system
41
Thanks for your assistance essexboy. It is very much appreciated.
I will have to put this on hold for a week or so as I am away from the affected computer. I will follow your suggestion as soon as I return and let you know the result. I hope we can keep this thread open while I am away.
Thanks again.
system
43
I ran the troubleshooter. It identified a missing driver for my HP printer. Other than that, no additional messages or fixes.
Could you go to control panel > device manager and let me know if there are any yellow triangles
system
45
There are yellow triangles next to the entries for the HP C309a series printer under “Other devices”. Those are the only ones. I haven’t worried about the printer drivers yet.
I still cannot read USB jumpdrives when plugged into the USB ports plugged into the MB. When USB drives are plugged in they do not register in Win Explorer. I have a PCI card to provide 2 USB 3.0 ports and I can read USB sticks plugged into those ports.
Regarding the CD/DVD drive, it shows up in Win Explorer but I cannot read any media. With a known good media inserted, clicking on the drive in Win Explorer opens the drive tray. I have confirmed that the CD/DVD drive is setup in BIOS to boot from however the media (factory Win 7) is not recognized and the system continues on and boots from Harddrive.
I have again run a complete set of scans using Avast IS. Nothing shows up.
Thanks.
I still cannot read USB jumpdrives when plugged into the USB ports plugged into the MB. When USB drives are plugged in they do not register in Win Explorer. I have a PCI card to provide 2 USB 3.0 ports and I can read USB sticks plugged into those ports.
Weird I had some USB ports go on me yesterday, similar problem
From device manager right click the USB ports and select uninstall. Once they are all uninstalled then reboot and try again
system
47
Re the printer: sorry, I should have noted that the printer is a network printer and the status of device manager was taken with the affected computer removed from my network. That probably explains the alerts in device manager. Like I said, I wasn’t too worried about that until I get the other more serious problems sorted out. Since the “event” I have not had other devices connected to the network at the same time that the affected computer is on the network. It is quite cumbersome.
I did try to uninstall some of the USB ports, but each time I select one my mouse and keyboard quit working. I then have to reboot and the USB port gets reinstalled. I have tried 2 different ports with the same result. The keyboard and mouse are wireless connected thru a USB KVM switch. My monitors connected thru the same switch continue to work??
I am stumped.
As the PCI usb ports are recognised I would hazard a guess that the motherboard ones are broken
And again as the CD drive is recognised then the CD reader may also be broken… How old is the computer ?
system
49
The computer in its current state is about 1 year old. The MB is 2-3 years old; an ASUS P7P55D MB which isn’t outdated. Computer is home built and most recent reconfig was about a year ago with addition of SSD system drive. The cd drive is an LG BDDVDRW which is not outdated or old. I don’t believe the usb ports and cd drive failed at same time as the event that Avast logged and the same time that Avast was disabled. They quit working properly but it is not a hardware failed issue.
I have done some more investigation. I have tried some other USB media and the system can see the media in all ports but does not see any security or OS related tools such as AV software. For example it identifies a usb stick with Portable Apps OS as a stick with a single audio track on it but does not see the Portable App or folders under the app.
I tried removing/uninstalling a different usb port and again the kb and mouse quit working.
I dl’d and installed Kaspersky AV. After the install both IE 9 and Google Chrome could no longer access the internet. When I ran the AV it hung at 2% because it could not get an update I guess. When I uninstalled KAV, IE9 and Chrome both worked fine.
I am quite prepared to reformat C and install Windows 7 but don’t know how I can do this if I can’t read the CD. I need to know what has caused the cd drive to function the way it is and how to correct it.
I read part of a thread (on another forum) yesterday where a user had a similar problem and when he replaced the cd drive with 2 other known good cd drives he experienced the same issue. Unfortunately the thread quit before it reached a solution.
Hmm this is intriguing then as it would suggest that something is monitoring the output from the drives
Batch File
Warning: this fix is specific to the user in this thread. No one else should follow these instructions as it may cause more harm than good. If you are after assistance, please start a thread of your own.
[*]Click on the Start
http://dl.dropbox.com/u/16537616/Canned%20Speeches/Start%20Orb.jpg
button and in the search box, type Notepad and click on it
[*]Copy (Ctrl+C) all of the text in the following box and paste (Ctrl+V) it into Notepad
CD \
DIR /S /A:L > %USERPROFILE%\Desktop\JunctionPoints.txt
START JunctionPoints.txt
EXIT
[*]Go to File > Save As… and save it to your Desktop named fix.bat. Make sure you change the Save as type to All Files (.)
[*]Locate fix.bat on your Desktop and right click then select Run as administrator
When this finishes scanning, it should open a file, JunctionPoints.txt, copy and paste this into your next post please. If it doesn’t open, it can be found on your Desktop.
system
51
Junctionpoints.txt is attached.
Additional info. I have VMware Player installed and it runs Windows XP as a VM. I can see additional information (U3 and Portableapps.com) on the usb sticks although both U3 and Portableapps.com do not appear to run. I am not sure if that is an XP thing or a symptom of my problem. I can see the cd/dvd drive however it will not read a Win 7 factory cd.
As it stands I can see no malware so I will do some more research
system
53
I have moved a CD/DVD-Rom from another system to the affected system. It allowed me to boot to a Windows 7 CD and I was able to reformat and re-install Windows 7.
After the re-install I was able to read media in the affected BDDVDRW drive and I was able to read USB sticks. I will know go about rebuilding the system with my programs.
I am very disappointed that although Avast IS recognized the scripts as potential threats, it did not block them and my system became infected with something unknown.
My concerns now are what code has been written to 2 hard drives other than the system drive and what code may have been written to other systems on my network (laptop, Win Server, wife’s mac). So far numerous scans of the 2 hard drives has revealed no threats. Is there any way to be sure?
Also, the 3 usb sticks that I tried on the affected system may have become corrupt. When I tried one on my laptop Avast indicated the U3 and PortableApps.com programs would run in the sandbox. I immediately removed the usb stick and have set all 3 aside. Is there a process to sanitize these?
It is exceedingly rare where malware will jump drives, all I can think of is that the registry was changed in some obscure place to disable the CD/USB
Sanitise the USB’s with this
Download McShield to your desktop and install
It will initially run a scan and show the result as a toaster by the system clock
Then in the control centre select scanner and tick unhide items on flash drives
https://dl.dropbox.com/u/73555776/mcshield%20unhide.JPG
Plug in the drive and McShield will start a scan
Then get the log which will be here :
Start > all programs > MCShield > logs > all scans
And post that
system
55
Yes, but a registry change does not explain why the cd-rom wasn’t recognized at boot-up nor how it just seemed to block AV software and disk tools. That has me stumped.
I am away from home for a week but will post the mcshield logs once I return.
I must admit I can see no way the boot cd was changed as that data is held in BIOS and although I have heard of malware infecting the BIOS it is mostly proof of concept stuff rather than actual infections