA2/AES ~ Buffalo WHR-G54S. 3node WPA2/AES ~ WRT54GS v6 (inc. WEP BSSID), WRT54G v2, WRT54G2 v1. *** Forum Rules ***

621.2.2010 3:38

I had to upgrade to SP3 to enable WPA2-AES on all the laptops in my workplace. As far as I'm concerned, that's the only commonly used change.

721.2.2010 6:24

Originally posted by H0bbes:
I had to upgrade to SP3 to enable WPA2-AES on all the laptops in my workplace. As far as I'm concerned, that's the only commonly used change.
yes its not always about security.

821.2.2010 6:36

I don't mean to debate this but certainly in the case of WPA2/AES which i use across all my routers/adapters, XP only needed this patch adding to SP2 for enabling WPA/AES.
As i say, each to their own, i just don't buy into mandatory OS updates. I do keep certain linux OSes updated as i don't have to worry about DRM etc being added in linux patches, but Microsoft.....

This message has been edited since its posting. Latest edit was made on 21 Feb 2010 @ 6:37



Main PC ~ Intel C2Q Q6600 (G0 Stepping)/Gigabyte GA-EP45-DS3/2GB Crucial Ballistix PC2-8500/Zalman CNPS9700/Antec 900/Corsair HX 620W
Network ~ DD-WRT ~ 2node WDS-WPA2/AES ~ Buffalo WHR-G54S. 3node WPA2/AES ~ WRT54GS v6 (inc. WEP BSSID), WRT54G v2, WRT54G2 v1. *** Forum Rules ***

Comments have been disabled for this article.

News archive