Microsoft Releases Blue Screen Rootkit Detection Tool
Last month's Microsoft security updates have caused some controversy over a single patch in the pack that was first thought to cause blue screens on some computer systems.
It later turned out that the patch was only indirectly responsible for the blue screen; a rootkit that had altered some files of the operating system was causing it after all.
Some computers may not be compatible with security update 977165. This issue usually occurs when a computer is infected with a virus that changes certain Microsoft operating system files. In these cases, after you install the security update 977165, the computer may restart repeatedly.
The solution back then was to clean the computer system first by running up to date rootkit detection software before installing the security patch.
Two updates have been released by Microsoft which are both useful to users affected by the issue, and users who have not experienced it but have not installed the security update yet.
The patch has been redesigned by Microsoft to block the patching if "abnormal" conditions exist which in this case means altered files on the computer caused by the rootkit.
If these conditions are detected, the update will not be installed and the result will be a standard Windows Update error.
Microsoft has furthermore released a fix it script that can be used to determine if a computer system is compatible with the security update that is described in the security bulletin MS10-15.
The fix it solution can be downloaded here. It is recommended to run it first before trying to install the security patch. The Fix It solution will only report if the patch can be installed without difficulty by checking for issues that prevent it from being applied properly on target systems. Again, it seems to check for modified files on the system by the rootkit.
It will however not resolve the issue if it returns negative. This means that it can be used to find out if the update can be installed on the system properly, or if issues would arise.
Microsoft released a tool for system administrators and IT professionals that enables them to run an enterprise-wide compatibility assessment. Download of the tool is also provided on the fit it solution website.
Microsoft Security Essentials will detect and remove the rootkit responsible for the blue screens that appear after installing the patch on the operating system. Other security software may also detect the rootkit and remove it from the operating system.