Thursday, May 22, 2008

Update on Yesterday's Blog on Windows XP

After posting my blog on the Net yesterday, I received an e-mail post from PC Magazine's blog on security, one of the many blogs and newsletters I subscribe to. Apparently, Microsoft has figured out the continuous reboot problem. Here is an excerpt from it that might prove helpful:

--------------------------------------------------------------------

THE REASON BEHIND THE XP SP3 CONTINUOUS REBOOT BUG

Reports are all over about problems with some users installing Windows XP SP3; their systems go into a continuous reboot cycle.

Now Microsoft has provided an explanation, and it's an interesting one. The problem occurs on AMD-based systems where Windows was build from an OEM image captured on an Intel-based system. Perhaps it never mattered before, but in such cases, and depending on a particular registry key, an Intel-specific driver (Intelppm.sys) is loaded.

Microsoft Knowledge Base article KB88372 explains this some more and gives instructions for what to do if you are experiencing the problem. There is even more on the subject in this forum post on Microsoft.com.

Creating system images in this way is, when you think about it, a pretty stupid thing to do and the OEMs are clearly at fault. By the same token, the SP3 beta test was pretty large and I wonder how something like this could have escaped notice.

----------------------------------------------------------------------

And, here is an excerpt from the Microsoft forum post mentioned above:

"We are working on a filter for Windows Update to detect the specifically affected AMD systems (not all AMD systems are affected, it appears to only be those with an image created on an Intel system and the missing registry key or file), and temporarily prevent these machines from installing Windows XP SP3. Implementation of the filter us currently slated for the end of May. Automatic distribution (AU) for XP SP3 is scheduled for implementation later this summer. We are also investigating a hotfix that can be deployed over Windows Update."

----------------------------------------------------------------------

My solution is to sit back and wait for the automatic distribution scheduled for this summer.

This Just In

Users of Spyware Doctor and Norton Internet Security are reporting that these two security programs are yielding false-positives on some basic Windows programs after installing SP3. XP SP3 causes Norton Internet Security to identify ctfmon.exe as a keylogger (a kind of malware that records your keystrokes to capture passwords and other important data). In reality, the ctfmon.exe file in your Windows\System32 folder is a Microsoft system file that enables alternative input methods such as speech, tablet, or on-screen keyboard.

In the case of Spyware Doctor, the popular anti-spyware tool from PC Tools detects Trojan-Spy.Pophot.WX in RunDLL32.exe even if the system is uninfected. RunDLL32.exe is an important system file that Windows uses to run code in dynamic link library (DLL) files. By default, Spyware Doctor prevents any files it identifies as infected from running. If an important system file such as RunDLL32.exe is flagged incorrectly, the result can be disastrous for your PC.

I am sure that fixes will be forthcoming for both programs. But, we may not have heard the last of XP SP3 bugs.

1 comment:

Anonymous said...

Explore more blogs at
Free Blog Directory - A collection of links that helps peoples to find their interest! Add your blog for free and get quality targeted traffic