Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How to (forcibly) uninstall broken drivers if XP won't let you?


  • Please log in to reply
3 replies to this topic

#1 Frank van Wensveen

Frank van Wensveen

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 14 May 2010 - 06:12 AM

Hi, everyone,

My client has installed Security Essentials 2010, which is a known fake "security" package that aims to scare you into paying 50 bucks to buy a "removal" program you don't need, and surrender your credit card details in the process. Google led me to the excellent BleepingComputer removal instructions at http://www.bleepingcomputer.com/virus-remo...essentials-2010 which I followed to the letter and which led to a successful removal of said scareware. (Kudos to BleepingComputer for that excellent article!)

Unfortunately there turns out to be a lot of collateral damage. Some would have be caused by the Trojan itself (blowing away system restore points and thereby preventing a roll-back) and disabling the recycle bin which prevents the undeleting of files). Other problems seem to be side-effects of the removal of the infection, the most important of which is that networking is totally broken.

All network devices in the Hardware Manager sport the dreaded yellow exclamation mark. Uninstalling the hardware device drivers for the wired and wireless networking adaptor (followed by subsequent discovery of the NICs as a new device and re-installing the driver) solves nothing. Extensive Google raids and the reading of many forum posts suggesting that I use Combofix (which I did) revealed that ndis.sys had disappeared. Re-installing a fresh ndis.sys from the XP install CD followed by a reboot resulted in a BSOD, and a cold reboot less than 2/10th of a second later, so that it's even impossible to read the BSOD text. Replacing ndis.sys with various other versions that were kicking around in the various install directories in C:\windows exhibited the same symptom. Obviously there's more wrong than just a missing ndis.sys.

The heart of the problem seems to be that either various drivers (or other networking subsystem components) have been broken or gone MIA as a side effect of the infection removal, to the point where it becomes impossible to uninstall them using regular methods. The Network Connections window in the control panel is empty, too. That means that the problem is compounded by the presence of a Novell Netware client (!) that can only be uninstalled from the Network Connections window, where it no longer appears, yet it is still very much alive and kicking. (Yes - the client has a Novell Netware 4.02 server in production. This is Africa - deal with it... )

So. I need a way to forcibly remove all broken networking components. Fire, sword, bulldozer, dynamite - whatever. Any suggestions would be greatly appreciated. This job has become a major headache... and for various reasons a re-install of XP will be an even greater pain in the interface layer between yours truly and his chair.

Could anyone point me in the right direction? Thanks!!!!

// Frank (now going to take some more aspirin)

BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 55,261 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:09:20 AM

Posted 14 May 2010 - 06:20 AM

The fact that malware has been removed...may be compounded by the fact that key system files are now damaged.

I would attempt a repair install of XP.

How to Perform a Windows XP Repair Install - http://www.michaelstevenstech.com/XPrepairinstall.htm

If you truly believe that drivers are your only problem...you might look at Remove Unused Drivers and Devices - http://www.windowsnetworking.com/kbase/Win...andDevices.html.

Louis

Edited by hamluis, 14 May 2010 - 10:19 AM.


#3 Frank van Wensveen

Frank van Wensveen
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 14 May 2010 - 07:09 AM

The fact that malware has been removed...may be compounded by the fact that key system files are now damaged.

It's fairly obvious that I'm looking at damage done in the process of removing the malware. Maybe the malware has corrupted parts of the networking subsystem as part of its function to intercept network I/O (not unusual) and removing the malware does not mean that you're now left with a pristine networking subsystem. Yesterday I read in a forum somewhere that it's much like a big cancer operation: when it's over the tumor is gone, but so is your leg... :-(

If you truly believe that drivers are your only problem...

Well, I don't know that.. I do know that ndis.sys had disappeared, but obviously there's more going on here. Unfortunately Windows subsystems are much like a safe locked from the inside, and now the lock is broken...

you might look at Remove Unused Drivers and Devices - http://www.windowsnetworking.com/kbase/Win...andDevices.html.

Already did that - no effect.

Thanks for the suggestions anyway!

// Frank

#4 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:02:20 PM

Posted 14 May 2010 - 11:58 AM

You can try this: http://www.guru3d.com/category/driversweeper/ it is a good way to remove stubborn drivers.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users