One of our customers reported an issue after applying the update per KB958687 (MS09-001), which installs a new version of SRV.SYS. The customer was experiencing the following symptoms:
Troubleshooting the issue, we used system configuration utility (i.e.MSCONFIG), and disabled all non-Microsoft software & utilities once this was done the symptoms were not seen. In order to narrow the problem down, we started enabling the third party services/application one after the other.
We went through the list one by one and were able to reproduce the issue when the third- party antivirus service on the customer’s machine was started. In order to confirm this, we disabled the antivirus application and started the rest of the applications. After this the customer indicated the problem was no longer happening.
We enabled the AV service once again and the issue returned. We then created a new user on the local machine and logged in as the new user, but the results were same.
We logged back with domain credentials, disabled the AV application again, and the machine came up quickly and the user experience was as expected.
This confirmed that the issue was being caused by the antivirus software on the customer machine. Now that we knew the cause, we had to find a solution.
The next step that we took was to update the antivirus software, which in turn downloaded the latest antivirus signatures. After this was complete, we rebooted the machine. The antivirus service was running this time and the symptoms were no longer seen.
The Take away: Always keep your machines updated.
- Firasat Ali Mirza
Very nice read. Thank you for the information.