Malware caused Windows systems to crash on security update

Malware caused Windows systems to crash on security update
Microsoft has identified a malware infection that caused Windows systems to crash when installing a security update last week. The malware in question disguises itself using rootkit methods, and modifies the operating system kernel; changes that led to the system crashing when the update was installing.

"The restarts are the result of modifications the Alureon rootkit makes to Windows Kernel binaries, which places these systems in an unstable state," Mike Reavey, director of the Microsoft Security Response Center, wrote. "In every investigated incident, we have not found quality issues with security update MS10-015."



Until a solution is available, Microsoft will not offer the patch for 32-bit Windows through Automatic Updates, but will offer it for 64-bit systems.

"A malware compromise of this type is serious, and if customers cannot confirm removal of the Alureon rootkit using their chosen anti-virus/anti-malware software, the most secure recommendation is for the owner of the system to back up important files and completely restore the system from a cleanly formatted disk," Microsoft said.

The Win32/Alureon malware makes changes to DNS settings and hijacks user searches. It also makes fraudulent "clicks" on advertisements.

Written by: James Delahunty @ 20 Feb 2010 5:35
Advertisement - News comments available below the ad
  • 8 comments
  • jony218

    I apologize to Microsoft for "badmouthing" them for there incompetence when this problem first came up. Even though they declared they weren't at fault, me like everyone else doubted there statements of innocence.
    But this just goes to prove that there are many people out there surfing the internet without any antivirus or basic security.

    20.2.2010 11:53 #1

  • blueboy09

    I don't know if this malware was responsible for my "hyjacking" of my system, but i just bought a laptop yest and by the evening time, i had a file called SECURITY ROOT, and when i clicked on it not intentionally of course it told me that i was infected with a worm and whenever i clicked on a program it woild not open it, so to get it off i had to an hour-long dissecting of my system and put a malware program on it to get it off, which it worked when i rebooted my computer. If anybody in Afterdawnland has a problem with this there's a fix go to www.bleepingcomputer.com/virus-removal/remove-security-tool there's a step-by-steo guide that helped me get this shit off. Like i said, i dont know if this is what that specific problem was or something else but it saved me from ruining my OS. - BLUEBOY

    20.2.2010 13:08 #2

  • creaky

    Ah, good old Auto Updates. Have never used them, never will. I prefer to put my time & energy into programs like anti-virus, malware checks etc., those i keep up to date, but Auto Updates, they can stay out there in Microsoft land thanks.



    Main PC ~ Intel C2Q Q6600 (G0 Stepping)/Gigabyte GA-EP45-DS3/2GB Crucial Ballistix PC2-8500/Zalman CNPS9700/Antec 900/Corsair HX 620W
    Network ~ DD-WRT ~ 2node WDS-WPA2/AES ~ Buffalo WHR-G54S. 3node WPA2/AES ~ WRT54GS v6 (inc. WEP BSSID), WRT54G v2, WRT54G2 v1. *** Forum Rules ***

    20.2.2010 13:33 #3

  • Amak

    Originally posted by creaky: Ah, good old Auto Updates. Have never used them, never will. I prefer to put my time & energy into programs like anti-virus, malware checks etc., those i keep up to date, but Auto Updates, they can stay out there in Microsoft land thanks.Still, keeping the underlying OS updated is highly important. Having an OS with anti-virus etc. doesn't mean much if it doesn't have updates that are critical and have been out for a while.

    20.2.2010 17:27 #4

  • creaky

    No, 'fraid i disagree with keeping the OS up to date. I'm happily using XP SP2, so my OS is only as up to date with whatever fixes were in SP2 ie my OS is basically 6 years out of date. I couldn't be happier, it's 100% stable, and 'just works'. I don't buy into the idea that it's automatically insecure because it's old and because there's 65 million vulnerabilities that have been fixed since SP2. Each to their own i say, i'll continue using my out of date OS with all it's insecurities, other people can do whatever they want with their own OS.
    At the end of the day i use linux as my main OS anyway, i only keep Windows machines for the Windows-specific programs that i have.



    Main PC ~ Intel C2Q Q6600 (G0 Stepping)/Gigabyte GA-EP45-DS3/2GB Crucial Ballistix PC2-8500/Zalman CNPS9700/Antec 900/Corsair HX 620W
    Network ~ DD-WRT ~ 2node WDS-WPA2/AES ~ Buffalo WHR-G54S. 3node WPA2/AES ~ WRT54GS v6 (inc. WEP BSSID), WRT54G v2, WRT54G2 v1. *** Forum Rules ***

    20.2.2010 17:45 #5

  • H0bbes

    I had to upgrade to SP3 to enable WPA2-AES on all the laptops in my workplace. As far as I'm concerned, that's the only commonly used change.

    21.2.2010 03:38 #6

  • SmOkM

    Originally posted by H0bbes: I had to upgrade to SP3 to enable WPA2-AES on all the laptops in my workplace. As far as I'm concerned, that's the only commonly used change.yes its not always about security.

    21.2.2010 06:24 #7

  • creaky

    I don't mean to debate this but certainly in the case of WPA2/AES which i use across all my routers/adapters, XP only needed this patch adding to SP2 for enabling WPA/AES.
    As i say, each to their own, i just don't buy into mandatory OS updates. I do keep certain linux OSes updated as i don't have to worry about DRM etc being added in linux patches, but Microsoft.....



    Main PC ~ Intel C2Q Q6600 (G0 Stepping)/Gigabyte GA-EP45-DS3/2GB Crucial Ballistix PC2-8500/Zalman CNPS9700/Antec 900/Corsair HX 620W
    Network ~ DD-WRT ~ 2node WDS-WPA2/AES ~ Buffalo WHR-G54S. 3node WPA2/AES ~ WRT54GS v6 (inc. WEP BSSID), WRT54G v2, WRT54G2 v1. *** Forum Rules ***

    21.2.2010 06:36 #8

© 2024 AfterDawn Oy

Hosted by
Powered by UpCloud