KB977165 causes a blue screen

Apparently it’s quite common for the fix to MS010-15, that is Tuesday’s KB977165 to cause a blue-screen of death after it’s installed.

The computer reboots in an endless loop, and if you start it up disabling the reboot after crash, you see a STOP error:

Page_Fault_In_Non-Paged_Area

STOP 0x00000050 (0x80097004,0x00000001,0x80516103,0x00000000)

The security fix fixes one of the longest-standing bugs in the Windows kernel, a seventeen year old bug that’s recently been used in the Chinese attacks on Google, among other attacks.

A prime cause of the crash is being infected with a virus that relies on the old bug. Viruses like this live in device drivers, particularly ATAPI.SYS (the CD ROM device driver)

Fixing the problem involves uninstalling KB977165 while started into the rescue console from the Windows CD, and replacing ATAPI.SYS with the stock copy from the CD:

cd windows$NTUninstallKB977165$spuninst batch spuninst.txt cd windowssystem32drivers expand d:i386atapi.sy_ exit

Do a virus scan afterward, and re-install KB977165. The Virus ESET Nod32 detects is Win32/Olmarik.SJ in my case; others may have similar or the same symptoms and fix.