Solved

USB Ports won't recognise external drives

Posted on 2011-09-20
17
264 Views
Last Modified: 2012-08-13
I have a machine that has been infected with spyware. Have cleaned it up but I am still having problems with the USB Ports. We have 4 ports and are using USB mouse and keyboard without issue. As soon as we plug a hard drive in or an iPod the machine reports drives corrupt and need formatting. Plug same drives into a different PC and they work as they should. Cheers.
0
Comment
Question by:Todger66
17 Comments
 
LVL 17

Expert Comment

by:Sikhumbuzo Ntsada
ID: 36571879
Remove the drivers, update them again, then restart and try to use your External Drive again.
0
 

Author Comment

by:Todger66
ID: 36573874
I have done that already. On reboot it re-installs the drivers and then the same issues come back.
I am wondering where the drivers are that get installed are stored? Can I delete them and download a new set?
0
 
LVL 3

Expert Comment

by:xwizzard
ID: 36576814
It sounds like the driver files may be infected or damaged.

- Check that the BIOS options for USB support and emulation / legacy / USB 1.1
   are turned on.
- Use ComboFix and TDSS killer if you have not already to rule out possible rootkits.
- Do a Chkdsk /R on all local drives to rule out potential file corruption
- Perform an SFC /Scannow within the system or externally with another system to
   remedy damaged system files

If the above methods to not help it is likely you will need to perform a re-install of the
operating system. The mass storage drivers (including USB storage) are a part of the
Windows system files and cannot be removed without serious issues.
0
 
LVL 2

Expert Comment

by:shiva_kv
ID: 36585709
Can you post a screenshot please? does not sound like windows to me.

Try this, press and hold the Shift Key when connecting the USB device, which will disable Autorun. Release the key 20 seconds after you see a disk letter on my computer. then run a complete Online scan from here :

http://housecall.trendmicro.com/

Let it clean-up any of the spywares / viruses found . Let us know how it went.
0
 

Author Comment

by:Todger66
ID: 36596974
Thanks guys for your input. I have run Stopzilla that found some entries and removed them. If I plug a USB device in safe mode it works ok. Also when I plug a USB device in Autorun doesn't seem to activate. I do think it is virus/spyware related but this has become a monster.

I have done an in place re-install of XP Home and re-installed SP3 (the Windows disk I have is SP2 only)
I had to reactivate Windows also.

Housecall didn't find anything. I am going to download ind install Spybot next.

What would you like to see a screenshot of?
Cheers and thanks.
0
 
LVL 2

Expert Comment

by:shiva_kv
ID: 36597529
Tod,
Most of the new Viruses / spywares use the Autorun feature on the USB key to copy themselves, I would strongly recommend leaving it disabled.

Eitherways The Autorun program can be invoked by Right clicking on the device and Select "Autorun /Autoplay" .

However, if you have any specific reason to keep it Active, then use this MS tool which fixes problems automatically:

http://www.microsoft.com/download/en/details.aspx?id=2648

Hope this helps.

Regards,
Shiva

0
 

Author Comment

by:Todger66
ID: 36597654
This is driving me nuts. I just had the iPod working and a USB stick. Rebooted machine and now it is failing again. I have downloaded Serviwin and found the USBSTOR driver wasn't starting. I still think it is spyware related.
0
 
LVL 2

Expert Comment

by:shiva_kv
ID: 36597674
Try rebooting in safe mode and see if USB device works, if it does it means that something is blocking USB devices in normal mode.
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 

Author Comment

by:Todger66
ID: 36597679
Works in safe mode.
0
 
LVL 2

Expert Comment

by:shiva_kv
ID: 36597682
Also try rebooting the machine with the device connected, want to see if this is works ok @ boot.
0
 
LVL 2

Expert Comment

by:shiva_kv
ID: 36597725
Try using Smitfraud fix from here:

http://siri.geekstogo.com/

It is one of the better Spyware removal tools out there, brief instructions on howto run this can be found here:

http://www.geekstogo.com/forum/topic/109268-how-to-use-smitfraudfix/
0
 

Author Comment

by:Todger66
ID: 36597804
Now it has just BSOD'd with Invalid_Process_Detach_Attempt.
I will have a look at Smitfraud fix now cheers.
0
 

Author Comment

by:Todger66
ID: 36597946
Have just run Smitfraud and the symptoms still exist.
0
 
LVL 2

Expert Comment

by:shiva_kv
ID: 36715160
Since you have tried most of the options, try the following:

Open Msconfig : Disable all startup applications
Check Hide all microsoft Services and disable all but your Anti-virus program services.

Run Process-Mon from MS:

http://technet.microsoft.com/en-us/sysinternals/bb896645

1. Hit CTRL+A and note the system time in Processmon, hit Ctrl+A to start Auto Scroll
2. Connect the USB Disk and see which entries and processes get executed.
3. Wait for the Symptoms to show-up again
4. Hit Ctrl+A to stop the Autoscroll,note the time down.

Now, you should be able to analyze the whole set of processes going on during the timeframe.
See if any process is being triggered from any suspicious locations / registry entires and you could list them here for further discussion
0
 

Author Comment

by:Todger66
ID: 36715791
Thanks mate,
Client has the drive out of this machine to copy some content off. When I get it back on Friday I will give Processmon a whirl.
Cheers.
0
 

Accepted Solution

by:
Todger66 earned 0 total points
ID: 36902262
Thanks Experts for you input. I ended up biting the bullet and reformatting. All works as it should.
Thanks again.
0
 

Author Closing Comment

by:Todger66
ID: 37877399
The only fix sometimes is C:\Format
0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Local storage vs SAN for VM's 10 141
VNX 5800 - expanding storage pool issue. 3 54
Problem - Database Storage 4 58
How to format tape Cartridge to LTFS 6 65
A bootable USB key can be very handy now-a-days. My favorite USB key consists of our Windows 7 image, network card drivers (to connect up to a Ghost server), the latest BIOS updates for all of our PCs and CopyWipe (to erase a retired PC) Creating…
Ever notice how you can't use a new drive in Windows without having Windows assigning a Disk Signature?  Ever have a signature collision problem (especially with Virtual Machines?)  This article is intended to help you understand what's going on and…
This video teaches viewers how to encrypt an external drive that requires a password to read and edit the drive. All tasks are done in Disk Utility. Plug in the external drive you wish to encrypt: Make sure all previous data on the drive has been …
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now