'New Device' Malware?

[YoYo155]

Hello security aficionados

In the past several months I've had people reporting to me that they can't use new devices
plugged into their PC whether it being USB, PCIe expansion or SATA interface on the account
that the no new drivers can be installed, in anyway meaning via Windows automatic search
and update (plug n' play) or manually using the Device Manager, the installation just fails
(I believe the code was 28, but don't quote me on that detail) rendering the devices useless.

Now I have found that using AdwCleaner and allowing it to remove whatever it finds
resolves the issue (although sometimes I still recommend a clean install).
With that in mind I can deduce that we are dealing with a type of malware / crapware.

What I would like to know is what causes it? and if possible how does it do it?
I have attached AdwCleaner result texts and a link to a completely structured quarantine
folder it has generated on a previously affected Windows 7.

Thank you for reading .

   Warning

! Quarantine Folder May Contain Threats !

​

• View attachment AdwCleaner[S0].txt
  
• View attachment AdwCleaner[R1].txt
  
• View attachment AdwCleaner[R0].txt
• Quarantine Folder

 

[Jacee]

I'm sorry, I won't download .rar files ...

 

[Jacee]

The files shown in AdwCleaner all appear to be adware. You can go ahead and run the 'clean' option.

 

[YoYo155]

I'm sorry, I won't download .rar files ...

I should have thought about that .

The files shown in AdwCleaner all appear to be adware. You can go ahead and run the 'clean' option.

I appreciate you taking the time and looking at the logs .

Perhaps I wasn't clear enough in the OP.
Those texts are from a PC (not mine) which had already been cleaned using AdwCleaner.
I want to know what causes that behaviour.
What component of the software is finds causes Windows to fail on installing
new device drivers.

 

[Jacee]

I'm not sure ... possibly it needs to be run in 'compatibility' mode, or the computer needs to be clean of all malware, adware and the temporary files need to be cleaned as well. Sometimes, an Antivirus program will prevent installation of devices.


Also, see this Code 28: The drivers for this device are not installed

 

[ThrashZone]

No doubt those are some pretty interesting lists of items :shock:

 

[YoYo155]

Jacee, thank you for replying but I was hoping to pinpoint the culprits
as I had encountered this issue so many times it has picked my interest as
to how it is happening.

I know! I get those all the time, some people haven't got the slightest clue about
system security.

 

[andrew129260]

I will take a look into it. I have seen Zero Access causing something like this before, and where this is adware, there is zero access (for me lately).

This Microsoft KB article lists multiple reasons as to why a hardware device can fail to install:

Error codes in Device Manager in Windows

Malware can corrupt the registry, use registry settings to block installation altogether, break windows update service so that when windows update goes to search for a driver (which it always does first when plugging in new hardware) the process fails which then causes windows to search its own driver folders, which malware can also mess up causing the installation to bork.

Malware knows that usb devices can have tons of tools to wipe them out. The best way to stop that is preventing them from installing. They also of course block the websites to the known tools that eradicate the infection.

Having said that, a few simple logs is going to be hard to find the culprit of the issue. If not impossible. We can start by looking at everything they found and doing a google search to see if other things come with the adware that would cause this, or if the adware itself has been known to do this. Malware comes out in thousands a day, I highly doubt it is just a single specific infection causing all this.

A rootkit is also very likely.

There is also a example of malware trying to install a "hardware device" and failing:

http://forums.majorgeeks.com/showthread.php?t=217331