BlueScreenofDeath 02/11/10: (caused by a bad mix of malware and windows patches against the kernel) (This page as of 02/25/10) 1. Boot from your Windows XP CD or DVD and start the recovery console and issue R. When you finally get to C:\Windows then... 2. Type: cd $NtUninstallKB977165$\spuninst 3. Type: BATCH spuninst.txt 4. Type: systemroot (returns the cursor to C:\Windows) 5. The following is the list of patches to be removed: * KB977165 - Windows kernel << DO THIS ONE FIRST! It may be tangled with malware in the computer. * KB971468 - Vulnerabilities in SMB Server * KB975560 - security update for Quartz * KB975713 - Vulnerability in Windows Shell Handler * KB977914 - security update for AVI filter * KB978037 - Vulnerability in Windows Client/Server Run-time Subsystem * KB978251 - Vulnerabilities in SMB client * KB978262 - Cumulative Security Update of ActiveX Kill Bits * KB978706 - MS paint 6. When complete, type this command: exit (to reboot) Your computer should restart and everything should be back to normal. There may be a rootkit at C:\Windows\System32\Drivers\atapi.sys (should be 94512 bytes) Could be a false positive/negative with AV companies and Malwarebytes' Anti-Malware atapi.sys fix: 1. Boot from your Windows XP CD or DVD and start the recovery console and issue R. When you finally get to C:\Windows then... 2. Identify your CD drive letter Type: map Look for the drive letter for your CD drive. It may look something like this: D: \Device\CdRom0 3. Replace ATAPI.SYS Type the following: cd system32\drivers ren atapi.sys atapi.old expand D:\i386\atapi.sy_ You should see the message “1 file(s) expanded.” – this indicates you have succeeded. 4. Reboot and scan for malware Reboot your computer. With a little luck, your computer will now boot normally. Because this problem is caused by malware, you should immediately scan your computer with up-to-date antivirus software. Further Notes: Common files that may be infected with a rootkit include: (use sha1sum ) atapi.sys ..\System32\drivers SHA1 value: a719156e8ad67456556a02c34e762944234e7a44 iaStor.sys not found in my Windows XP Home computer iastorv.sys not found in my Windows XP Home computer IdeChnDr.sys not found in my Windows XP Home computer nvata.sys not found in my Windows XP Home computer nvatabus.sys not found in my Windows XP Home computer nvgts.sys not found in my Windows XP Home computer nvstor.sys not found in my Windows XP Home computer nvstor32.sys not found in my Windows XP Home computer SiSRaid.sys not found in my Windows XP Home computer