Slashdot Mirror
Windows Patch Leaves Many XP Users With Blue Screens
CWmike writes "Tuesday's security updates from Microsoft have crippled Windows XP PCs with the notorious Blue Screen of Death, users have reported on the company's support forum. Complaints began early yesterday, and gained momentum throughout the day. 'I updated 11 Windows XP updates today and restarted my PC like it asked me to,' said a user identified as 'tansenroy' who kicked off a growing support thread: 'From then on, Windows cannot restart again! It is stopping at the blue screen with the following message: 'A problem has been detected and Windows has been shutdown to prevent damage to your computer.' Others joined in with similar reports. Several users posted solutions, but the one laid out by 'maxyimus' was marked by a Microsoft support engineer as the way out of the perpetual blue screens."
first po
Stop OxOOOOOOFC (OxB5FD7D64, Ox76F3E963, OxB5FD7CDC, OxOOOOOOO1)
A problem has been detected and windows has been shut down to prevent damage to your computer.
THL phish sticks
All I keep hearing in my head is:
They put the update in, you take the update out!
They put the update in, shake your laptop all about!
"You do the hokey pokey and you uninstall the patch! That's what it's all about!"
"ooooh... the windows bluescreen."
"ooooh... the windows bluescreen."
"ooooh... the windows bluescreen."
"That's what it's all about!"
Science advances one funeral at a time- Max Planck
I saw and fixed a similar issue in January. A particular KB had patched a .dll that was in fact rootkit infected, breaking the reference to some function call. Windows BSOD'd, claiming the whole partition was unmountable. Rolled back the KB in Recovery Console, sanitized the OS, and reapplied the KB. Problem solved.
. . . my Windows XP updates get pushed, pulled or shoved down my throat . . . this sounds like an excellent reason to clone my hard disk before rebooting, and logging on to my company's network . . .
Schroedinger's Brexit: The UK is both in and out of the EU at the same time!
You know how I know they are lying? They are posting complaints online. We designed this patch -specifically- to stop online complaints about updates. They clearly haven't actually updated.
-Bill Gates
'I updated 11 Windows XP updates today...
You updated your updates? You're doing it wrong.
... and then they built the supercollider.
An MVP poster in the thread claims that KB977165 causes the problem, and that the problem only occurs on computers that have been compromised by exploit code. The patch in question patches the NT kernel executable files.
If it is true that only compromised computers blue screen then it's hard to fault Microsoft for their patch code choking when it stumbles across the exploit code.
I wonder if they are going to push out an updated patch that at least performs some sort of sanity checking before attempting to modify the files. I doubt it. They'll just pass the buck and tell users that their computers were already hosed and that the BSOD is a "feature" and that they should have re-installed the OS anyway (because we all know that once your Windows box is pwnt, the only way to deal with it is full format and re-install).
And people will still be ignoring it.
Well duh... How is Microsoft supposed to make any more money from you if they don't trash their old OS?
Windows costs less, is more secure, and superior to opensource OS's. And hope your boss hears you before your fired.
Here is a list of Microsoft stuff to remove from your XP slipstream:
Automatic Updates (for reasons related to the article) ...
Windows media player (including 6.4) because it downloads codecs at will.
Accessibility Options (unless you need them)
ClipBook Viewer (useless)
Games
Internet Games
Long list, wouldn't it be simpler to just remove Windows XP in it's entirety from your PC and replace it with something else?
Only to idiots, are orders laws.
-- Henning von Tresckow
I let Windows inform me about updates, and I choose when to download them and install them. If nobody else has any problems after a week or so, then and only then will I download and install the updates. I learned a long time ago not to trust anything from Microsoft.
I'd like to thank all of you who beta tested the updates for me!
I updated yesterday and haven't had any problems. I feel like I won the lottery!
But then how will I run Mass Effect 2?
If the masses can keep you down, you're not the Ubermensch.
You can install the recovery console as a boot option:
http://support.microsoft.com/kb/307654
(You should have an I386 folder somewhere)
It is more complicated for Vista and later:
http://blogs.msdn.com/winre/archive/2007/01/12/how-to-install-winre-on-the-hard-disk.aspx
Nerd rage is the funniest rage.
Keep Pinball. I love that old game. Very well done, and might be the best Win software ever.
A Good Troll is better than a Bad Human.
from ars: Users in the thread have tracked down a fix, though it requires using a copy of the Windows disc (or for netbook users without an optical drive, a bootable USB drive with Windows on it): Boot from your Windows XP CD or DVD and start the recovery console (see KB307654 for help with this step) Type this command: CHDIR $NtUninstallKB977165 $\spuninst Type this command: BATCH spuninst.txt Type this command: systemroot Good luck. When complete, type this command: exit
Resistance is futile. You WILL upgrade to Windows 7 as instructed. We are in full control of your computer. Your computer will remain deactivated until you comply with our instructions. You have no alternative but to obey.
I am quadriplegic with a tracheostomy to breathe. That means no keyboard or mouse and no auditory input. I control my computer with eye movement (the only muscles I still fully control) tracked via infrared camera. Almost every system built to assist communication for people like me are built on top of WinXP. There is a Mac version I have heard of but AFAIK doesn't do full control like the one I use. There is no Linux availability at all (oh how I wish).
So I am stuck. This system is my voice and my window to the world (travel is a major production requiring a team of assistants). it controls my immediate environment (tv, lights, etc.). It represents the last bit of independence I possess. It is a Tablet so "pop in the CD isn't so easy.
I am very careful to avoid viruses and other malware (always was when i was healthy and Win32 was only a secondary OS for me then). But to be stabbed in the back would be utterly devastating to me. It could be weeks before I could get qualified help (Nerd Herd, etc. need not apply).
I have something in common with Stephen Hawking...
This is how they solve the problem of backwards compatibility and get everyone onto Windows.Next or Win8 or whatever. Break all OSes prior to Win7 with "patches" thereby forcing everyone to PAY UP SUCKAS....
You can install the recovery console as a boot option:
http://support.microsoft.com/kb/307654
(You should have an I386 folder somewhere)
It is more complicated for Vista and later:
http://blogs.msdn.com/winre/archive/2007/01/12/how-to-install-winre-on-the-hard-disk.aspx
Nope. If you follow that link, you'll see you still need the Windows XP DVD to install the recovery console. Sadly, it was not uncommon for XP systems to be sold with no recovery console. My Toshiba laptop (I'll never buy another) did not come with a Windows XP DVD, merely a "product recovery disk" which wipes everything off the hard drive and does a fresh install. No recovery console available. Apparently there's a huge difference between buying a computer that comes with XP and buying a computer that comes with "XP installed."
If I can be modded down for being a troll, can I be modded up for being an orc, or a balrog?
As I alluded to in my comment, all you need is the I386 folder. It is mostly likely present at C:\I386.
(I am typing this on a computer that did not come with an installation disc; I used the I386 folder to build one (with SP3 slip-streamed in). I have used that CD to install Windows into a VM.)
Nerd rage is the funniest rage.
No shit Sherlock.
He was implying that the poster has only played those games, since he hasn't been using windows and those games are pretty famous for being cross platform.
What I don't understand is why "you can't play games" is supposed to be some sort of universal knock against people who don't use windows. I never played games even when I did use windows, it's just not my thing.
"linux is just DOS with a UNIX like syntax" -- Galactic Dominator (944134)
You say this like it's a *bad* thing...
Please do not read this sig. Thank you.
The problem with Linux is that it's inarticulate. Look at Ubuntu, which is arguably the easiest way to get someone to use Linux if they're from a Windows background.
It works great, it's faster, and most configurations work right out of the box. if you have one of the few configurations that have been checked by the developers. (If you've got an ATI card like I do, Fuck You.) If you've got an older machine without one of the specific wireless cards detailed in document XR-122-65_rev_a_kernel26.6.1, you can with ndiswrapper and wpasupplicant. Rolling back the kernel version will also improve compatibilty on older systems. All of thse commands can be found on forums online, so there's lots of support for... ...what the FUCK are you talking about, Beardo? My machine USED to work, and now it doesn't and that's because I listened to you.
Windows is dominant because they write and market to people who aren't technical users. Read that bolded sentence again. Apple is hauling up their maketshare for the same reason -- they are marketing to the vast majority of people that want a computer but didn't spend their childhood in the CS lab. My dad doesn't want to learn how to use a command line to set up the email. My wife, lead tech support for distance education for a College, didn't like Ubuntu because of the Flash problem.
NOBODY GIVES A FUCK ABOUT PROPRIETARY DRIVERS. IF THE SHIT DOESN'T WORK THEN IT IS A LINUX PROBLEM. (Yes, even if it isn't.)
Hell, MS still has their ridiculous search, when you could just drop to a shell and type "dir *foo*.ext /s | more" and be done in 10 seconds. But you see, if you weren't the kind of person who reads /., I just a) bored you and b) acted condescending and c) said something unintelligible.
Linux is a spectacular tool, but like calipers, $30 ESD wirecutters, or my $200 soldering station, just aren't the right tool for the majority of people out there. If the developers get their heads out of their asses and learn how to market the software AND give the public what it wants, then and only then will Linux get its fair share of the market.
---
ECHELON is a government program to find words like bomb, jihad, plutonium, assassinate, and anarchy.
Uuuuuuuh..... A home user? Re-read that quotation that you so handily provided one more time.
See it?
It's singular. He applied updates to a single computer.
What sort of loon thinks that expecting home users to somehow test patches from their goddamn vendor before applying them is acceptable?
"linux is just DOS with a UNIX like syntax" -- Galactic Dominator (944134)
why are you people still using xp?
Because -
a) I already own a license
b) It suits my needs
c) It's what my employer requires me to have on my at-home on-call PC. Since they're footing the bill, I can hardly complain. See a) and b) above.
From TFA: "To regain control of their PCs, users were told to boot from their Windows XP installation disc, launch the Recovery Console and enter a series of commands."
STOP COPYING LINUX ALREADY!
Try this before the "maxyimus" fix - boot Ubuntu or Systernals ERD and delete that pesky HIBERFIL.SYS and the $RECYCLER while your at it. Reboot to a functional computer. If this doesn't fix then "maxyimus" it is.
If the developers get their heads out of their asses and learn how to market the software AND give the public what it wants, then and only then will Linux get its fair share of the market.
The question is why would developers want to expand their market share among the non-technical users? Personally, I could care less if my mom uses Linux. You know why? Because she is not a developer and will not contribute one line of code to the OSS world. I want Linux to develop a following among the technical/programmer crowd. This means a larger developer base, which means a greater pace of improvement. This has been happening consistently for the 15 years I've been using Linux and that keeps me happily on this platform. Its all about Developers! Developers! Developers! to me. Microsoft and Apple can have all the rest.
When someone decides that there is money in getting non-techies onto Linux, they will be able to polish Linux into something really slick. Ubuntu is trying, but there really doesn't seem to be enough money in it now so they aren't able to apply a lot of resources to it. Who knows? There may never be any real money in that kind of market (for Linux, anyway).
NT - http://technet.microsoft.com/en-us/library/cc750081.aspx
2000 - http://support.microsoft.com/kb/174630
Now the same with Windows XP? Come on now, who are they fooling?
Reminds me of that stupid stride commercial - http://www.youtube.com/watch?v=jxBlKFxGhNk
For those of you who feel left out with a working computer - http://technet.microsoft.com/en-us/sysinternals/bb897558.aspx
When I was in college, a friend of mine who lived down the hall from me came to my door one day frantically knocking. She had stored the only copy of her PhD dissertation on a floppy disk, and the disk had gotten corrupted, and she didn't know what to do.
I poked around on it for a little while, trying out a disk sector editor I had to see if I could recover anything, and I couldn't. It was just lost, period.
She ended up going dumpster-diving. She had thrown away a printed hard copy the day before, and they hadn't taken the trash away yet. She was literally in the trash dumpster, sifting through two apartment buildings' worth of trash to find it, and spent that entire night retyping it from scratch.
I felt sorry for her, and I remember thinking, "Well, I guess that's one way to learn a lesson that you'll never forget..." I was also really glad that I wasn't her significant other, because you know who would have been sifting through that dumpster.
Okay. *upgrades to Ubuntu*
*tries to install Modern Warfare 2*
Hey, I can't run the installer, what's going on? *reads forums* What? Ubuntu doesn't support the latest Direct X? Fuck this, I'm going back to Windows.
Job? I don't have time to get a job! Who will sit around and bitch about being broke and unemployed then?
Also, while command line may be faster than GUI, GUI is easier and here's why: if I want to do some task, I can look at the toolbars and in the menus to fins an item that looks like what I need to do (for example, if I want to find a file, I'll look for a button or menu item named "Search", "Find" or something like that. I will recognize it when I see it), but on a command line, I basically need to remember the exact command for doing what I want to do, for example, I would need to remember the whole "dir *foo*.ext /s | more" command if I want to find the file, it won't work if I type ls instead of dir or if I type search instead of find or I forget to write the /s. For less used commands this gets difficult.
Linux is great, but only when it works right after install and you do not need to install other programs. Otherwise it gets very difficult very fast.
XP is a 10 years old OS that was meant to be decomissioned years ago
Microsoft has had 10 years to introduce fixes to whatever problems Windows XP has. Systems are supposed to get MORE stable as they age, not get worse or show no improvement over time.
Meh...
If most people had to install Windows to get it to work on their PCs, they'd be in the same boat they are currently in with Linux -- they wouldn't have any more clue how to install and configure Windows than they do Ubuntu. Having installed multiple flavors of both Windows and Linux, Ubuntu currently has the easiest installer I've ever seen, bar none. And I've had all the same problems you've described with Linux when I've had to install Windows from a retail (vice OEM) CD. In fact, I've even had to boot a PC with Knoppix, just to find out what kind of hardware was inside the case so I could go download Windows drivers to make the hardware work. However, since every PC maker since Windows 95 has included Windows installed by default (at least until recently), non-techie Windows users typically don't have to worry about it. Now, Windows is what Grandma expects on her PC. And since people, as a rule, are afraid of change, that will be the default until someone gives someone a compelling enough reason to use something else. Unfortunately, at this point, I suspect the only thing that will be compelling enough is, "You can't get a PC with Windows, anymore, ma'am...".
MCSE? No, sir...I don't do Windows. Yes, I am an idealist. What's your point?
As you may have read elsewhere, MS doesn't use context or offset diffs. They just replace files. So the case you speak of is unlikely.
The most likely case is that people who are having the problem have a foreign DLL in their system that calls directly into an offset into this DLL without version checking it. This DLL does so because it's a rootkit, and it wants to fly under the radar. When you change this DLL that other DLL is now calling into invalid code.
But the problem here is this other DLL is bad. It isn't a problem in MS' DLL at all. And how is MS to prevent this, are they to somehow figure out every other DLL in your system that could try to call into this DLL using surreptitious means?
MS didn't know this rootkit existed, or if they knew, they didn't test with it. That's about as far as I can blame them without any more info.
http://lkml.org/lkml/2005/8/20/95
It seems like someone's figured out what was causing the bluescreens... from the MS forum thread:
I had an Eee PC with XP Home brought to me with this same problem. I rolled back KB977165, rebooted and the system worked fine. I reapplied KB977165 and the rest of the updates available at Microsoft Update, and the problem returned. I replaced %System32%\drivers\atapi.sys with a clean version from a XP SP3 distribution folder and rebooted... voila! Problem solved.
For reference, the SHA1SUMs of the atapi.sys files:
Non-working:
bb3e36ad0c8ed6daab38653ea4a942d74b9f4ff6
Working:
a719156e8ad67456556a02c34e762944234e7a44
If anyone wants to look at the non-working atapi.sys:
https://patrickwbarnes.com/pub/atapi.sys
I will be looking at this more in-depth. If I find anything more, it will be posted in a follow-up comment at the ISC:
http://isc.sans.org/diary.html?storyid=8209
UPDATE :
I uploaded the non-working atapi.sys file to VirusTotal, and this is the result:
http://www.virustotal.com/analisis/85aa49f587f69f30560f02151af2900f3dc71d39d1357727ab41b11ef828a7ff-1265925529
Apparently, this update problem is the result of an infection.
Ph.D. on a floppy? Should we get off your lawn?
"If a nation expects to be ignorant and free in a state of civilization, it expects what never was and never will be."
...sifting through two apartment buildings' worth of trash to find it, and spent that entire night retyping it from scratch.
PhD "dissertation"? Normally one writes a thesis for a PhD, and a typical length is in the region of 50,000 words. I don't know about you, but that's way more than I can type in a night.
Developers may want to expand their markets to non-technical users so they have a larger paying customer base to fund innovation.
There were 8 freaking OS security patches in this last patch Tuesday. It must have been a joy to track down the one update that was causing the problem (KB977165).
I have honest pangs of sympathy for the poor sucker that had to figure out that that one update was rendering infected systems unbootable.
This is why monoculture sucks. *Healthy* cultures are diverse. "Mono" doesn't enter into it. Pun very much intended.
--
Toro
True. Why does Linux suck so bad? Every 6 months Ubuntu breaks something.
Heh, if we made slashdot front page stories about those forum posts then even fewer than 1% would use Linux. But ofcource we just have to publicize forum posts about XP problems to give a skewed opinion. Oh well..
I guess she should have copied that floppy. That's what you get for listening to M.E. Hart.
My machines are running ok but I thought I'd look to see if KB977165 which is reported to cause the blue screens was on any of them. It was installed on one machine and not on another. So I thought I'd check a few more things that others say may be causing the problem.
It has been suggested that atapi.sys in the system32/drivers folder might be rootkitted by the update. I compared the SHA-1 hash of atapi.sys on both machines and they were the same (A719156E8AD67456556A02C34E762944234E7A44) so, apparently, update KB977165 didn't change that file in my case.
Some people are saying that atapi.sys is infected with a rootkit. I ran scanned the file through Jotti.com and it found nothing. I also scanned the file at VirusTotal.com and only eSafe reported a problem as follows:
eSafe 7.0.17.0 2010.02.11 Win32.Rootkit
I think this is a false positive since I have identical copies of atapi.sys on both machines and both show the same result on eSafe.
It's possible, I suppose, that I was rooted by something other than the Windows updates but, so far, Sysinternals Rootkit Revealer has shown nothing suspicious.
Do these results agree with anybody elses?
I've worked for 9 years in a support role for mac & windows, HFS+ and HFS aren't all that stable, however, recovery tended to be abit eaiser with HFS(+) compared to NTFS.
I'm not going to claim however that HFS was solely to blame, it's always possible that corruption occurred due the ocasional kernel panic on OSX, or bombs in the old days or applications doing something wonky, but it happened, and more often then the (more numerous) windows installations.
In the end though, it doesn't really matter, in most circumstances the corruption wasn't fatal and we had good backups, and there is no such thing as a perfect computer