I've read all the toing and froing re "who, what why.." since the first PrevX blog from November and subsequent blog entries
Seen MS deny.
Seen Prevx recant ( handled well imo in a tricky situation) and caught the reference to malware techniques:
-{ Quote: "However, if malware or indeed any other program modifies the shell entry to not include null terminating characters, the shell will no longer load properly, resulting in the infamous Black Screen with the PC showing only the My Computer folder." }- & -{ Quote: "This technique is frequently used by malware authors" }-
No specifics re "malware" or "any other program"

Is the postulation that the black screen is associated with some mal ??
If so which/what ??

I don't expect PrevX to have the answers to any/all of the possible other security apps/software combos that may do this.

( I would like some of those posters with "4000+" machines to tell us what they are NOT running )

Seems to be a common theme being pushed that some malicious software is being touted as cause of BlackSOD.

May we have some clarification re possible malware please.

I don't think there will be a malware 'outing'
It is not conceivable that just at the same time that Windows did an update PC's all over the world were hit with the same malware:argh:

It is also not true that it is only PC's with anti malware installed that had the problem. Some corporate folks without client side protection fell over.

Perhaps it will go away soon.

I have one question to Prevx about this situation! Is it only Prevx users that are having this problem or not? Could it be one of the RC's that may have caused this?

TH

-{ Quote: "I have one question to Prevx about this situation! Is it only Prevx users that are having this problem or not? Could it be one of the RC's that may have caused this?

TH" }-
There are people reporting getting black screens on their first reboot after installing said MS updates who are using Eset AV and ESS on my ISP forum and who have never used Prevx.
This has to be connected to MS in some way, perhaps a silent update to one of the NET frameworks or something, wouldn't be the first time they have done it.
I'm using XP Home and have not had any problems.

In the interest of keeping comments brief on this topic (enough has been said already), Microsoft has mentioned "Daonol" as one of the threats which can produce this: http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Win32%2fDaonol

However, as we've stressed in the initial blog post and to the media, this issue has many potential causes. We can artificially create this problem on demand, as described on our blog, on almost any PC - Windows XP, Vista, 7 included - and while ACLs don't appear to be the direct source of the problem our users experienced this time, a modified ACL on the key would produce exactly the same issue.

Because of how easy it is to cause this issue, there can be a vast number of different ways to encounter it, not limited to malware, registry cleaners, or other third party software. Our fix works by resetting the key regardless of its current value, which is why although we initially thought the primary culprit was an ACL on the key, it still works even with the "RegHide" technique being at fault.

Thanks Joe for the info and thank your team for the fix!

TH

-{ Quote: "Thanks Joe for the info" }-
Echo that :thumb: