Dreaded KB977165 Patch
in [Windows Viruses]
|
From: Geoff on 14 Feb 2010 18:34 On Sun, 14 Feb 2010 07:50:40 GMT, sfdavidkaye2(a)yahoo.com (David Kaye) wrote: >Now Microsof's gone and done it. They've put out a patch that now causes >computers to boot over and over, showing brief BSODs. It all began on >February 10 with patch KB977165. So far I have 2 customers and a housemate >who have been infected by this patch. Yet I have two of my own computers with >the patch and they're fine. > >Problem is that you can't boot into Safe Mode. You have to go in via a >Windows set up disk or something like BART-PE and uninstall the patch. I've >done this twice now. > >But the big problem is that my housemate has a netbook with no CD drive. I >created a bootable flash drive, stuck it in and the setup program loads fine, >but it cannot find the hard drive! Probably some weird configuration that >netbooks go through when starting up. > >So, I can't even fix my housemate's machine. I'm loathe to go out and buy a >USB CD just to fix his computer. > >Way to go Microsoft. You've made a patch that you didn't thoroughly test out >and spewed it across the world. You can obtain a USB to ATA or SATA adapter and remove the HD from the affected system and access the disk on another system. Back up the HD and/or remove the infected files and/or manually undo the patch. Another alternative might be a USB-connected CD to allow reinstallation of Windows. I am not sure what the restore options are on a netbook.
From: Leythos on 14 Feb 2010 18:41 In article <OTnN0qcrKHA.3344(a)TK2MSFTNGP06.phx.gbl>, pcbutts1(a)not.com says... > From: "pcbutts1" <pcbutts1(a)not.com> > References: <hl8a0f$8pi$1(a)news.eternal-september.org> <uwb3VyXrKHA.728(a)TK2MSFTNGP04.phx.gbl> <hl9k1c$l1q$4(a)news.eternal-september.org> <4b78704a$0$12035$88263eea(a)blocknews.net> <#22itgcrKHA.6004(a)TK2MSFTNGP04.phx.gbl> > In-Reply-To: <#22itgcrKHA.6004(a)TK2MSFTNGP04.phx.gbl> > Subject: Re: Dreaded KB977165 Patch > Date: Sun, 14 Feb 2010 15:09:05 -0800 > Lines: 27 > Organization: The David Lipman and Leythos Liars group > Message-ID: <OTnN0qcrKHA.3344(a)TK2MSFTNGP06.phx.gbl> Newsgroups: microsoft.public.security.virus NNTP-Posting-Host: adsl-75-38-73-206.dsl.bkfd14.sbcglobal.net 75.38.73.206 And there you are again, stalking myself and David..... -- You can't trust your best friends, your five senses, only the little voice inside you that most civilians don't even hear -- Listen to that. Trust yourself. spam999free(a)rrohio.com (remove 999 for proper email address)
From: "FromTheRafters" erratic on 14 Feb 2010 19:27 "pcbutts1" <pcbutts1(a)not.com> wrote in message news:OTnN0qcrKHA.3344(a)TK2MSFTNGP06.phx.gbl... > You did not look very hard. You are a MBAM supporter so it is obvious > to me you have never tried to use the MRT to remove TDSS. When you investigate the links represented in the list of malware families that MSRT removes, the write-up for this family does not mention the rootkit capability that the write-up of the "A" variant does.
From: David Kaye on 15 Feb 2010 04:38 "The Real Truth MVP" <trt(a)void.com> wrote: >The Malicious Removal Tool does detect and remove Win32/Alureon family, that >Peter Foldes troll does not check his facts before he posts. MS is not 100% >sure why the patch has caused crashing but a common finding is that Trojan. >They are still investigating. Give them some time there are many factors to >look at. My feeling is that given the hundreds of different kinds of motherboards, dozens of kinds of memory, video cards, audio cards, resulting in hundreds of thousands of combinations -- it's a wonder that Windows works at all.
From: David Kaye on 15 Feb 2010 04:44
Geoff <geoff(a)invalid.invalid> wrote: >You can obtain a USB to ATA or SATA adapter and remove the HD from the >affected system and access the disk on another system. Back up the HD >and/or remove the infected files and/or manually undo the patch. I always have spare shells for 2.5 and 3.5 inch drives. This was what I was going to do given that the Windows install program did not recognize the HD while in place. The next problem I ran into was that the Toshiba netbook has some weird kind of screw like a 6-sided Phillips screw. Neither I nor my housemate (who has a wide collection of tools) had anything that would fit those screws. I just gave up and told him to contact Toshiba. >Another alternative might be a USB-connected CD to allow >reinstallation of Windows. I am not sure what the restore options are >on a netbook. None if you can't access the HD. On one computer (not the netbook) I was able to access the OS in safe mode, but none of the registry rollbacks fixed it. Only uninstalling the patch using its own uninstall batch file did the trick. |