Posted by & filed under Security, Windows / Server.

February’s Patch Tuesday was eventful to say the least. Many have noticed that Patch #977165 (Security Bulletin MS10-015) causes a blue screen on some systems (Stop Error: PAGE_FAULT_IN_NONPAGED_AREA). While the initial outrage was directed at Microsoft for a shoddy patch, eventually it was found that the Alureon Rootkit was the cause of the blue screen after KB977165 was installed.

But don’t worry! – the makers of the Alureon Rootkit have actually updated it and patched the flaw! Hurray!

For everyone else there are two options:

  1. Use a LiveCD to scan your hard drive for the rootkit and remove it. This will resolve the issue. Try Knoppix STD (http://www.knoppix-std.org/) or BartPE (http://www.nu2.nu/pebuilder/).
  2. Remove MS10-015 (977165) from your system.

How to remove Security Bulletin MS10-015 (977165) from your system

  1. Insert the Windows XP disc into the CDROM. You may need to adjust your BIOS settings to boot the CDROM first.
  2. When the “Welcome to Setup” screen appears, press “R.”
  3. Select the installation you wish to access (there should be only one option for most systems).
  4. Enter the administrator password when asked.
  5. Once at the Recovery Prompt, press ENTER after typing the following command: CHDIR $NtUninstallKB977165$\spuninst
  6. Press ENTER after typing the following:  BATCH spuninst.txt
  7. Press ENTER after typing the following:  systemroot
  8. Press ENTER after typing the following:  exit
  9. Remove the Windows XP CD and restart.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>