Latest MS update patch KB977165/MS10-015 may cause BSOD
As Mike Swanson stated in his recent radio show updates are very important in defending against malware. Sometimes updates may cause issues and are easily fixed by just uninstalling the update. Other times they require more in depth fixes. This last one from Microsoft, KB977165/MS10-015, seems to be causing BSOD mostly on machines infected by some variant of the elusive TDL rootkit malware. This has been confirmed by Symantec here and here. If this is the case you find yourself in you can either try to manually fix it yourself or bring your computer to Mike’s store to be fixed. Manually fixing this problem requires the knowledge of booting from the Windows CD, locating the infected partition, replacing atapi.sys, iastor.sys, idechndr.sys, ndis.sys, nvata.sys, vmscsi.sys among others in the system32\drivers directory with the clean backup copy from the boot CD, and rebooting. There are some affected machines that are experiencing this problem due to other good or bad kernel mode applications that were relying on the hard coded addresses that MS10-015 fixed thus causing the BSOD.
For detecting and removing TDL rootkits you can try a program named Hitman Pro 3.5 which seems to be the only publically available program that can remove all current TDL3 variants (up to TDL3.241). Although if your computer is already patched with MS10-015 and fails to boot it can only be fixed with a boot CD.
