Microsoft Releases Blue Screen Rootkit Detection Tool

Martin Brinkmann
Mar 2, 2010
Updated • Jul 29, 2016

Last month's Microsoft security updates have caused some controversy over a single patch in the pack that was first thought to cause blue screens on some computer systems.

It later turned out that the patch was only indirectly responsible for the blue screen; a rootkit that had altered some files of the operating system was causing it after all.

Some computers may not be compatible with security update 977165. This issue usually occurs when a computer is infected with a virus that changes certain Microsoft operating system files. In these cases, after you install the security update 977165, the computer may restart repeatedly.

The solution back then was to clean the computer system first by running up to date rootkit detection software before installing the security patch.

Two updates have been released by Microsoft which are both useful to users affected by the issue, and users who have not experienced it but have not installed the security update yet.

blue screen rootkit

The patch has been redesigned by Microsoft to block the patching if "abnormal" conditions exist which in this case means altered files on the computer caused by the rootkit.

If these conditions are detected, the update will not be installed and the result will be a standard Windows Update error.

Microsoft has furthermore released a fix it script that can be used to determine if a computer system is compatible with the security update that is described in the security bulletin MS10-15.

The fix it solution can be downloaded here. It is recommended to run it first before trying to install the security patch. The Fix It solution will only report if the patch can be installed without difficulty by checking for issues that prevent it from being applied properly on target systems. Again, it seems to check for modified files on the system by the rootkit.

It will however not resolve the issue if it returns negative. This means that it can be used to find out if the update can be installed on the system properly, or if issues would arise.

Microsoft released a tool for system administrators and IT professionals that enables them to run an enterprise-wide compatibility assessment. Download of the tool is also provided on the fit it solution website.

Microsoft Security Essentials will detect and remove the rootkit responsible for the blue screens that appear after installing the patch on the operating system. Other security software may also detect the rootkit and remove it from the operating system.

Microsoft Releases Blue Screen Rootkit Detection Tool
Article Name
Microsoft Releases Blue Screen Rootkit Detection Tool
Microsoft released a so-called Fix It program for Windows that determines whether security patch 977165 can be installed on the system.
Ghacks Technology News

Previous Post: «
Next Post: «


Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.