Slashdot Mirror

← Back to Stories (view on slashdot.org)

Windows Patch Leaves Many XP Users With Blue Screens

Posted by timothy on from the could-be-worse-could-be-raining dept.

CWmike writes "Tuesday's security updates from Microsoft have crippled Windows XP PCs with the notorious Blue Screen of Death, users have reported on the company's support forum. Complaints began early yesterday, and gained momentum throughout the day. 'I updated 11 Windows XP updates today and restarted my PC like it asked me to,' said a user identified as 'tansenroy' who kicked off a growing support thread: 'From then on, Windows cannot restart again! It is stopping at the blue screen with the following message: 'A problem has been detected and Windows has been shutdown to prevent damage to your computer.' Others joined in with similar reports. Several users posted solutions, but the one laid out by 'maxyimus' was marked by a Microsoft support engineer as the way out of the perpetual blue screens."

8 of 658 comments (clear)

  1. Re:Saw this last month by Dorkmunder · · Score: 5, Informative

    From the comments over a DShield on this topic http://isc.sans.org/diary.html?storyid=8209 it looks like this might be the case again

  2. Re:ha ha suckers!!! by biryokumaru · · Score: 4, Informative

    It's not like the hard drive is bad. Just use knoppix or something. You're pretty dumb for someone getting a PhD. Maybe this is just the gods way of sending you a message.

    --
    When you're afraid to download music illegally in your own home, then the terrorists have won!
  3. Re:ha ha suckers!!! by Beardo+the+Bearded · · Score: 5, Informative

    First, take a deep breath. The most important rule is "Don't Panic".

    Next, you download a Linux distro with a LiveCD. Ubuntu's a little bloaty, but it's got a lot of drivers right out of the box. If you've got internet access, you should be able to do that. If not, then you'll have to contact a friend with access or do it from the lab. Grab a beer while you wait -- it'll be a while.

    Burn the liveCD and boot with that. You might have to edit your BIOS settings to boot from CD first. Choose the "try Ubuntu without making any changes to your computer" option. Once it boots up, you'll be able to access your hard drive, and most importantly, your dissertation. Print the fucking thing, email it to your gmail account, and while you're at it, email what you've got to your professor. Let him know that you're "having computer problems, so I'm sending what I could recover in the meantime." Remember that computers fail all the time so you have to keep copies of important papers on physically separate systems.

    You're apparently a smart enough guy to get a PhD, so you should be able to figure out how to navigate Ubuntu. It's basically the same as Windown, but with the bar on the top instead of the bottom. My daughter's six and she can use Puppy Linux.

    Actually, you could probably use Puppy. The whole OS is only 150MB, so it'll download in a much shorter time than Ubuntu. It's not quite as polished, but I've had good luck with it.

    --

    ---
    ECHELON is a government program to find words like bomb, jihad, plutonium, assassinate, and anarchy.
  4. Re:ha ha suckers!!! by harrkev · · Score: 5, Informative

    Agreed.

    As long as you haven't turned on file encryption (only an option with XP Pro), you can easily recover everything. Do this:

    1) Go to a friend's computer. Download and burn a copy of your favorite linux distro (I use Ubuntu).

    2) Live-boot from the CD.

    3) Mount the hard drive.

    4) Insert your favorite USB storage device (make sure it is large enough).

    5) Copy ALL important files to the USB drive (probably safest to copy your entire user directory, if your USB drive is big enough.

    6) When done, re-format your hard drive and re-install XP.

    7) Update your system completely.

    8) Re-install all applications you need (office, etc.)

    9) Copy your important files off of the USB drive.

    Really, it is time-consuming, but I have had to do this exact same process for friends a bunch of times.

    As far as the PhD goes, go up to step 5, and then use the friend's computer to print everything. Do steps 6-8 some other day.

    --
    "-1 Troll" is the apparently the same as "-1 I disagree with you."
  5. A quick fix by Bloom+Berg · · Score: 5, Informative

    from ars: Users in the thread have tracked down a fix, though it requires using a copy of the Windows disc (or for netbook users without an optical drive, a bootable USB drive with Windows on it): Boot from your Windows XP CD or DVD and start the recovery console (see KB307654 for help with this step) Type this command: CHDIR $NtUninstallKB977165 $\spuninst Type this command: BATCH spuninst.txt Type this command: systemroot Good luck. When complete, type this command: exit

  6. Re:Need confirmation by bertok · · Score: 4, Informative

    If it is true that only compromised computers blue screen then it's hard to fault Microsoft for their patch code choking when it stumbles across the exploit code.

    It's pretty easy to fault them for not taking a checksum before they patch to ensure that the file isn't modified. If it is, warn the user.

    Microsoft patches are file-level, not delta-patches. They always overwrite complete files, and never try to modify files in-place.

    That's why their patches are so huge, if there's a systematic error in many related files, then they all need to be replaced in their entirety.

    It's a waste of bandwidth, but it's much more reliable.

    I suspect what happened here is that Microsoft replaced one of two related files, but the other file was modified by the root-kit, and the mixed versions don't work together any more.

  7. Re:ha ha suckers!!! by Sanat · · Score: 5, Informative

    Actually it is * KB977165 only that needs to be un-installed.

     

    --
    And in the end, the love you take is equal to the love you make
  8. Potential cause for the blue-screens by ThePeeWeeMan · · Score: 5, Informative

    It seems like someone's figured out what was causing the bluescreens... from the MS forum thread:

    I had an Eee PC with XP Home brought to me with this same problem. I rolled back KB977165, rebooted and the system worked fine. I reapplied KB977165 and the rest of the updates available at Microsoft Update, and the problem returned. I replaced %System32%\drivers\atapi.sys with a clean version from a XP SP3 distribution folder and rebooted... voila! Problem solved.

    For reference, the SHA1SUMs of the atapi.sys files:

    Non-working:
    bb3e36ad0c8ed6daab38653ea4a942d74b9f4ff6

    Working:
    a719156e8ad67456556a02c34e762944234e7a44

    If anyone wants to look at the non-working atapi.sys:
    https://patrickwbarnes.com/pub/atapi.sys

    I will be looking at this more in-depth. If I find anything more, it will be posted in a follow-up comment at the ISC:
    http://isc.sans.org/diary.html?storyid=8209

    UPDATE :
    I uploaded the non-working atapi.sys file to VirusTotal, and this is the result:
    http://www.virustotal.com/analisis/85aa49f587f69f30560f02151af2900f3dc71d39d1357727ab41b11ef828a7ff-1265925529

    Apparently, this update problem is the result of an infection.