Microsoft says rootkit caused Windows blue screens

Users may have to reinstall Windows to eradicate the malware

1 2 Page 2
Page 2 of 2

Reavey acknowledged that Microsoft's patch quality control did not catch the conflict because it's difficult to create malware interaction tests. "These types of infections often leave the machine in such an unstable state that it cannot be reliably tested," said Reavey. He also confirmed that all 32-bit versions of Windows were susceptible to Alureon-caused crashes, including Windows 7, even though the bulk of complaints came from users running Windows XP.

That shouldn't be a surprise: XP is the dominant operating system worldwide.

Although several security firms have published instructions and tools for users trapped with a BSOD, Microsoft hasn't issued any advice for those already affected. Reavey's recommendation was brutal: "If customers cannot confirm removal of the Alureon rootkit using their chosen anti-virus/anti-malware software, the most secure recommendation is for the owner of the system to back up important files and completely restore the system from a cleanly formatted disk," he said.

He did not explain how users were to regain control of their non-booting PCs, however.

Kaspersky Lab offers a less extreme workaround: a free utility that seeks out and destroys the rootkit (download .zip file for Windows PCs). Symantec, meanwhile, has urged users to replace rootkit-infected drivers with clean copies.

Microsoft will provide a way for users to detect and remove the Alureon rootkit from infected PCs, but Reavey said it would be "a few weeks" before it is ready. In the past, Microsoft has used its Malicious Software Removal Tool (MSRT), a free program updated each Patch Tuesday, to seek out and destroy rootkits. The next scheduled refresh of the MSRT is March 9, nearly three weeks away.

Because the rootkit only infects machines running 32-bit Windows, Microsoft has lifted the Automatic Updates embargo on MS10-015 for 64-bit systems.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer or subscribe to Gregg's RSS feed . His e-mail address is

Copyright © 2010 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
Shop Tech Products at Amazon