Windows Patch Leaves Many XP Users With Blue Screens

CWmike writes "Tuesday's security updates from Microsoft have crippled Windows XP PCs with the notorious Blue Screen of Death, users have reported on the company's support forum. Complaints began early yesterday, and gained momentum throughout the day. 'I updated 11 Windows XP updates today and restarted my PC like it asked me to,' said a user identified as 'tansenroy' who kicked off a growing support thread: 'From then on, Windows cannot restart again! It is stopping at the blue screen with the following message: 'A problem has been detected and Windows has been shutdown to prevent damage to your computer.' Others joined in with similar reports. Several users posted solutions, but the one laid out by 'maxyimus' was marked by a Microsoft support engineer as the way out of the perpetual blue screens."

ha ha suckers!!!

[gandhi_2]

first po

Stop OxOOOOOOFC (OxB5FD7D64, Ox76F3E963, OxB5FD7CDC, OxOOOOOOO1)

A problem has been detected and windows has been shut down to prevent damage to your computer.

Re:

[Anonymous Coward]

Oh God. WHY did you use the letter instead of the number? *shudder*

Re:ha ha suckers!!!

[Anonymous Coward]

Please don't joke about this. I have been affected, and at the worst possible time, too. I have to submit my PhD dissertation tomorrow, and I don't know what the fuck I'm supposed to do now.

I can't boot up, and I have one of those HP computers that has everything built into the screen, so I can't even take the hard drive out.

I CAN'T GET MY FUCKING PHD DISSERTATION. I AM SO FUCKED.

Re:ha ha suckers!!!

[biryokumaru]

It's not like the hard drive is bad. Just use knoppix or something. You're pretty dumb for someone getting a PhD. Maybe this is just the gods way of sending you a message.

Re:ha ha suckers!!!

[Anonymous Coward]

What I don't get is why people don't bother backing up important things like that.

One copy... on a floppy!

[KingSkippus]

When I was in college, a friend of mine who lived down the hall from me came to my door one day frantically knocking. She had stored the only copy of her PhD dissertation on a floppy disk, and the disk had gotten corrupted, and she didn't know what to do.

I poked around on it for a little while, trying out a disk sector editor I had to see if I could recover anything, and I couldn't. It was just lost, period.

She ended up going dumpster-diving. She had thrown away a printed hard copy the day before, and they hadn't taken the trash away yet. She was literally in the trash dumpster, sifting through two apartment buildings' worth of trash to find it, and spent that entire night retyping it from scratch.

I felt sorry for her, and I remember thinking, "Well, I guess that's one way to learn a lesson that you'll never forget..." I was also really glad that I wasn't her significant other, because you know who would have been sifting through that dumpster.

Re:One copy... on a floppy!

[steelfood]

Ph.D. on a floppy? Should we get off your lawn?

Re:One copy... on a floppy!

[CecilPL]

I guess she should have copied that floppy. That's what you get for listening to M.E. Hart.

Re:

[PCM2]

You should try Live Mesh. [mesh.com]

Not a troll! I am serious -- I use it all the time. I use it to sync files between several computers AND Microsoft's servers, so I have a backup of anything important "in the cloud," accessible by Web browser if I ever need it.

Re:ha ha suckers!!!

[socceroos]

I've been doing that with dropbox [dropbox.com] on my ubuntu box

I've been doing that with ubuntuone [ubuntuone.com] on my ubuntu box.

Re:

[SharpFang]

Dropbox works on Linux.
Ubuntuone doesn't work on Windows.

No cross-platform support = showstopper.

Re:ha ha suckers!!!

[paganizer]

I've been doing that with "XCOPY" on my dos 6.21 box.

Re:

[paganizer]

Whoa.
I just did a little research on this; KB977165, the apparent cause of this, is the "fix" for the recently reported "17 year old vulnerability", which (as far as I can tell) was nothing of the sort, but the NTVDM (MSA979682).
The NTVDM is a "feature", not a bug; any exploit of it is something that was by design allowed to happen; Microsoft "patching it" is a Scary Thing.
That we are seeing blue-screens from this is not surprising. it IS surprising that they are trying to play this off as a XP-only problem

Re:ha ha suckers!!!

[david_thornley]

AC didn't say what his or her major was. I'd expect different computer competencies from a Computer Science major and a French Literature major. Or, given that AC is on Slashdot, perhaps an Anthropology major.

Re:ha ha suckers!!!

[westyx]

Of course not. Same folder, different name.

Re:ha ha suckers!!!

[harrkev]

Agreed.

As long as you haven't turned on file encryption (only an option with XP Pro), you can easily recover everything. Do this:

1) Go to a friend's computer. Download and burn a copy of your favorite linux distro (I use Ubuntu).

2) Live-boot from the CD.

3) Mount the hard drive.

4) Insert your favorite USB storage device (make sure it is large enough).

5) Copy ALL important files to the USB drive (probably safest to copy your entire user directory, if your USB drive is big enough.

6) When done, re-format your hard drive and re-install XP.

7) Update your system completely.

8) Re-install all applications you need (office, etc.)

9) Copy your important files off of the USB drive.

Really, it is time-consuming, but I have had to do this exact same process for friends a bunch of times.

As far as the PhD goes, go up to step 5, and then use the friend's computer to print everything. Do steps 6-8 some other day.

Re:

[NatasRevol]

Windows is cheap if your time is worth nothing!

Depending on your install disc, amount of files & apps to install, this could take up to a whole day!

Re:ha ha suckers!!!

[DJRumpy]

Well that and the fact that the fix is a bit easier that formatting and reinstalling. From TFA:
I had the same problem. Since I didn't have time to identify which one of today's updates caused the problem, I removed them all and now my computer is back to normal.

Follow these steps:

1. Boot from your Windows XP CD or DVD and start the recovery console (see this Microsoft article for help with this step)

Once you are in the Repair Screen..

2. Type this command: CHDIR $NtUninstallKB978262$\spuninst

3. Type this command: BATCH spuninst.txt

4. Type this command: systemroot

5. Repeat steps 2 - 4 for each of the following updates provided by FindMeFollowMe:

        * KB978262
        * KB971468
        * KB978037
        * KB975713
        * KB978251
        * KB978706
        * KB977165
        * KB975560
        * KB977914

6. When complete, type this command: exit

Your computer should restart and everything should be back to normal.

Re:ha ha suckers!!!

[BabyDuckHat]

That's almost as user friendly as Linux right there.

Re:ha ha suckers!!!

[kimvette]

I know you meant it as a joke, but single user mode (and "recovery console" equivalents on install disks) are far more capable than Windows' recovery console.

Re:

[keeboo]

Hmm... I'll stay using Linux.
It seems that Windows is not much user-friendly yet.

It looks like an interesting OS, perhaps in 1 or 2 years I'll try Windows again.

Re:ha ha suckers!!!

[Sanat]

Actually it is * KB977165 only that needs to be un-installed.

 

Re:ha ha suckers!!!

[Anonymous Coward]

My grandma is going to do this? Clearly, Windows is not ready for the desktop.

Re:

[snuf23]

In Windows XP the user folder is usually located in C:\Documents and Settings\username.
In Vista and Win 7 it is usually C:\Users\username.

Files specific to that user's accounts are stored under those directories such as Desktop, Documents etc.

Re:

[Z34107]

A handy guide:

/export/home => c:\users on Vista or c:\documents and settings on XP.

/usr => c:\program files

/dev => Roughly equivalent to \\.\PhysicalDriveN [microsoft.com] or \Device\blargh

/etc => VERY roughly equivalent to c:\windows\system32

Re:

[drsmithy]

You lost me here.....windows has the equivalent of /home directories??

Yes.

I don't use windows that much [...]

Clearly, since it's something that appeared in Windows around 12-13 years ago.

Re:

[vtcodger]

***Install Ubuntu and live problem free***

Ah come on. The 9.04 Ubuntu upgrade about four months ago -- Krackpot Kingfisher or some such -- did pretty much the same damn thing to a number of people. And some of the problems weren't especially easy to fix. (You ever tried booting a Linux PC with an empty menu.lst file and no kernel? Not as easy as you probably think) The major differences would be that Ubuntu users didn't pay money for the privilege of having their PC bricked. And that repairing a Unix

Re:ha ha suckers!!!

[interkin3tic]

You're pretty dumb for someone getting a PhD

I'm not sure if I should laugh at how wrong this is, or cry because of how wrong this is.

Re:

[trytoguess]

Intelligence, even extreme intelligence in something doesn't imply aptitude in all common things. I mean, what you think every person on slashdot is a well adjusted social individual?

Re:ha ha suckers!!!

[icannotthinkofaname]

You're pretty dumb for someone getting a PhD.

Because "getting a PhD" == "being an expert in everything"

Except for the part where it doesn't. It's more like "being an impressive expert in one field"

Did you even bother to figure out what the AC's degree is in? How do you the AC should know how to deal with something like that happening?

Re:

[sillybilly]

PhD stands for philosophiae doctor - teacher of philosophy.

The following assumes there is a limited, finite mental capacity for humans:

"Philosophers are people who know less and less about more and more, until they know nothing about everything. Scientists are people who know more and more about less and less, until they know everything about nothing." (quote from somebody smart)

Therefore PhD in science is an oxymoron. Actually, no it's not. You can both know everything about nothing, and nothing ab

Re:ha ha suckers!!!

[Pentium100]

Microsoft Windows is not a new product. If you don't know that it can't be counted on to work like a normal computer, that doesn't just mean you're not technical. It means you have been living under a rock for 20 years.

Strange, under my rock, Windows XP/2003 work well, I rarely have to restart my computers and when I do it is usually because of a hardware problem, long power outage (long enough to discharge UPS batteries) or because I am installing some software that needs a reboot. I get bluescreens very rarely.

for example:

Current System Uptime: 28 day(s), 3 hour(s), 27 minute(s), 48 second(s)
 
Since 2009.03.27:
 
          System Availability: 99.9270%
                  Total Uptime: 321d 11h:16m:42s
                Total Downtime: 0d 5h:38m:22s
                Total Reboots: 11
    Mean Time Between Reboots: 29.25 days
            Total Bluescreens: 0

Those 5 hours? Most of them were spent when I added more RAM, but had either a bad module or a bad slot, so I took that long to finally give up and disable 4 modules from BIOS, leaving 3GB (instead of 5GB what I wanted and 1GB of what was before). That was ~28 days ago. Then there were a few power outages and this PC was connected to a smaller UPS. IIRC only one of those 11 reboots was because the PC froze for some reason.

OS: 2003

Re:ha ha suckers!!!

[keeboo]

Microsoft Windows is not a new product. If you don't know that it can't be counted on to work like a normal computer, that doesn't just mean you're not technical. It means you have been living under a rock for 20 years.

Strange, under my rock, Windows XP/2003 work well, I rarely have to restart my computers and when I do it is usually because of a hardware problem, long power outage (long enough to discharge UPS batteries) or because I am installing some software that needs a reboot.

C'mon, don't be like that. You're ruining the moment.

Be a nice guy and let we Linux/BSD/etc users laugh at the cost of your OS, okay?

Re:

[westyvw]

As a linux user, the reboot because you installed something is sure strange.....
I usually measure the uptime in months or years, but whatever works for you....

Re:

[Pentium100]

No, you read it wrong.

The current uptime was 28 days.

The total up/downtime was used to calculate availability, which was ~99.92%. So, during that time(2009 03 27 - 2010 02 12), the computer was working 321 days (not continuously) and not working 5 hours (also not continuously) with a total of 11 reboots during that time which means average 29 days between reboots (even though most of those reboots were used all one after the other when fixing a hardware problem).

I think this is pretty stable. As I said, onl

Re:ha ha suckers!!!

[Beardo the Bearded]

First, take a deep breath. The most important rule is "Don't Panic".

Next, you download a Linux distro with a LiveCD. Ubuntu's a little bloaty, but it's got a lot of drivers right out of the box. If you've got internet access, you should be able to do that. If not, then you'll have to contact a friend with access or do it from the lab. Grab a beer while you wait -- it'll be a while.

Burn the liveCD and boot with that. You might have to edit your BIOS settings to boot from CD first. Choose the "try Ubuntu without making any changes to your computer" option. Once it boots up, you'll be able to access your hard drive, and most importantly, your dissertation. Print the fucking thing, email it to your gmail account, and while you're at it, email what you've got to your professor. Let him know that you're "having computer problems, so I'm sending what I could recover in the meantime." Remember that computers fail all the time so you have to keep copies of important papers on physically separate systems.

You're apparently a smart enough guy to get a PhD, so you should be able to figure out how to navigate Ubuntu. It's basically the same as Windown, but with the bar on the top instead of the bottom. My daughter's six and she can use Puppy Linux.

Actually, you could probably use Puppy. The whole OS is only 150MB, so it'll download in a much shorter time than Ubuntu. It's not quite as polished, but I've had good luck with it.

Re:

[alvieboy]

"The most important rule is "Don't Panic"."

The second one: "Install Linux"

(Douglas would be proud of this one).

Re:

[Jaruzel]

No he wouldn't. Douglas was a Mac fan.

-Jar

Re:

[ignavus]

Why not use a Windows live CD like Bart PE rather than Linux. It's easier for the people who've only ever used Windows and the NTFS drivers come from Microsoft.

Given that Microsoft were the ones to issue the problematic update in the first place, I don't think saying the NTFS drivers in a Windows live CD come from Microsoft is really any sort of recommendation.

Except maybe to scream.

Re:

[Chris Mattern]

it would be very like Gnome to make this difficult or impossible,

In fact, in Gnome, it works just like Windows: grab the bar (actually, Gnome calls it a "panel") and drag it to the screen edge you want it at. You can also have more than one of them, if you want; by default Gnome gives you two, on the top and bottom, but the right click menu on a panel gives you the options to add more panels or to delete the one you're right-clicking. Two works nicely since you can do more with a Gnome panel than a Windo

Re:

[S.O.B.]

Don't bother with a live CD like one of the other posters recommended. Try the System Rescue CD [sysresccd.org]. It's a lot faster to download and has all the tools you'll need to get your dissertation off your computer.

Re:

[pz]

Assuming this isn't a troll --

1. Sit. Down. Breathe.

2. Go to the store and fill a shopping bag full of fatty snax, Doritos, Pringles, Kit-Kat bars, Coke, Red Bull, etc.

3. Bring your computer and the bag to the university IT department and beg for help. Let them know that you don't care about the computer (because compared to N years of effort, one computer is nothing), just the contents of the hard drive.

4. While the IT department is working on your computer, go to your departmental administrative office

Re:

[1s44c]

I CAN'T GET MY FUCKING PHD DISSERTATION. I AM SO FUCKED.

You can still get your data off but it might not be easy. Your local PC shop should be able to do it.

People like me have been telling people like you not to trust windows for -DECADES-. You thought we were ignorant bigots and ignored us. Now you are suffering from the very problems we warned you about countless times. I don't mean to sound uncaring but you brought this on yourself.

Re:ha ha suckers!!!

[element-o.p.]

I'm sure there's a joke in there regarding LaTeX and safe computing somewhere...

Re:ha ha suckers!!!

[Anonymous Coward]

first po
Stop OxOOOOOOFC (OxB5FD7D64, Ox76F3E963, OxB5FD7CDC, OxOOOOOOO1)

A problem has been detected and windows has been shut down to prevent damage to your computer.

Look, if he was bluescreening he wouldn't bother to type "0x0000FFFF" He'd just say it.

"Oooooooo FFFFFFFF..."

Did you see the solution?

[Cryacin]

All I keep hearing in my head is:
They put the update in, you take the update out!
They put the update in, shake your laptop all about!
"You do the hokey pokey and you uninstall the patch! That's what it's all about!"

"ooooh... the windows bluescreen."
"ooooh... the windows bluescreen."
"ooooh... the windows bluescreen."
"That's what it's all about!"

Saw this last month

[Anonymous Coward]

I saw and fixed a similar issue in January. A particular KB had patched a .dll that was in fact rootkit infected, breaking the reference to some function call. Windows BSOD'd, claiming the whole partition was unmountable. Rolled back the KB in Recovery Console, sanitized the OS, and reapplied the KB. Problem solved.

Re:Saw this last month

[Dorkmunder]

From the comments over a DShield on this topic http://isc.sans.org/diary.html?storyid=8209 [sans.org] it looks like this might be the case again

Re:

[fuzzyfuzzyfungus]

Does the Windows update process, in fact, just naively apply patches to files that have the correct name and path, without verifying hashes or signatures, thus running a very high risk of breaking hard any file that had been slightly modified?

Or was this some subtler and more complex situation, where the modified file itself was fine; but some tampered-with component was depending on the precise behavior of the modified file?

Re:

[e2d2]

But why would that be a problem for them? The files they are updating are in their charge so no one else should be updating them. Do you mean a conflict with their own previous releases?

That being said signatures are a feature of security updates and any other software released by MS; They always sign their releases. Not sure about hash checking.

Re:

[Johnno74]

Does the Windows update process, in fact, just naively apply patches to files that have the correct name and path, without verifying hashes or signatures, thus running a very high risk of breaking hard any file that had been slightly modified?

Or was this some subtler and more complex situation, where the modified file itself was fine; but some tampered-with component was depending on the precise behavior of the modified file?

Sounds like that is exactly what this is. The file being patched isn't infected, but the rootkit has some dependancy on the exact layout of this file, and when the file is updated by the patch the rootkit (accidently) causes a bluescreen. Possibly the rootkit tries to patch the in-memory image of this file, which messes things up.

What I find really frightening about this situation is how widespread the rootkit that is causing this problem is. Most people have no idea they were infected. (and still do, t

Note to self: clone hard disk before rebooting . .

[PolygamousRanchKid]

. . . my Windows XP updates get pushed, pulled or shoved down my throat . . . this sounds like an excellent reason to clone my hard disk before rebooting, and logging on to my company's network . . .

Re:Note to self: clone hard disk before rebooting

[Onymous Coward]

Good idea. I have my updates set to ask to download and ask to install. On download I'm reminded I need a backup, so I shut down the system without installing the updates, do the backup, boot to install, reboot, cross fingers.

Is anyone doing rsync backups (ooh, maybe even snapshots) of XP? Can rsync handle all the fs info needed to get a good backup? Right now I am indeed imaging the whole drive.

Re:

[denobug]

Running a patch server so I can personally release patches as I please.

Liars!

[interkin3tic]

You know how I know they are lying? They are posting complaints online. We designed this patch -specifically- to stop online complaints about updates. They clearly haven't actually updated.

-Bill Gates

What?

[dangitman]

'I updated 11 Windows XP updates today...

You updated your updates? You're doing it wrong.

Re:What?

[Arthur Grumbine]

To be fair, his computer had just been pimped by Xzibit...

Need confirmation

[dave562]

An MVP poster in the thread claims that KB977165 causes the problem, and that the problem only occurs on computers that have been compromised by exploit code. The patch in question patches the NT kernel executable files.

If it is true that only compromised computers blue screen then it's hard to fault Microsoft for their patch code choking when it stumbles across the exploit code.

I wonder if they are going to push out an updated patch that at least performs some sort of sanity checking before attempting to modify the files. I doubt it. They'll just pass the buck and tell users that their computers were already hosed and that the BSOD is a "feature" and that they should have re-installed the OS anyway (because we all know that once your Windows box is pwnt, the only way to deal with it is full format and re-install).

Re:Need confirmation

[Hatta]

If it is true that only compromised computers blue screen then it's hard to fault Microsoft for their patch code choking when it stumbles across the exploit code.

It's pretty easy to fault them for not taking a checksum before they patch to ensure that the file isn't modified. If it is, warn the user.

Re:Need confirmation

[jedidiah]

I was thinking that perhaps mebbe they should have a backup copy of that pre-patched kernel somewhere and give you the option to boot from it as a failsafe.

Re:

[Erikderzweite]

Good idea, besides, it's not like such thing hasn't been done by others before.

Re:Need confirmation

[bertok]

If it is true that only compromised computers blue screen then it's hard to fault Microsoft for their patch code choking when it stumbles across the exploit code.

It's pretty easy to fault them for not taking a checksum before they patch to ensure that the file isn't modified. If it is, warn the user.

Microsoft patches are file-level, not delta-patches. They always overwrite complete files, and never try to modify files in-place.

That's why their patches are so huge, if there's a systematic error in many related files, then they all need to be replaced in their entirety.

It's a waste of bandwidth, but it's much more reliable.

I suspect what happened here is that Microsoft replaced one of two related files, but the other file was modified by the root-kit, and the mixed versions don't work together any more.

Re:

[Rockoon]

This doesnt make sense.

Even if the file was modified, over-writing it with a valid one will not cause a problem under normal operation.

When the file is over-written, those modifications that you are thinking of are gone. The modifications can't come back from the grave as ghosts and cause a problem.

The only way there can be a problem is if 'something else' is making an assumption about that file incorrectly, and that does not mean that the assumption is that the file has been modified. More likely the

Re:

[PsychoSlashDot]

It's pretty easy to fault them for not taking a checksum before they patch to ensure that the file isn't modified. If it is, warn the user.

You're both missing what's actually happening here.

1} The "patch code" doesn't choke. The patched kernel does next reboot.
2} The patch doesn't touch the infected file.

The problem appears to be a compromised atapi.sys driver. Is it really reasonable for Microsoft's patch to the kernel to react gracefully to whatever corruption is present in that driver? I know the obvious is that Windows should fail gracefully on any fault, but really... we don't have any clue what's present in that file.

Summary: patch pa

Re:

[Antony-Kyre]

One extreme measure is to use software like Deep Freeze, coupled with an antivirus program. Maybe a good ad blocker firewall to prevent malicious ads from infecting one's machine.

Re:Need confirmation

[RobDude]

Sort of.....

You can't really blame MS for a crash that happens because the .DLLs/code on someone's machine has been modified by a malicious 3rd party.

But, you can expect an MS (or any other OS) to take appropriate actions to avoid patching a file that isn't exactly what is expected.

What you'd really hope for, is that when a problem is detected during the update process (IE - Crap - this .DLL isn't the .DLL we expect. Something is wrong!' - instead of modifying the .DLL it would present the user with some meaningful information like, 'Hey - this patch failed. You probably have a virus....you should get that fixed'. Or something similar.

It's possible that the patch took some reasonable efforts to ensure the patch would only be applied as expected; but I don't know. I do know that, even if it did, it didn't work.

There is a world of difference between an 'infected' Windows machine that has some annoying pop-ups showing up every 15 minutes, but is otherwise functional, and a Windows machine that won't boot because of a recently installed patch.

Re:Need confirmation

[russotto]

There is a world of difference between an 'infected' Windows machine that has some annoying pop-ups showing up every 15 minutes, but is otherwise functional, and a Windows machine that won't boot because of a recently installed patch.

Yeah. The owner of the machine would rather have the former... while everyone else on the Internet would rather they had the latter, as the former is probably sending out spam and trying to infect every other machine it can find as well.

this is a pretty big if

[YesIAmAScript]

As you may have read elsewhere, MS doesn't use context or offset diffs. They just replace files. So the case you speak of is unlikely.

The most likely case is that people who are having the problem have a foreign DLL in their system that calls directly into an offset into this DLL without version checking it. This DLL does so because it's a rootkit, and it wants to fly under the radar. When you change this DLL that other DLL is now calling into invalid code.

But the problem here is this other DLL is bad. It i

Re:Need confirmation

[initialE]

It's bad news for Microsoft at so many levels -
1. it's a 17-year-old bug
2. The disclosure and proof-of-concept attack was done by Google, clearly not Microsoft's best friend
3. Microsoft was forced to release a patch that is not fully tested
4. The cure is worse than the illness
5. Lots of windows users find out they have been compromised for how long? Nobody really knows!
6. The only remedy now is to restore your computer to it's previous state, which means you carry on using your computer in it's compromised state

Intentional?

[Jawshie]

Well duh... How is Microsoft supposed to make any more money from you if they don't trash their old OS?

Just close your eyes and chant

[harris s newman]

Windows costs less, is more secure, and superior to opensource OS's. And hope your boss hears you before your fired.

Re:Just close your eyes and chant

[Tetsujin]

Windows costs less, is more secure, and superior to opensource OS's.

And hope your boss hears you before your fired.

Before my fired what?

Re:Just close your eyes and chant

[ZarathustraDK]

Before my fired what?

Don't correct me, your fired.

Regards
you're Boss

Re:Just close your eyes and chant

[Noren]

Woo Hoo! I'm boss!

Now why are these gentlemen escorting me out of the building?

I dont' HAVE a DVD or CD... it's a hard drive part

[Maxo-Texas]

My machine has a hard drive partition with the "recovery" disk.

I think I have automatic patches turned off on the XP box but I have automatic patching on the windows 7 box.

I think I'm going to figure out how to turn it off when I get home.

Re:I dont' HAVE a DVD or CD... it's a hard drive p

[BitterOak]

You can install the recovery console as a boot option:

http://support.microsoft.com/kb/307654 [microsoft.com]

(You should have an I386 folder somewhere)

It is more complicated for Vista and later:

http://blogs.msdn.com/winre/archive/2007/01/12/how-to-install-winre-on-the-hard-disk.aspx [msdn.com]

Nope. If you follow that link, you'll see you still need the Windows XP DVD to install the recovery console. Sadly, it was not uncommon for XP systems to be sold with no recovery console. My Toshiba laptop (I'll never buy another) did not come with a Windows XP DVD, merely a "product recovery disk" which wipes everything off the hard drive and does a fresh install. No recovery console available. Apparently there's a huge difference between buying a computer that comes with XP and buying a computer that comes with "XP installed."

Not the solution

[Jim Hall]

Several users posted solutions, but the one laid out by 'maxyimus' was marked by a Microsoft support engineer as the way out of the perpetual blue screens.

I don't think this is the solution you were thinking of. The linked solution [microsoft.com] has these notes:

# Proposed As Answer byFred_H 21 hours 11 minutes ago

# Marked As Answer by Cody - Support Engineer Microsoft Support, Moderator 20 hours 13 minutes ago

# Unmarked As Answer by Cody - Support Engineer Microsoft Support, Moderator 20 hours 12 minutes ago

So it seems "Cody - Support Engineer Microsoft Support, Moderator" had second thoughts about a minute after marking this as the solution.

[Disclaimer: I run Linux, not

Comment removed

[account_deleted]

Comment removed based on user account deletion

A quick fix

[Bloom Berg]

from ars [arstechnica.com]: Users in the thread have tracked down a fix, though it requires using a copy of the Windows disc (or for netbook users without an optical drive, a bootable USB drive with Windows on it): Boot from your Windows XP CD or DVD and start the recovery console (see KB307654 for help with this step) Type this command: CHDIR $NtUninstallKB977165 $\spuninst Type this command: BATCH spuninst.txt Type this command: systemroot Good luck. When complete, type this command: exit

Resistance is futile. You will upgrade.

[Animats]

Resistance is futile. You WILL upgrade to Windows 7 as instructed. We are in full control of your computer. Your computer will remain deactivated until you comply with our instructions. You have no alternative but to obey.

Lucky Me

[Penguinshit]

Fortunately I didn't get bitten by this. I would be devastated. Here's why:

I am quadriplegic with a tracheostomy to breathe. That means no keyboard or mouse and no auditory input. I control my computer with eye movement (the only muscles I still fully control) tracked via infrared camera. Almost every system built to assist communication for people like me are built on top of WinXP. There is a Mac version I have heard of but AFAIK doesn't do full control like the one I use. There is no Linux availability at all (oh how I wish).

So I am stuck. This system is my voice and my window to the world (travel is a major production requiring a team of assistants). it controls my immediate environment (tv, lights, etc.). It represents the last bit of independence I possess. It is a Tablet so "pop in the CD isn't so easy.

I am very careful to avoid viruses and other malware (always was when i was healthy and Win32 was only a secondary OS for me then). But to be stabbed in the back would be utterly devastating to me. It could be weeks before I could get qualified help (Nerd Herd, etc. need not apply).

Re:

[Arccot]

Almost every system built to assist communication for people like me are built on top of WinXP. There is a Mac version I have heard of but AFAIK doesn't do full control like the one I use. There is no Linux availability at all (oh how I wish).

Hmmm... that's pretty interesting. What's the software you normally use, and what's the device? There's tons of OSS developers out there just looking for a worthy cause.

Re:

[Penguinshit]

.It's the ERICA from Eye Response Technologies (now Dynavox).

Re:

[Penguinshit]

Or I could be a longtime Linux user struck down by ALS.

But you're probably right...

Windows cannot start again. So?

[gestalt_n_pepper]

You say this like it's a *bad* thing...

Interesting read, this link...

[Erikderzweite]

From TFA: "To regain control of their PCs, users were told to boot from their Windows XP installation disc, launch the Recovery Console and enter a series of commands."

STOP COPYING LINUX ALREADY!

Potential cause for the blue-screens

[ThePeeWeeMan]

It seems like someone's figured out what was causing the bluescreens... from the MS forum thread:

I had an Eee PC with XP Home brought to me with this same problem. I rolled back KB977165, rebooted and the system worked fine. I reapplied KB977165 and the rest of the updates available at Microsoft Update, and the problem returned. I replaced %System32%\drivers\atapi.sys with a clean version from a XP SP3 distribution folder and rebooted... voila! Problem solved.

For reference, the SHA1SUMs of the atapi.sys files:

Non-working:
bb3e36ad0c8ed6daab38653ea4a942d74b9f4ff6

Working:
a719156e8ad67456556a02c34e762944234e7a44

If anyone wants to look at the non-working atapi.sys:
https://patrickwbarnes.com/pub/atapi.sys [patrickwbarnes.com]

I will be looking at this more in-depth. If I find anything more, it will be posted in a follow-up comment at the ISC:
http://isc.sans.org/diary.html?storyid=8209 [sans.org]

UPDATE :
I uploaded the non-working atapi.sys file to VirusTotal, and this is the result:
http://www.virustotal.com/analisis/85aa49f587f69f30560f02151af2900f3dc71d39d1357727ab41b11ef828a7ff-1265925529 [virustotal.com]

Apparently, this update problem is the result of an infection.

This one must have been fun to track down

[Torodung]

There were 8 freaking OS security patches in this last patch Tuesday. It must have been a joy to track down the one update that was causing the problem (KB977165).

I have honest pangs of sympathy for the poor sucker that had to figure out that that one update was rendering infected systems unbootable.

This is why monoculture sucks. *Healthy* cultures are diverse. "Mono" doesn't enter into it. Pun very much intended.

--
Toro

Re:

[Anonymous Coward]

And people will still be ignoring it.

Re:microsoft screws users again. Why is this news?

[Beardo the Bearded]

The problem with Linux is that it's inarticulate. Look at Ubuntu, which is arguably the easiest way to get someone to use Linux if they're from a Windows background.

It works great, it's faster, and most configurations work right out of the box. if you have one of the few configurations that have been checked by the developers. (If you've got an ATI card like I do, Fuck You.) If you've got an older machine without one of the specific wireless cards detailed in document XR-122-65_rev_a_kernel26.6.1, you can with ndiswrapper and wpasupplicant. Rolling back the kernel version will also improve compatibilty on older systems. All of thse commands can be found on forums online, so there's lots of support for... ...what the FUCK are you talking about, Beardo? My machine USED to work, and now it doesn't and that's because I listened to you.

Windows is dominant because they write and market to people who aren't technical users. Read that bolded sentence again. Apple is hauling up their maketshare for the same reason -- they are marketing to the vast majority of people that want a computer but didn't spend their childhood in the CS lab. My dad doesn't want to learn how to use a command line to set up the email. My wife, lead tech support for distance education for a College, didn't like Ubuntu because of the Flash problem.

NOBODY GIVES A FUCK ABOUT PROPRIETARY DRIVERS. IF THE SHIT DOESN'T WORK THEN IT IS A LINUX PROBLEM. (Yes, even if it isn't.)

Hell, MS still has their ridiculous search, when you could just drop to a shell and type "dir *foo*.ext /s | more" and be done in 10 seconds. But you see, if you weren't the kind of person who reads /., I just a) bored you and b) acted condescending and c) said something unintelligible.

Linux is a spectacular tool, but like calipers, $30 ESD wirecutters, or my $200 soldering station, just aren't the right tool for the majority of people out there. If the developers get their heads out of their asses and learn how to market the software AND give the public what it wants, then and only then will Linux get its fair share of the market.

Re:microsoft screws users again. Why is this news?

[cetialphav]

If the developers get their heads out of their asses and learn how to market the software AND give the public what it wants, then and only then will Linux get its fair share of the market.

The question is why would developers want to expand their market share among the non-technical users? Personally, I could care less if my mom uses Linux. You know why? Because she is not a developer and will not contribute one line of code to the OSS world. I want Linux to develop a following among the technical/programmer crowd. This means a larger developer base, which means a greater pace of improvement. This has been happening consistently for the 15 years I've been using Linux and that keeps me happily on this platform. Its all about Developers! Developers! Developers! to me. Microsoft and Apple can have all the rest.

When someone decides that there is money in getting non-techies onto Linux, they will be able to polish Linux into something really slick. Ubuntu is trying, but there really doesn't seem to be enough money in it now so they aren't able to apply a lot of resources to it. Who knows? There may never be any real money in that kind of market (for Linux, anyway).

Re:

[Pentium100]

Also, while command line may be faster than GUI, GUI is easier and here's why: if I want to do some task, I can look at the toolbars and in the menus to fins an item that looks like what I need to do (for example, if I want to find a file, I'll look for a button or menu item named "Search", "Find" or something like that. I will recognize it when I see it), but on a command line, I basically need to remember the exact command for doing what I want to do, for example, I would need to remember the whole "dir *

Re:

[element-o.p.]

Meh...

If most people had to install Windows to get it to work on their PCs, they'd be in the same boat they are currently in with Linux -- they wouldn't have any more clue how to install and configure Windows than they do Ubuntu. Having installed multiple flavors of both Windows and Linux, Ubuntu currently has the easiest installer I've ever seen, bar none. And I've had all the same problems you've described with Linux when I've had to install Windows from a retail (vice OEM) CD. In fact, I've even ha

Re:Remove automatic updates from your slipstream

[Savage-Rabbit]

Here is a list of Microsoft stuff to remove from your XP slipstream:

Automatic Updates (for reasons related to the article)
Windows media player (including 6.4) because it downloads codecs at will.
Accessibility Options (unless you need them)
ClipBook Viewer (useless)
Games
Internet Games ...

Long list, wouldn't it be simpler to just remove Windows XP in it's entirety from your PC and replace it with something else?

Re:Remove automatic updates from your slipstream

[pluther]

But then how will I run Mass Effect 2?

Re:

[buswolley]

Keep Pinball. I love that old game. Very well done, and might be the best Win software ever.

Re:LOL

[Sir_Lewk]

No shit Sherlock.

He was implying that the poster has only played those games, since he hasn't been using windows and those games are pretty famous for being cross platform.

What I don't understand is why "you can't play games" is supposed to be some sort of universal knock against people who don't use windows. I never played games even when I did use windows, it's just not my thing.

Re:The nut behind the wheel

[Sir_Lewk]

Uuuuuuuh..... A home user? Re-read that quotation that you so handily provided one more time.

I updated 11 Windows XP updates today and restarted my PC like it asked me to

See it?

my PC

It's singular. He applied updates to a single computer.

What sort of loon thinks that expecting home users to somehow test patches from their goddamn vendor before applying them is acceptable?

Re:Legacy

[Renraku]

Okay. *upgrades to Ubuntu*

*tries to install Modern Warfare 2*

Hey, I can't run the installer, what's going on? *reads forums* What? Ubuntu doesn't support the latest Direct X? Fuck this, I'm going back to Windows.

Re:Why On Earth Do People Still Use Window?

[the eric conspiracy]

XP is a 10 years old OS that was meant to be decomissioned years ago

Microsoft has had 10 years to introduce fixes to whatever problems Windows XP has. Systems are supposed to get MORE stable as they age, not get worse or show no improvement over time.