Lots of info emerging that this issue that it might be 'rooted' PC's that are affected.
MS10-015 may cause Windows XP to blue screen
Patrick Barnes is right on the money. The virus potentially causing these issues is a rootkit called TDSS. It hides its files from detection by infecting ATAPI.SYS, which controls commands written to/from your hard drive. It's the perfect place for a rootkit to hide.
I work for a major PC repair outfit and I've run across this increasingly. For every computer we perform a virus removal on, we run Kaspersky, McAfee, Trend Micro, Panda, Webroot, and Spyware Doctor, all run from a bootable PE disc. Even with all that, NONE OF THEM DETECT THE INFECTED ATAPI.SYS. Trend Micro's rootkit buster fails to detect it as well.
The only tool I've seen that manages to detect it is a dedicated TDSS removal tool from http://www.esagelab.com/. Unfortunately, that does little good if you're already experiencing BSODs.
We've patched over 500 boxes here without issue so far.
Last edited by cookie_monster; 12th February 2010 at 01:32 PM.
There are currently 1 users browsing this thread. (0 members and 1 guests)