Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

Reg in VA

3 Posts

2355

February 20th, 2010 19:00

One Solution to Feb 10, 2010 Windows Updates causing BSOD, STOP on booting Windows XP

After the latest Windows Updates on Feb 10, 2010 around mid-day, my Dell XPS 140 laptop running Win XP SP3 failed to boot in any mode.

I followed the online forums until about mid-day on Feb 11, 2010 and discovered a possible path to the solution. I located my Dell operating system disc which allowed me to boot into recovery console mode at the C:\Windows prompt.

see http://support.microsoft.com/kb/314058 on how to access/install recovery console.

I uninstalled the KB977165 update under recovery console via the following:

At the system prompt>  c:\windows>

         Type this command: CD $NtUnInstallKB977165$\spuninst

At the system prompt> c:\windows\$NtUninstallKB977165$\spuninst>

         Type this command: batch spuninst.txt

    When this completes:

         Type this command: exit

System should now boot into Windows normally or you may be prompted, if so, select Start Windows Normally

Then I ran Malwarebytes and Mcafee scans, no issues found. I wasn't satisfied, I wanted to find out where the real problem lie.

After more research this weekend (Feb 20, 2010), I ran across discussions concerning a nasty rootkit named TDSS affecting the atapi.sys file, I located the atapi.sys file c:\windows\system32\drivers\atapi.sys, displayed its properties and the version tab was missing, everything else about the file seemed normal, dates, number of bytes, etc.

I uploaded the file to www.virustotal.com, analysis results: six virus checking programs reported a problem with this file.

I found Kaspersky's TDSSKiller at http://support.kaspersky.com/viruses/solutions?qid=208280684. Downloaded it, extracted it, ran it. It found an infection in the atapi.sys file, removed it and restored the file to its correct state. I then rebooted back into Windows again. Everything fine.

Next, I re-installed the KB977165 update from Windows Updates (I restored the update, which I had turned off so it wouldn't keep bothering me to re-install it).

Rebooted my computer, Windows XP is now back up and running with the KB977165 installed. Turned out to be a malware rootkit issue. I'm now a happy camper.

I lost way too much time in my business troubleshooting this problem. However, I have changed my automatic updates to only notify me when updates are available. I'll wait until the masses bless future installs before installing another update.

Reg in VA

 

 

hrova

2 Intern

 • 

2.2K Posts

February 25th, 2010 22:00

Thanks for the detailed post. I had an issue with one blue screen upon restart after installing kb977165... Uploaded the file (atapi.sys) to virscan.org (similar to what you uploaded your to) and all the checkers said the file was clean. For good measure, I also ran tdsskiller... It found nothing wrong...

Since all was working fine, I decided to ignore the one blue screen... But... even though installed, kb977165 kept on trying to reinstall. I found directions about replacing a corrupt catroot2 file, which I did. The problem appears solved, as it does not try to reinstall anymore, and there have been no more blue screens.

So, while your post did not directly solve my problem, it did help me in my troubleshooting woth some good things to check.

Also, I want to note how I appreciate the fact that you were unstoppable in getting to the bottom of the issue. It seems a lot of people are just uninstalling the update and not looking for the accompanying malware that MS says is causing the blue screen problem with the update.....

Good job.

Was this post helpful?

View All

No Events found!

Top