February’s Patch Tuesday was eventful to say the least. Many have noticed that Patch #977165 (Security Bulletin MS10-015) causes a blue screen on some systems (Stop Error: PAGE_FAULT_IN_NONPAGED_AREA). While the initial outrage was directed at Microsoft for a shoddy patch, eventually it was found that the Alureon Rootkit was the cause of the blue screen after KB977165 was installed.
But don’t worry! – the makers of the Alureon Rootkit have actually updated it and patched the flaw! Hurray!
For everyone else there are two options:
- Use a LiveCD to scan your hard drive for the rootkit and remove it. This will resolve the issue. Try Knoppix STD (http://www.knoppix-std.org/) or BartPE (http://www.nu2.nu/pebuilder/).
- Remove MS10-015 (977165) from your system.
How to remove Security Bulletin MS10-015 (977165) from your system
- Insert the Windows XP disc into the CDROM. You may need to adjust your BIOS settings to boot the CDROM first.
- When the “Welcome to Setup” screen appears, press “R.”
- Select the installation you wish to access (there should be only one option for most systems).
- Enter the administrator password when asked.
- Once at the Recovery Prompt, press ENTER after typing the following command: CHDIR $NtUninstallKB977165$\spuninst
- Press ENTER after typing the following: BATCH spuninst.txt
- Press ENTER after typing the following: systemroot
- Press ENTER after typing the following: exit
- Remove the Windows XP CD and restart.