Question

Locked

Q re: XP Pro Sp3 DeviceMgr "Non-Plug & Play Drivers"

By TerryGH ·
I posted this question on the MS Hardware Newsgroup earlier so excuse the duplication. I'll save a long winded description for now, but essentially as a result of a major trojan virus infection (now deemed clean by Trend Micro), serious
damage was done to my network adapters (all showing yellow ! marks) and some of the non-plug and play drivers (e.g., AFD, IPSEC driver, TCP/IP Protocol
Driver). My tech friend and the manuf. of the Mavell Yukon PCI/PCI-E controllers have already walked me thru trying to update the drivers from the
Marvell site (mssg says no better driver found), so the next step seems to be to see if the non plug and play drivers are the underlying culprit.

So my initial question is since right-clicking on the non plug and play drivers only gives me a choice between disabling or uninstalling (no option
to update drivers), and the properties for each of the flagged drivers says "this device is not present or working properly etc (code 24)" ----- how do I go about reinstalling them? Will XP Pro automatically try to add them on a reboot like the main network adapters (which are reinstalled ok but still are
yellow ! flagged). Or maybe the on reboot I will be prompted to insert the XP install disk?

Or... am I doomed to having to reformat the HD and do a complete re-install of XP Pro since I see in the details tab of properties that the Device Instance
Id is something like "ROOT\LEGACY_TCIP\0000"?

Thanks in advance for any ideas ....

This conversation is currently closed to new comments.

37 total posts (Page 2 of 4)   Prev   01 | 02 | 03 | 04   Next
Thread display: Collapse - | Expand +

All Answers

Collapse -

A couple of things to try as well as MBAM

by Jacky Howe In reply to TM trojan classification: ...

Here is a link to the latest drivers:

Select Motherboard

Select Socket 775

Select P5Q Deluxe

Click Search and Select OS and then click Search


http://support.asus.com/download/download.aspx?SLanguage=en-us

Download the Chipset drivers as well as the Lan drivers.

Update your Chipset Drives and restart if required.

In Device Manager right click on your Lan card and select uninstall, don't restart the System. Install the Updated Lan Drivers and reboot.


Run this Rootkit Revealer GMer
<a href="http://www.gmer.net/index.php" target="_blank"><u>Gmer</u></a>


When your infected with any trojans, spyware, malware, they could have been saved in System Restore and can re-infect you. It's best to remove them.

XP
Press the WinKey + r type sysdm.cpl and press Enter.
Select the System Restore tab and check "Turn off System Restore".


Vista
Press the WinKey + r type sysdm.cpl and press Enter
Select the System Protection tab. Untick the box next to Local Disk C: and any other drives and click on Turn System Restore off.


After scanning the system and removing the offending malware, re-enable System Restore by repeating the steps, this time removing the check from "Turn off System Restore".

You will need internet access to run this:

Download Combofix and rename the executable Combofix.exe to cfix.exe before running it.

http://www.combofix.org/

http://www.combofix.org/download.php

Collapse -

MBAM scan results -- Malware Detected

by TerryGH In reply to A couple of things to try ...

Seanferd & Jacky ? A quick update before turning in to let you know that MBAM did detect malware and it looked from my amateur eyes to be the same as that detected initially by TrendMicro (same file names but not sure about the registry entries). Since I was initially uncomfortable accepting MBAM?s registry repairs, and then seeing Jacky?s note re system restore (which had not been turned off) I was thinking that was the problem for the system being re-infected. So when I got back this evening, I contacted TM and re-ran hijackthis and their SIC program which as it turns out do not show any malware.

You guys obviously have confidence in MBAM?s detection capabilities, so can you confirm that MBAM?s suggested repairs are reliable and after the scan I should just click on MBAM?s ?remove selected? (objects) ?.. or should I use another tool to handle the repairs?

Actually I am getting more resigned to doing the reformat and reinstall but will see how I feel tomorrow morning. Anyway, thanks again for your help? Terry

Collapse -

I have all the confidence

by Jacky Howe In reply to MBAM scan results -- Malw ...

in the world, in the tools that we suggested for you to use. I've personally road tested them.

Collapse -

I second that, and

by seanferd In reply to MBAM scan results -- Malw ...

if you do eventually choose to reformat, wipe the disk overnight first. See the tools at the bottom of my first post. Killdisk is easier to use for SATA drives, according to reliable sources. If you have IDE drives, use DBAN.

But MBAM is probably just detecting changes that were made by the infection that TM isn't catching. Personally, I don't think TM is what it was three years ago anyway. But multiple malware scanners is fairly a must, to catch most everything.

And it should be quite safe. Post the scan results logfile if you want. Well look at them.

Collapse -

MBAM Ran-Rebooted & Gmer Ran- 2 items found?

by TerryGH In reply to I second that, and

Hi guys ...I let MBAM scan again overnight and of course same results came back except an object that was detected yesterday in system restore was no longer there (really ticked that TM didn't warn me of this last week). Anyway, clicked on 'remove selected' and rebooted and the system came back up fine -- I have the log if you are interested but don't see a way to attach to this post.

Also per Jacky's idea, I ran Cmer and two items showed but I didn't get a warning mssg ala their webiste example and they aren't marked "rootkit detected" as in the Cmer's webpage log examples. Also, I don't see in "GMER 1.0.15.15220" window any way fix these if there is a problem. Here's a paste of the log file:

GMER 1.0.15.15220 - http://www.gmer.net
Rootkit quick scan 2009-11-14 12:56:07
Windows 5.1.2600 Service Pack 3
Running: 0o6oogpt.exe; Driver: C:\DOCUME~1\TERRYH~1\LOCALS~1\Temp\uxtdipoc.sys

---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs InCDRec.sys (InCD File System Recognizer/Nero AG)

AttachedDevice \FileSystem\Fastfat \Fat InCDRec.sys (InCD File System Recognizer/Nero AG)

---- EOF - GMER 1.0.15 ----

Is this something I need to be concerned about and if so do you know what I need to do? Obviously not expecting you guys to be waiting around for this update *s* so I will leave Cmer's window open for a while and not attempt to reboot/follow the other steps you suggest for now (and definitely not turn system restore back on until I hear from you). Btw, as expected since I have taken no additional steps to reinstall adapters or anything else I still don't have web connection on the XP Pro -- I have alot of email to catch up to anyway on my laptop.

Thanks....

Collapse -

From

by Jacky Howe In reply to MBAM Ran-Rebooted & Gmer ...

my experience with Gmer, if you right click on the file and the removal tools are greyed out the file is OK.

This file didn't show up in a google and seeing that it's in the temp folder I would delete it.

Running: 0o6oogpt.exe; Driver: C:\DOCUME~1\TERRYH~1\LOCALS~1\Temp\uxtdipoc.sys

These two files belong to Nero's INCD.

AttachedDevice \FileSystem\Ntfs \Ntfs InCDRec.sys (InCD File System Recognizer/Nero AG)

AttachedDevice \FileSystem\Fastfat \Fat InCDRec.sys (InCD File System Recognizer/Nero AG)

INCD has been known to cause problems and if you don't regularly use INCD, uninstall INCD.

Collapse -

Jack's Reply re Gmer log comments- system clean?

by TerryGH In reply to What other

A relatively quick note that I could not directly reply (max mssg level reached):
- right clicking on the two Nero files did show the removal tools were greyed out so am assuming all is well on the virus removal front (thanks for the warning on Nero INCD but will leave that alone for now)

- re the " C:\DOCUME~1\TERRYH~1\LOCALS~1\Temp\uxtdipoc.sys" file this was not found after closing CMer so I assume that is ok as well

- I renabled the system restore per Jack's Post #7), and then disabled the two main Marvell network adapters and then a complete system shutdown and then re-start. The adapters were reinstalled by XP on startup, and not surprisingly the system is working fine except no o/l connection and the same devices are marked with yellow !.

I have to run out for a while but did a quick search for "how to install chipsets" (also per post 7)>> is this post something I need to look (but related to ASUS) http://forums.windrivers.com/showthread.php?t=71014

Will probably have more questions later (sorry guys) -- one quick one: where do I find the item in Device Manager to start the chipset update process, in "System Devices" --I don't see anything ASUS specific book will look again later when I get back.

Once again big time thanks ....

Collapse -

Just run the extracted executable

by Jacky Howe In reply to Jack's Reply re Gmer log ...

for the chipset drivers. It should run through and update the drivers.

If you download from the link that I supplied, the file will be a compressed .zip, that will have to be extracted to a folder.


Follow this link it will explain what the file type is for you and teach you how to uncompress the file. You can then install it. WinRar is probably the easiest to use as you can select to unzip, it to the foldername when you right click the file. You will have to download and install WinRar first.

http://netforbeginners.about.com/od/downloadingfiles/f/faq_zip1.htm


http://www.rarlab.com/download.htm

Collapse -

I gotta ask

by Jacky Howe In reply to Q re: XP Pro Sp3 DeviceMg ...

did you right click the non-plug and play drivers tab and scan for hardware changes.

Collapse -

Jacky's Q & Preparing for Reinstall/Killdisk Qs

by TerryGH In reply to I gotta ask

Heya Jacky...I thought you said we had already spent too much time on this? :) But a tad more seriously, the answer is yes re post 18-- ?scan for hardware changes? did bring back the TC/PIP driver but not the AFD driver and one other I tried? so moving on to the end game ? hopefully some final questions for you guys.

Basically I am in the final stages of updating the list of SW & product keys from the new system install this past March, and am going to try the XP repair after a final data backup and getting the Killdisk CD setup (btw I do have SATA HD) ?but this soggy-brain is confused on a couple of Killdisk website things:

1: Which version of Killdisk (DOS or Windows) do you recommend? The instructions for the windows version seems the cleanest, esp. re creating the KillDisk Boot Disk, but just want to check to make sure there is no unknown benefit to using the DOS version. It also looks like the windows version lets me create a USB boot disk as an alternative to burning a CD ? thoughts?

2: I think I just saw the answer in the KillDisk guide, but just to verify >> when all is ready to pull the trigger with Killdisk, it looks like I need to restart XP into BIOS and change the boot order to the CD rom or USB, right?

3: Since I have the XP Pro disk do I also need to create a bootable CD to handle partitioning/FDISK and formatting tasks after the disk wipe and before I re-install XP? Or can those tasks be handled by the XP Pro install disk (or maybe even on the Killdisk Boot disk itself)?

Ok that should do it for now and thanks ? feel free to insult my intelligence as much as you like now ? I am sooooo humbled (and near-brain dead)?..grrrr :)))

Back to Malware Forum
37 total posts (Page 2 of 4)   Prev   01 | 02 | 03 | 04   Next

Related Discussions

Related Forums