Black Screen of Death Actually Caused by Malware

[stephens316]

Black Screen of Death Actually Caused by Malware

A couple of days ago we wrote about the Black Screen of Death, a problem that caused Windows-based machines to freeze and lock out users, leaving them teary-eyed and black-screened.

The issue, however, doesn’t seem to be a common one, nor is it tied to Microsoft’s security updates, as we’d previously thought. In fact, UK security company Prevx, who pointed out the issue (and actually offered a software fix), admitted that the problem is likely caused by malware and not by Microsoft’s error.

[jaclaz]

The issue, however, doesn’t seem to be a common one, nor is it tied to Microsoft’s security updates, as we’d previously thought. In fact, UK security company Prevx, who pointed out the issue (and actually offered a software fix), admitted that the problem is likely caused by malware and not by Microsoft’s error.

Thanks for the news.

I cannot avoid to point out that whenever I see the word "likely" in the same sentence where a fix for a technical issue is described my legs tremble a bit.

We might introduce a trinary state:

0=OFF

1=ON

A suffusion of yellow="LIKELY" (or "LIKELY NOT", it doesn't make much difference in the result)

Besides the flamewar between the companies, have we learned that by removing accidentally a null in a REG_SZ key we can create a BLACK, NOT Blue, SOD on almost any MS OS?

Maybe some more "robust" shell (or design) might have been advisable.

I find preoccupying how one side uses Google results:

http://www.prevx.com/blog/140/Black-Screen...sta-and-XP.html

If you Google Black Screen then you will find a whopping 80Million plus results, mostly dominated by people searching for a fix to this problem. Thousands of users have resorted to reloading Windows as a last ditch effort to fix the problem, avoid that at all cost. We hope we can help a good many of you avoid the need to reload.

To substantiate a pointless claim:

http://homepages.tesco.net/J.deBoynePollar...ess-metric.html

And how the other one:

http://blogs.technet.com/msrc/archive/2009...ty-updates.aspx

uses "not broad":

We’ve also checked with our worldwide Customer Service and Support organization, and they’ve told us they’re not seeing “black screen” behavior as a broad customer issue.

to diminish the phenomenon.

Both guys should go back to school and learn a bit about "scientific method", "logics" and "statistics", IMHO.

jaclaz

P.S.: maybe they went to the same school the Seagate Customer and Technical Support guys went... :whistling:

Edited December 3, 2009 by jaclaz

[cluberti]

Well, Microsoft has never released an update for XP, Vista, or Win7 for that matter that modified the shell reg key/value pair. Either it was caused by malware, 3rd party software, or perhaps the user themselves inadvertently (the last bit is probably unlikely, but you can never rule anything out). Most people complain about the registry, but having the registry means memory-mapping sections of a VERY large settings database which is very performant (more so that reading/writing files), provides a standard interface for developing and storing/retrieving said information without having to know anything else about a program or the OS, and also allows for centralized control via security ACLs, reporting/auditing, and Group Policy control. It's not perfect, but it's no better or worse than having hundreds or thousands of config files scattered about the disk (or even in one directory like OS X does). The registry is pretty robust and secure as far as settings databases go, although I do agree it could probably be protected better. The problem is with hundreds of millions of users, you might have the same percentage of idiots that'll hork their boxes, but .5% of 500 million is a lot more than, say, .5% of 10 million.

[herbalist]

This incident doesn't say anything good about either party. If this is malware caused, PrevX failed to detect it and allowed the activity. It doesn't say much for Windows 7 either if that's all it takes to bring it down. If this is caused by malware, what else is being disabled at this time, and is anything else taking place while the screen is black? They need to do better than "likely"