USB Keyboard/Mouse Freezing

Discussion in 'Malware Help (A Specialist Will Reply)' started by gbrenham, Aug 22, 2008.

  1. gbrenham

    gbrenham Private E-2

    I have a Dell XPS 400 that only has USB ports for a mouse and keyboard.

    Both the mouse and keyboard lock up when booting Windows XP Media Center 2005 in regular or safe mode.

    Conversely, I have no issues with either the mouse or keyboard when booting with UBCD4WIN.

    I'm posting this hear because I still think it is virus/malware related. While inside UBCD4WIN, I did run Ad-Ware, SpyBot SD, and EZPCFix. They all found malware on this machine. I did delete all that I could before trying to get into Windows normally so that I could go through the posted Windows XP Cleaning Procedure.
     
    gbrenham, Aug 22, 2008
    #1
  2. gbrenham

    gbrenham Private E-2

    ************** UPDATE *******************

    SuperAntiSpyware is reporting that it is Rootkit.Unclassified/USBHubB

    I delete it via SAS, but it comes back. Any guidance?
     
    gbrenham, Aug 22, 2008
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Does the mouse and keyboard lockup immediately or do you have a little bit of time after startup?

    Open a command prompt window from the UBCD4WIN boot session. And in the command prompt, enter the below commands (note I'm assuming your Windows boot drive is C):

    cd C:\
    attrib *.* > C:\log.txt
    dir *.* > C:\log.txt

    Now see if you can attach the C:\log.txt file here.
     
    chaslang, Aug 23, 2008
    #3
  4. gbrenham

    gbrenham Private E-2

    As soon as I see the Windows XP splash screen, the keyboard locks up. I'm assuming the mouse does as well at this point. The system goes ahead and boots, but of course since the USB function is being attacked, I can only use the power button on the Dell XPS 400 to shutdown the machine.

    After booting with UBCD4WIN (ver. 3.20), I have no issue with the keyboard or mouse. In fact, I am writing this on the infected system.

    I used the supplied SAS version (4.1.1046) that was on UBCD4WIN. I did update the definitions (Core: 3545, Trace: 1534). It first prompts me if I want to load remote user profiles for scanning. I selected "Yes". I then select "Automatically Load All Remaining Users"

    I scan normally and it finds the aforementioned Rootkit.Unclassified/USBHubB. I click next to clean it and it says it must reboot my system. Well, of course this doesn't work due to UBCD4WIN. I bypassed that and just saved off the log file.

    Thanks for your help!
     

    Attached Files:

    gbrenham, Aug 23, 2008
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Did you try doing what I requested?


    Also see if you can locate the below file

    c:\windows\system32\drivers\usbhubb.sys

    If you do see it, then rename it to usbhubb.SSS

    DO NOT rename usbhub.sys which is valid. Notice only one "h"

    Then reboot and see what happens. You need to also remove the driver/service too but you will have to do that when you can boot up. You have alternatives using the UBCD4Win where you can copy a registry hives from restore points to replace your current registry which has the infection. The concept of doing this is described in the below but of course does not explain how to do it using UBCD4Win; however it is much easier with UBCD4Win since you don't need to use so many steps as with the Recovery Console.


    http://support.microsoft.com/default.aspx?scid=kb;en-us;307545&sd=tech
     
    Last edited: Aug 23, 2008
    chaslang, Aug 23, 2008
    #5
  6. gbrenham

    gbrenham Private E-2

    Yes, I did what you wanted with Log.txt. I forgot to add it to the attachments last time. Here it is.


    Usbhubb.sys does not show up on C: at all. The only place I find it is in the registry.


    I haven't done this yet, but are you saying that I should replace all hives? Just the System hive?

    I'm not sure how to do it with UBCD4WIN. If you know of any guides, I would appreciate it. If not, I'll have to get learned up before doing it!:confused
     
    gbrenham, Aug 24, 2008
    #6
  7. gbrenham

    gbrenham Private E-2

    Dang...again with the Log.txt....seriously...now, here it is!
     

    Attached Files:

    • log.txt
      File size:
      1.9 KB
      Views:
      2
    gbrenham, Aug 24, 2008
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Is SUPERAntiSpyware still detecting the same malware?

    There are no guides written for using UBCD4Win to do this. You should just use the Microsoft document which already exists, and do it their way.
     
    chaslang, Aug 25, 2008
    #8

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds