Black screen malware cause clarification plz..

Discussion in 'Prevx Betas' started by Longboard, Dec 3, 2009.

Thread Status:
Not open for further replies.
  1. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,187
    Location:
    Sydney, Australia
    I've read all the toing and froing re "who, what why.." since the first PrevX blog from November and subsequent blog entries
    Seen MS deny.
    Seen Prevx recant ( handled well imo in a tricky situation) and caught the reference to malware techniques:
    &
    No specifics re "malware" or "any other program"

    Is the postulation that the black screen is associated with some mal ??
    If so which/what ??

    I don't expect PrevX to have the answers to any/all of the possible other security apps/software combos that may do this.

    ( I would like some of those posters with "4000+" machines to tell us what they are NOT running )

    Seems to be a common theme being pushed that some malicious software is being touted as cause of BlackSOD.

    May we have some clarification re possible malware please.
     
    Last edited: Dec 3, 2009
  2. DavidCo

    DavidCo Registered Member

    Joined:
    Jul 9, 2005
    Posts:
    503
    Location:
    UK
    I don't think there will be a malware 'outing'
    It is not conceivable that just at the same time that Windows did an update PC's all over the world were hit with the same malware:argh:

    It is also not true that it is only PC's with anti malware installed that had the problem. Some corporate folks without client side protection fell over.

    Perhaps it will go away soon.
     
  3. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,011
    Location:
    Ontario, Canada
    I have one question to Prevx about this situation! Is it only Prevx users that are having this problem or not? Could it be one of the RC's that may have caused this?

    TH
     
    Last edited: Dec 3, 2009
  4. Dark Star 72

    Dark Star 72 Registered Member

    Joined:
    May 27, 2007
    Posts:
    703
    There are people reporting getting black screens on their first reboot after installing said MS updates who are using Eset AV and ESS on my ISP forum and who have never used Prevx.
    This has to be connected to MS in some way, perhaps a silent update to one of the NET frameworks or something, wouldn't be the first time they have done it.
    I'm using XP Home and have not had any problems.
     
  5. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    In the interest of keeping comments brief on this topic (enough has been said already), Microsoft has mentioned "Daonol" as one of the threats which can produce this: http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Win32/Daonol

    However, as we've stressed in the initial blog post and to the media, this issue has many potential causes. We can artificially create this problem on demand, as described on our blog, on almost any PC - Windows XP, Vista, 7 included - and while ACLs don't appear to be the direct source of the problem our users experienced this time, a modified ACL on the key would produce exactly the same issue.

    Because of how easy it is to cause this issue, there can be a vast number of different ways to encounter it, not limited to malware, registry cleaners, or other third party software. Our fix works by resetting the key regardless of its current value, which is why although we initially thought the primary culprit was an ACL on the key, it still works even with the "RegHide" technique being at fault.
     
    Last edited: Dec 3, 2009
  6. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,011
    Location:
    Ontario, Canada
    Thanks Joe for the info and thank your team for the fix!

    TH
     
  7. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,187
    Location:
    Sydney, Australia
    Echo that :thumb:
     
Thread Status:
Not open for further replies.