Posted by Monte Robertson on Mon, Feb 15, 2010 @ 09:38 AM
One of the Windows Updates released on 2/9/2010 is being blamed (possibly incorrectly), for many XP users having their machines blue screen after installing the security software update and rebooting the machine. It may be that the machines exhibiting this condition are actually infected with a Trojan released back in 2008 and by fixing the exploit via the patch(es), the machine locks up.
Anyway here the solution as it stands now:
Apparently only one Knowledge Base (KB) patch requires un-installation (or should be skipped to begin with if you have not updated yet and have XP machines), to resolve the issue.
KB977165 is the patch under current scrutiny; the other patches released Tuesday don't seem to cause the blue screen result and do not need to be uninstalled.
If you have installed KB977165 and have a machine in trouble, here are the updated steps to take. You will need the XP install disk to repair the computer, which will be a problem if you bought one that shipped without the install\repair disk.
1. Boot from your Windows XP CD or DVD and start the recovery console (recovery console instruction help) Of course the machine will have to boot first from the disk drive and a visit to system setup may be required before starting step one.
Once you are in the Repair Screen:
2. Type this command: CHDIR $NtUninstallKB977165$\spuninst - push enter
3. Type this command: BATCH spuninst.txt - push enter
4. When complete, type this command: exit - push enter
Ok you fixed it but the machine still has the vulnerability, now what do I do? - The link here shows how you can get protected from this exploit mentioned in KB977165 without installing the actual KB update: http://support.microsoft.com/kb/979682
If you have a Netbook with this problem it is going to be a bad day. I can't find much in the way of fixes for non-technical users. Can you say "bootable USB?"
Thanks to Kevin Hau and Krebs for getting the fix out. Thanks to all the crackers writing malicious code that keeps an entire industry afloat. If they really wanted to make an impact on the world they could stop writing malicious code. An entire security software industry would cease to exist. Yeah. Like that's going to happen.
Stay Safe Now.
Security as a Service for Businesses who have better things to do. 303.232.9070