BEWARE OF KB2859537 Update

[dr3w]

Details here: Microsoft KB2859537 Update Causes BSOD on Windows 7

Well, who already ran into that problem will not read it from affected PC anyway.

I was lucky due to my laziness (installing win updates manually, after maybe week of release), friend of mine called yesterday and asked for help. And he was not only one.

Nice job M$.

 

[the-unknown]

Not the first time that an MS Windows update has created major problems in various systems (I think the worst was a patch which killed the network connection. How you going to check online to know what to do when your system can't connect to anything now? Ops? lol)

I make it a point to wait at least a week before updating any OS patches from MS just to see what are the issues others are seeing first.

 

[Lighterthief]

thx for the headsup!

:bigthumbsup:

 

[the-unknown]

Oh, for further info - MS always releases updates on second Tuesday of each month.

This only changes if there is some critical update which must be updated ASAP or else your system will explode or something very bad will happen to it.

At least now you know when to look out for it, and prepare accordingly.

 

[Audrey Cheerful]

Nice job M$.

Ah, M$. That always gives me warm and fuzzy flashbacks of the nineties. Man, those were a blast!

 

[gtwy]

Details here: Microsoft KB2859537 Update Causes BSOD on Windows 7

Well, who already ran into that problem will not read it from affected PC anyway.

I was lucky due to my laziness (installing win updates manually, after maybe week of release), friend of mine called yesterday and asked for help. And he was not only one.

Nice job M$.

Solution to this problem: http://jameswatt.me/2013/08/18/micr...events-pc-from-booting-if-rootkit-is-present/

 

[Kerham]

oh.. great.. think I'll have a long night of PC screwing ahead

 

[Ciobyna]

Err, the question is why did you have a rootkit on your PC on the first place ?

I installed the update without any issues.

From the article above:

"KB2859537 corrected an exploit that a rootkit virus was using to hijack the computer. Because the exploit was fixed after installing the update, upon the next reboot, the rootkit is now blocked from functioning. This causes the entire computer to lock up and even BSOD in some cases. By removing the rootkit virus, I was able to install the security update without the computer locking up."


Ciobyna

 

[Andreso]

Err, the question is why did you have a rootkit on your PC on the first place ?

I installed the update without any issues.

From the article above:

"KB2859537 corrected an exploit that a rootkit virus was using to hijack the computer. Because the exploit was fixed after installing the update, upon the next reboot, the rootkit is now blocked from functioning. This causes the entire computer to lock up and even BSOD in some cases. By removing the rootkit virus, I was able to install the security update without the computer locking up."


Ciobyna

imagine your self that each antivirus program now will do the same? what is the point of using it if after repair its more demeged then befor? can you still call it reapair tool?

 

[Svarog]

Hmm, I have this update installed since 15.08, work and play on this machine all days long and haven't had any problems so far (Win 7 x64). Maybe it's not just the update causes bsod but a combination of many factors.

Hell, I haven't seen bsod for years, maybe a couple of times since installing this copy of Win 7 in 2009

 

[remontoire]

Details here: Microsoft KB2859537 Update Causes BSOD on Windows 7

Well, who already ran into that problem will not read it from affected PC anyway.

I was lucky due to my laziness (installing win updates manually, after maybe week of release), friend of mine called yesterday and asked for help. And he was not only one.

Nice job M$.

You do realize that if that update makes your PC not boot, it means your PC is rooted? Whil it is a bit trastic way, it at least makes sure the number of rootkit infected pc-s goes down.

 

[remontoire]

imagine your self that each antivirus program now will do the same? what is the point of using it if after repair its more demeged then befor? can you still call it reapair tool?

No. The situation after the repair is better, these rootkits cannot infect the computer again.

 

[Mac]

Hmm, I have this update installed since 15.08, work and play on this machine all days long and haven't had any problems so far (Win 7 x64). Maybe it's not just the update causes bsod but a combination of many factors.

Hell, I haven't seen bsod for years, maybe a couple of times since installing this copy of Win 7 in 2009

I have Win 7 64 also, I guess I'm just lucky. I get bsod regularly, like every couple of weeks or so, but haven't had the motivation to do anything about it, I just reboot and do something else for a while until its back online, kind of a forced break. It happened again last night, I'll have to look into this to see if its the problem. Fucking around with an old game PC is on the long list of things I don't want to do with my "free" time.

 

[f2x]

Hmm, I have this update installed since 15.08, work and play on this machine all days long and haven't had any problems so far (Win 7 x64). Maybe it's not just the update causes bsod but a combination of many factors.

Hell, I haven't seen bsod for years, maybe a couple of times since installing this copy of Win 7 in 2009

Same thing here , installed on 15.08 (Win 7 x64) , works like a clock

 

[dr3w]

Hmm, I have this update installed since 15.08, work and play on this machine all days long and haven't had any problems so far (Win 7 x64). Maybe it's not just the update causes bsod but a combination of many factors.

Hell, I haven't seen bsod for years, maybe a couple of times since installing this copy of Win 7 in 2009

Of course it doesn't affect everyone. But if you google that update - you will find many cases.

And by the way - it's mostly affects non-licensed, piwated™ copies of windows, so - it's actually not MS fault. They just didn't tested their updates on "cracked" windows versions. But - there also many cases when legal users was affected too.

You do realize that if that update makes your PC not boot, it means your PC is rooted? Whil it is a bit trastic way, it at least makes sure the number of rootkit infected pc-s goes down.

"no boot" - it's completely different case. But yeah, I get your point. It's like - less EU players - servers runs more smoothly, uh?

Better for EU?

 

[Tepes]

All this is a bad, bad joke.

You can follow this kind of actions for at least several years:

- MS makes an update on a compromised (aka public) exploit, rootkit comes into memory conflict with the update.

- MS gets lots of complaints.

- rootkit creators updates their rootkit via "phone-home" so does not conflict anymore with the update.

- MS can say they are not at fault; their update do not cause any trouble anymore, users doing the update later are happy.

- rootkit remains - read about MS10-015 and Alureon.

It is a bad joke playing with people money and personal information, but the same backdoors used by felons are used by some "services" as well, so they never will be solved completely just re-created.

 

[aia]

And by the way - it's mostly affects non-licensed, piwated™ copies of windows, so - it's actually not MS fault. They just didn't tested their updates on "cracked" windows versions.

Maybe it's not just "illegal" rootkits, but also those kind of programs used for copy protection and such. (Remember a couple of years back when a Music CD from Sony installed a rootkit hiding certain files?).

Another example is, I remember when the "no execute" flag on memory came into use. Pretty much, it sets memory as non-executable so viruses can't hijack the stack (for variables) to run programs in. There were 4 boot options for it: Disable, "Opt in" (enable for certain programs), "Opt out" (enabled except for certain programs) and Always enabled. The thing was that with the Opt Out flag, there was a hidden list of programs that were automatically opted-out, among these then (at the time) copy protection programs for CD games. I don't remebmer the name of it now, I Think it was related to macrovision Company somehow.

Another example of program that works like a rootkit is "deamon Tools" (creating virtual cd/dvid drives you can use to mount ISO files on) - but that kind of program of course is installed the normal way it doesn't need to break into the computer.

 

[Aeris_is_back]

Details here: Microsoft KB2859537 Update Causes BSOD on Windows 7

Well, who already ran into that problem will not read it from affected PC anyway.

I was lucky due to my laziness (installing win updates manually, after maybe week of release), friend of mine called yesterday and asked for help. And he was not only one.

Nice job M$.

Wish I seen this post some time ago. I just built a new ass kicking system and paid for windows for the first time in years so I was kinda happy to update. Much of the hardware is brand new to the market so when I started having problems I double checked drivers and bios version. ofc my bios was already out of date so I flashed it in the hope it was the source of my bsod problem. sadly the bsod did not go away but the bios update broke my raid0 "two intel 520 series 240gb, he he" array with no option to rebuild, that resulted in the third re installation of winblows. This morning just now I reinstalled for the forth time and though I would poke around on the forums. ill skip this update and hope its the cause of all my problems. Maybe I just wont fucking update at all, or better yet go back to not paying for damaged goods like shattered windows...

the one nice thing about this system is its back in the desktop with in seconds of a bsod lol, until everything was to corrupted to start.

 

[dr3w]

Maybe it's not just "illegal" rootkits, but also those kind of programs used for copy protection and such. (Remember a couple of years back when a Music CD from Sony installed a rootkit hiding certain files?).

Another example is, I remember when the "no execute" flag on memory came into use. Pretty much, it sets memory as non-executable so viruses can't hijack the stack (for variables) to run programs in. There were 4 boot options for it: Disable, "Opt in" (enable for certain programs), "Opt out" (enabled except for certain programs) and Always enabled. The thing was that with the Opt Out flag, there was a hidden list of programs that were automatically opted-out, among these then (at the time) copy protection programs for CD games. I don't remebmer the name of it now, I Think it was related to macrovision Company somehow.

Another example of program that works like a rootkit is "deamon Tools" (creating virtual cd/dvid drives you can use to mount ISO files on) - but that kind of program of course is installed the normal way it doesn't need to break into the computer.

Well, what I saw on PC of friend of mine was:

multiple errors 0xc0000005
and more interesting - IE can be started, but just for a few seconds - and then silently shutdowns. Pure "infection" behavior. But it was only IE.

One russian guy explained what happened:

The problem appears because in "cracked" OSes old version of ntoskrnl.exe used, which patcher renaming in xNtKrnl.exe and putting it in kernel field thru bcdedit. This is needed for driver emulating SLIC-table in OS. Old kernel version incompatible with new files Wow64 subsystem, and because of that, in 64bit system 32bit software stopping work.

 

[Ender409]

Sunday morning when I turned on my laptop it wouldn't boot windows, BSOD every time, wouldn't even boot in safe mode. Ended up going into the drive with Ubuntu to save some important files and wiped/reinstalled the whole thing. Not sure what a rootkit is, but if it's a virus of some kind I had Norton 360 on the computer, shouldn't that have caught it? It's a legal copy of windows btw.

 

[dr3w]

raid0 "two intel 520 series 240gb

Why do you using RAID0 instead of SSD? Even with non-stop video recording, massive overwriting - SSD will lasts more than a year, and speed simple kills RAID0?

 

[Acro]

All this is a bad, bad joke.

You can follow this kind of actions for at least several years:

- MS makes an update on a compromised (aka public) exploit, rootkit comes into memory conflict with the update.

- MS gets lots of complaints.

- rootkit creators updates their rootkit via "phone-home" so does not conflict anymore with the update.

- MS can say they are not at fault; their update do not cause any trouble anymore, users doing the update later are happy.

- rootkit remains - read about MS10-015 and Alureon.

It is a bad joke playing with people money and personal information, but the same backdoors used by felons are used by some "services" as well, so they never will be solved completely just re-created.

So business as usual?

Arrogantly Posted from Ubuntu 12.04

 

[dr3w]

So business as usual?

Arrogantly Posted from Ubuntu 12.04

I think, it's usual fuckup than business. Well, it doesn't means that fuckups can't be profitable tho. (smile.jpg)

 

[Aeris_is_back]

Why do you using RAID0 instead of SSD? Even with non-stop video recording, massive overwriting - SSD will lasts more than a year, and speed simple kills RAID0?

raid 0 "striped" will nearly double the transfer speed, my time to load windows is 6 ish seconds. once the new memory gets here all 32 gigs of it ill be making a 25ish gig ram dics and will want that speed to help speed up the long start up times that come from a massive ram disc. intell 520 series ssd's come with a 5 year warranty I have 5 years kill them and get new ones. in any case I upgrade systems in much less time then once every 5 years.

so I'm writing to two ssd's when I could just write to one. who cares when things are this fast! I paid for two ssd's what most people spend on a computer. more then six hundred dollars including tax.