Friday, February 12, 2010

23 Must-Have Chrome Extensions for Web Professionals - Website Magazine - Website Magazine

23 Must-Have Chrome Extensions for Web Professionals - Website Magazine - Website Magazine

Don't miss these tools! You could spend a lot of time hunting for them instead of designing

http://www.websitemagazine.com/content/blogs/posts/archive/2010/02/12/23-must-have-chrome-extensions-for-web-professionals.aspx
Posted by at No comments:

Tracking down those XP crashes: Could the cause be malware? | Ed Bott’s Microsoft Report | ZDNet.com

Tracking down those XP crashes: Could the cause be malware? Ed Bott’s Microsoft Report ZDNet.com

"One of Microsoft’s “Patch Tuesday” security fixes is triggering a widespread “Blue Screen of Death” problem. The cause is not the update itself, but an existing infection. So far, reports suggest that this problem affects Windows XP and Windows Vista.

[…]

I have found that the root cause is an infection of %System32\drivers\atapi.sys, and that replacing this file with a clean version will get the system booting normally." Ed Bott

For those who don’t know Windows kernel drivers, Atapi.sys provides access to the system hard drive. If it’s damaged or if it doesn’t match the hardware in your system, the result will be a STOP error, which displays 0×0000007B INACCESSIBLE_BOOT_DEVICE (or a similar error code) on a blue screen.

The MS10-015 update does not replace the Atapi.sys driver, but it does replace a bunch of kernel files that interact with that driver (the full list is in the KB article, under the File Information heading), so it’s not unexpected that these changes would cause problems on systems that were already infected.

I found an unrelated report with similar details in a thread at bleepingcomputer.com, where a user reported experiencing this issue and provided diagnostic reports showing infections by several rootkits and Trojan-horse programs (Rootkit.Win32.Agent and Backdoor.Tidserv, also known as TDDS), as well as the Koobface worm. One detail that caught my eye in that thread was the name of that Tidserv nasty, which is known to replace Atapi.sys with an infected version. (See this search for a sample of reports.)

http://blogs.zdnet.com/Bott/?p=1764&tag=nl.e589

Posted by at No comments:
Subscribe to: Posts (Atom)