XP BSoDs may be down to malware

February 13th, 2010

If you're encountering BSoDs and reboots on your XP machines following the installation of this month's load of Patch Tuesday updates, your machine might be infected with malware.

Patrick W. Barnes, a systems administrator at Cat-man-du, a technology services firm in Amarillo, Texas, said at least three different customers came into his shop with the same blue screen of death after installing Tuesday’s patches on their systems. Barnes said that on closer inspection, he found that each had been previously infected with a rootkit, a set of tools sometimes installed by malware that are designed to hide the presence of the infection on the host system.

Barnes said he traced the problem on each machine back to “atapi.sys” — a Windows storage driver(which lives in %System32\drivers\). When he sent the atapi.sys files that were on the customer machines up for a scan at Virustotal.com, the results suggested malware had injected itself into the system file.

It might be a good idea for anyone seeing this problem to give their system a quick scan with F-Secure’s Blacklight rootkit detector after removing the Windows Update patches and getting the system up and running.

This entry was posted on Saturday, February 13th, 2010 at 20:28 and is filed under PC Doctor's Useful Links, Stay Secure. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Comments are closed.