USB Ports all the sudden stop working, virus detected

USB Ports slowly stopped working, virus detected and removed.  When plugging in a device to a USB port the USB icon appears in the task bar.  Message is "Unknown device".  Devices work with other computers.  Attached are my virus logs...all scan are clean now.
Between Mbam logs there was one clean scan?
SUPERAntiSpyware-Scan-Log---03-2.log
mbam-log-2011-03-23--16-19-39-.txt
mbam-log-2011-03-24--06-07-32-.txt
MagsOwnerAsked:
Who is Participating?
 
michkoCommented:
At this point I'm fairly convinced you have a hardware issue with the laptop itself in the USB hardware.  The USB ports, etc are part of the motherboard in laptops.  Unfortunately, I'd recommend either replacing the motherboard or the laptop.

Obviously, if anyone else has any other suggestions, please post them.

Best of luck.

michko
0
 
michkoCommented:
First thing you should try is to just restore to a point prior to the malware (SearchToolBar) installation:
http://support.microsoft.com/kb/306084

If you don't have any restore points prior, the best solution I've found is to follow these steps:

Download and install CCleaner, www.ccleaner.com and Cleanup http://www.stevengould.org/index.php?option=com_content&task=view&id=15&Itemid=69
Make sure MalwareBytes is current with definitions.
Also ensure you have an antivirus.  If you don't have one currently, Avast is free and quite good.

Reboot into Safe mode.
Run Cleanup.  Do not logout after run (it will prompt).
Run CCleaner, both the cleanup function and the registry cleaner.
Run MalwareBytes.
Run your antivirus.
Delete anything either program finds.
Reboot into Safe mode again.
Run Cleanup and CCleaner again.
Run MalwareBytes and your antivirus.
Repeat until scans come up clean - this can sometimes take a couple of runs.

Once scans come up clean, reboot normally.  Run Cleanup and CCleaner first thing.  Reboot again.  Typically you should be clean by this point.

Best of luck.
0
 
MagsOwnerAuthor Commented:
I've already done all of the above plus rkill, Rogue Killer, except for Cleanup, but in normal mode after it let me run scans.  I am running ESET Online Scanner now...
0
How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

 
michkoCommented:
Sorry, don't know how I missed that it was already clean.  

Kelly's Corner has a tweak to restore USB service, give it a try.  Just a registry edit, #338:
http://www.kellys-korner-xp.com/xp_tweaks.htm

0
 
MagsOwnerAuthor Commented:
Thanks for your assistance but darn...that did not work.

What about running Combofix or Dial a Fix?

She is now taking the battery out of the computer and unplugging it for 30 min...hint from another link.
0
 
MagsOwnerAuthor Commented:
Maybe not Combofix...since we are not seeing any viruses.  Dial-a-fix??  Say thay you may lose Document folder, although when I did use it, we did not lose any data...however we can't back up.  

Do you have some suggestions?  Thanks!!
0
 
MagsOwnerAuthor Commented:
Sorry about the typos.
0
 
rpggamergirlCommented:
Have you tried shutting down, unplug the PC (remove the battery if it's a laptop for at least 30 mins, then power it up again?

If the problem persists, try running ComboFix even though you said the PC is clean. ComboFix can replace/restore files/settings caused by viruses. Show us the log afterwards. If you have AVG or CA these needs to be uninstalled for ComboFix to run.

http://www.bleepingcomputer.com/combofix/how-to-use-combofix
0
 
michkoCommented:
try checking this registry key:

HKEY_LOCAL_MACHINE¿SYSTEM\CurrentControlSet\Services\USBSTOR

3 enables USB, 4 disabled USB

0
 
MagsOwnerAuthor Commented:
rpggamergirl:  She tried the battery out unplugged for 30 minutes with no change...I will run Combofix.  Thanks

michko: Got in there...where should I find the 3 or 4 value?
0
 
MagsOwnerAuthor Commented:
rpggamergirl:  Already ran Combofix on 3/25...attached is the log
Combofix-log.txt
0
 
michkoCommented:
double click "Start" under that key, change the value to 3, then save.  Reboot and test. ...
0
 
MagsOwnerAuthor Commented:
michko:  Type REG DWORD and Data already says 0x00000003 (3).  Is that correct?
0
 
michkoCommented:
Yes, that is correct.  If that doesn't work, try changing it to 4, saving, then changing it back to 3.
0
 
MagsOwnerAuthor Commented:
michko:  Did a requested above...still not working.

rpggamergirl: or michko: did you find anything in the ComboFix Log?

0
 
rpggamergirlCommented:
The MBR rootkit detector that shows discrepancies doesn't mean MBR is really infected, CF had that issue last month and I think it was supposedly fixed.

Anyway you can also try running aswMBR to check mbr status if you like.
Download aswMBR.exe ( 511KB ) to your desktop.
http://public.avast.com/~gmerek/aswMBR.exe

Double click the aswMBR.exe to run it
Click the "Scan" button to start scan

On completion of the scan click "save log", save it to your desktop and post in your next reply.

0
 
rpggamergirlCommented:
Also check out the link below and try the methods stated there,
or go straight to Method 3 to uninstall USB Controllers, at reboot windows will automatically reinstall USB controllers for you, see if that fixes it...

Method 3: Disable and re-enable the USB controller
http://support.microsoft.com/kb/817900


OR, try Microsoft "Fix It" which is also on that page.
0
 
MagsOwnerAuthor Commented:
rpggamergirl: Here is the log
aswMBR.txt
0
 
rpggamergirlCommented:
Neither aswMBR nor ComboFix detected a rootkit but also none of them are able to read the mbr?

which could mean the mbr code is either corrupted or there's an unknown/undetected new variant there.

Is the "FixMBR" button on aswMBR clickable? Maybe hold on to the thought of fixmbr yet, let's try TDSSKiller first. I usually leave the mbr fixing as the last option.

TDSSKiller:
http://support.kaspersky.com/viruses/solutions?qid=208280684



0
 
MagsOwnerAuthor Commented:
rpggamergirl: No threat found by TDSSKiller.  I will try the Disable and re-enable the USB controller.
0
 
michkoCommented:
Just a note.

I don't have any additional suggestions, and it appears you're on the right track.  rpggamergirl knows her stuff, so you're in good hands.  If I come up with anything to add, I'll chime in.

thanks.

michko
0
 
MagsOwnerAuthor Commented:
Unfortunately disabling and re-enabling the USB controller did not work.  She still can not use any of her USB's.  We tried a connecting a couple of things that work when connected to her netbook to rule out cable issues.
0
 
MagsOwnerAuthor Commented:
Should I do a Hardware diagnostics?  I'm sure HP has one. This would rule out hadware failure?  What do you think?
0
 
michkoCommented:
It certainly wouldn't hurt anything to run a hardware diag.
0
 
MagsOwnerAuthor Commented:
Ran HP Diagnostics...with no device connected the USB passed.  When a external HD was attached it failed...attached is a screedshot.
Thanks!!
HP-Hardware-Diagnostics.bmp
0
 
michkoCommented:
Does is fail with any other usb hardware (flash drive, etc) attached, or just that specifi external hard drive?

0
 
MagsOwnerAuthor Commented:
Everything...even a printer that works fine with other computers...wanted to rule out defective cables.
0
 
michkoCommented:
And does that external hard drive work on other computers?  
0
 
MagsOwnerAuthor Commented:
Yes
0
 
michkoCommented:
Try uninstalling the drivers for the external drive.  Reboot.  Run ccleaner's registry cleaner.  Reboot.  Then install the drivers for the external again.  
0
 
MagsOwnerAuthor Commented:
Where would they be located and what would they be named?  After the above procedure I assume that if the USB then recongonizes the external drive they would then be installed when she plugged it in.  Is this correct?  What about her flash drive, printer...it affects everything.
0
 
rpggamergirlCommented:
I would've thought powering down, and the uninstalling/reinstalling of USB controller should've fixed it.

You would have to go to your Device manager > Disk drives and rightclick on that external drive to uninstall its driver.

Knowing it affects everything, I still think it might be something to do with mbr nasties or bootkit.
Apparently asmMBR version version 0.9.4 doesn't see the new variant of bootkit whereas  ver 0.9.3 does, so hopefully they'll fix it asap.

Clicking on the avalaible button "Fixmbr" should fix it IF it's an mbr virus or bootkit causing it. But leave it as your last option because of possible consequences.
0
 
MagsOwnerAuthor Commented:
Unfortunately not...

You would have to go to your Device manager > Disk drives and rightclick on that external drive to uninstall its driver.  I do not believe it is even recognized.

After HP fixed her computer last year we purchased an additional internal drive and made a full image with Acronis.  I'm thinking at this point trading out her drives to see if the problem with the USBs is still there.

In pulling the drive, can viruses cause problems in other areas of the computer?

If the problem is resolved would you trust the problematic drive?
0
 
michkoCommented:
PS2 mouse and keyboard?  If so, you could go into Device Manger -> USB Controllers and uninstall the USB Root Hubs, then reboot.  That would force a full reinstall of the USB Root Hubs when the system comes back up again. ...

If you have a full drive image from a date prior to the infection, by all means, restore from that image.  

The majority of viruses would be resident on the hard drive.  There are a few that can infect BIOS, but not the ones shown in your SAS and MBAM reports.

If the image resolves the problem, I'd recommend a complete format of the problematic drive.  

And, if the image doesn't fix the problem, you could try a full format and reinstall on the drive.  If that doesn't repair it, then it would be hardware related.

0
 
MagsOwnerAuthor Commented:
It is a laptop with no USB keyboard and already did "could go into Device Manger -> USB Controllers and uninstall the USB Root Hubs, then reboot" please see 03/31/11 11:36 AM, ID: 35283074 comment.

Thanks for the other comments, she is dropping off the computer to me tomorrow...I will keep you all posted.
0
 
MagsOwnerAuthor Commented:
Okay...I installed the new Harddrive and the USB's are still not working and failed the Hardware Diagnostics test.  What next?  I am doing some research.  Thanks for your assistance.
0
 
rpggamergirlCommented:
I'm not sure if this had been asked, I didn't read back all the comments.

Is the System Restore On? Have you tried System Restore back to a date prior?

Also an OS reinstall would most likely fix this issue.

0
 
MagsOwnerAuthor Commented:
The system restore is on and I could not set it back to a prior date.

An OS reinstall will not work.  When I repaired her computer last year we decided to make a duplication of her hard drive with Acronis so in an emergency we could simply swap drives.  USB's worked just fine then.  I removed her current drive and replaced it with the clean drive and the USB still did not work.

I am going to power down, remove the battery as well as the CMOS and see if that works.  Her husband suggested it and in googling I confirmed the possiblility.  Early on we took out the battery and unplugged it fot 30 min...I am going to do the same with adding taking out the CMOS battery.
0
 
MagsOwnerAuthor Commented:
Next????  Taking away all power source did not work...left it disconnected for an hour.  Attached a compact external drive and could feel it power up with no light but got same message - One of the USB devices attached to this computer has malfunctioned and Widows does not recognize it.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.