Microsoft readies new rootkit detection tool in light of Windows XP patching problems

Microsoft is working on a new tool for tecting and removing the Alureon rootkit from Windows' users systems after the company found that Alureon seems to be behind blue-screen problems experienced by some XP users who applied a recent Microsoft security fix.
Written by Mary Jo Foley, Senior Contributing Editor

A week ago, Microsoft officials said they were removing one of the company's Windows patches from the Windows Update pipeline because of reports of blue-screening by some XP users after applying that patch.

On February 17, via the Microsoft Security Response Center (MSRC) blog, the Softies shared the fruits of their investigations of this issue. My ZDNet blogging colleague Ed Bott had predicted, the blue screening was a result of malware already on users' XP machines. And that seems to be the case, Microsoft officials said -- specifically the Alureon rootkit.

According to the new blog post by MSRC Director Mike Reavey, Microsoft is "working on a simpler solution to detect and remove Alureon from affected systems which should be released in a few weeks." (Other third-party security firms are doing the same, Reavey said.)

There's no update in the new post as to when Microsoft will recommence distributing MS10-015 via automatic update (I'd think if and when that happens, it will be after Microsoft releases the Alureon rootkit-detection fix.)

Microsoft pulled MS10-015 (KB977165) from WIndows Update in early February after reports by users, including some XP users claiming blue-screen-of-death (BSOD) issues seemingly resulting from application of the that patch.

Users still having issues they believe may be the result of MS10-015 can obtain free support from Microsoft by going to https://consumersecuritysupport.microsoft.com or by calling 1-866-PCSafety (1-866-727-2338). International customers can find local support contact numbers here: http://support.microsoft.com/common/international.aspx.

Editorial standards