Solved

Signed Drivers Detected As Unsigned

Posted on 2010-09-09
5
481 Views
Last Modified: 2012-06-22
Can I get a very detailed (services involved etc) explanation of the Windows XP Driver Signing process?  Every now and again I get a PC that has no USB functionality.  Sigverif.exe claims that over 2000 drivers are not signed.  A healthy computer built from the same image has far less drivers listed as unsigned.  The list includes things like USBSTOR.SYS, which is definitely signed.  Most of the Microsoft drivers which were seen previously as signed drivers are now seen as unsigned.  I even tried replacing drivers with the original and it's still detected as unsigned.  

The keyboard and mouse are non-functional when this happens.  The only fix is to re-install Service Pack 3.  The issue comes back approximately 3 months later on some of the computers.  Thanks for your help.
0
Comment
Question by:Timbilt
  • 2
  • 2
5 Comments
 
LVL 70

Expert Comment

by:Merete
ID: 33644170
Hi Timbilt, this could be a very lengthy topic but as simple as I can, this could be conflict between OEM drivers and the manufacturer drivers, take for example this from Microsoft regarding USB printers
If a user has installed the company's USB solution drivers what happens if a second vendor's solution tries to load?
The two solutions might conflict with each other and interfere with successful printing on the user's system. The operating system cannot detect or prevent such conflicts.
Vendors should use the Microsoft USB printing solution.
If these systems are HP or DEL here lies a possible conflict
Uninstall the vendor-supplied solution completely and then install the Microsoft solution.
source
USB Printers - Architecture and Driver Support
http://www.microsoft.com/whdc/archive/usbprint.mspx
Here's a few more topics that may assist you
Windows XP Pro SP3 Image Build Process
http://www.symantec.com/connect/articles/windows-xp-sp3-out-time-rebuild-those-base-images
How to Add OEM Plug and Play Drivers to Windows XP
http://support.microsoft.com/kb/314479
Driver Signing for Windows
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/code_signing.mspx?mfr=true
0
 
LVL 5

Expert Comment

by:ina_don
ID: 33719785
But all the while you havent had spyware, malware or viruses? I'd think one of those could be to blame. Most oems now supply signed drivers so you wouldn't end up with so many unsigned after such a short period. Check for rootkits and also check the image that you're using. It might carry some malware with it.
0
 

Author Comment

by:Timbilt
ID: 33730751
Sorry for late reply.  Problem still wreaking havok.  Because it happens with so many PCs, it quite possible the image.  I tried to do a rootkit scan with GMER on two of the PCs (those not yet affected by the USB problem, but build from the same image) but it caused both PCs to restart during the scan.  Also, what I've noticed is that the problem arises almost always after moving a PC.  After reconnected the USB devices and powering it on, they keyboard and mouse and completely non-responsive.  After remoting into the PC and doing a scan with Sigverif.exe, almost all the drivers that were signed are now unsigned.

Example:
Normal PC:  2500 signed drivers, 200 unsigned drivers
Affected PC: 250 signed drivers, 2700 unsigned drivers
0
 
LVL 5

Expert Comment

by:ina_don
ID: 33731118
Those automatic restarts dont sound healthy but it could just be coincidence. Maybe you should try running the rootkit scanner and something like Dr. Web CureIt from a live CD such as WinPE/BartPE or even Dr. Web CureIt Live CD or WinInternals. See what you will pick up and then move from there. I've have some success recently using CureIt LiveCD because it has updated definitions and it is currently free so it might be worth trying.
0
 

Accepted Solution

by:
Timbilt earned 0 total points
ID: 33769470
It seems that the chipset drivers that came with the computer were dated 2006 and unsigned.  After upgrading to 2009 signed drivers, the computers are now faster and no more USB issues so far.
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
When you try to extract and to view the contents of a Microsoft Update Standalone Package (MSU) for Windows Vista, you cannot extract the files from the MSU. Here we are going to explain how to extract those hotfix details without using any third pa…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question