Solved

Signed Drivers Detected As Unsigned

Posted on 2010-09-09
5
479 Views
Last Modified: 2012-06-22
Can I get a very detailed (services involved etc) explanation of the Windows XP Driver Signing process?  Every now and again I get a PC that has no USB functionality.  Sigverif.exe claims that over 2000 drivers are not signed.  A healthy computer built from the same image has far less drivers listed as unsigned.  The list includes things like USBSTOR.SYS, which is definitely signed.  Most of the Microsoft drivers which were seen previously as signed drivers are now seen as unsigned.  I even tried replacing drivers with the original and it's still detected as unsigned.  

The keyboard and mouse are non-functional when this happens.  The only fix is to re-install Service Pack 3.  The issue comes back approximately 3 months later on some of the computers.  Thanks for your help.
0
Comment
Question by:Timbilt
  • 2
  • 2
5 Comments
 
LVL 69

Expert Comment

by:Merete
ID: 33644170
Hi Timbilt, this could be a very lengthy topic but as simple as I can, this could be conflict between OEM drivers and the manufacturer drivers, take for example this from Microsoft regarding USB printers
If a user has installed the company's USB solution drivers what happens if a second vendor's solution tries to load?
The two solutions might conflict with each other and interfere with successful printing on the user's system. The operating system cannot detect or prevent such conflicts.
Vendors should use the Microsoft USB printing solution.
If these systems are HP or DEL here lies a possible conflict
Uninstall the vendor-supplied solution completely and then install the Microsoft solution.
source
USB Printers - Architecture and Driver Support
http://www.microsoft.com/whdc/archive/usbprint.mspx
Here's a few more topics that may assist you
Windows XP Pro SP3 Image Build Process
http://www.symantec.com/connect/articles/windows-xp-sp3-out-time-rebuild-those-base-images
How to Add OEM Plug and Play Drivers to Windows XP
http://support.microsoft.com/kb/314479
Driver Signing for Windows
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/code_signing.mspx?mfr=true
0
 
LVL 5

Expert Comment

by:ina_don
ID: 33719785
But all the while you havent had spyware, malware or viruses? I'd think one of those could be to blame. Most oems now supply signed drivers so you wouldn't end up with so many unsigned after such a short period. Check for rootkits and also check the image that you're using. It might carry some malware with it.
0
 

Author Comment

by:Timbilt
ID: 33730751
Sorry for late reply.  Problem still wreaking havok.  Because it happens with so many PCs, it quite possible the image.  I tried to do a rootkit scan with GMER on two of the PCs (those not yet affected by the USB problem, but build from the same image) but it caused both PCs to restart during the scan.  Also, what I've noticed is that the problem arises almost always after moving a PC.  After reconnected the USB devices and powering it on, they keyboard and mouse and completely non-responsive.  After remoting into the PC and doing a scan with Sigverif.exe, almost all the drivers that were signed are now unsigned.

Example:
Normal PC:  2500 signed drivers, 200 unsigned drivers
Affected PC: 250 signed drivers, 2700 unsigned drivers
0
 
LVL 5

Expert Comment

by:ina_don
ID: 33731118
Those automatic restarts dont sound healthy but it could just be coincidence. Maybe you should try running the rootkit scanner and something like Dr. Web CureIt from a live CD such as WinPE/BartPE or even Dr. Web CureIt Live CD or WinInternals. See what you will pick up and then move from there. I've have some success recently using CureIt LiveCD because it has updated definitions and it is currently free so it might be worth trying.
0
 

Accepted Solution

by:
Timbilt earned 0 total points
ID: 33769470
It seems that the chipset drivers that came with the computer were dated 2006 and unsigned.  After upgrading to 2009 signed drivers, the computers are now faster and no more USB issues so far.
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Several part series to implement Internet Explorer 11 Enterprise Mode
Storage devices are generally used to save the data or sometime transfer the data from one computer system to another system. However, sometimes user accidentally erased their important data from the Storage devices. Users have to know how data reco…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now