Jump to content
Sign in to follow this  
LIGHTNING UK!

No devices detected

Recommended Posts

Do you get this when you start ImgBurn? If so, you probably have a virus/rootkit on your system that's blocking access to the drives.

 

07_06_2009_20_20_25.png

 

I 20:19:41 ImgBurn Version 2.4.4.7 Beta started!
I 20:19:41 Microsoft Windows XP Professional (5.1, Build 2600 : Service Pack 3)
I 20:19:41 Total Physical Memory: 2,061,420 KB  -  Available: 1,586,340 KB
I 20:19:41 Initialising SPTI...
I 20:19:41 Searching for SCSI / ATAPI devices...
E 20:19:44 CreateFile Failed! - Device: '\\.\CdRom0' (D:)
E 20:19:44 Reason: The maximum number of secrets that may be stored in a single system has been exceeded.
W 20:19:44 Errors were encountered when trying to access a drive.
W 20:19:44 This drive will not be visible in the program.
W 20:19:44 No devices detected!

 

The important thing here is the bit in the log window that says:

 

The maximum number of secrets that may be stored in a single system has been exceeded.

 

If you don't see that line in the log window, you should not be looking at this thread - at least not for troubleshooting your problem anyway!

 

Below are a few of the ways this virus/rootkit can be disabled and removed...

Share this post


Link to post
Share on other sites

Disabling the virus with GMER

 

GMER can be downloaded (for free) from: http://www.gmer.net/

 

Run GMER and it'll perform a quick scan.

 

07_06_2009_20_15_29.png

 

Chances are that it'll detect the rootkit and you'll then see this prompt asking if you want to perform a full scan.

 

07_06_2009_20_16_30.png

 

Click the 'No' button and you should be left with a screen like this - the rootkit will be shown in red.

 

07_06_2009_20_18_18.png

 

Right click the red entry (note the odd and seemingly random file name) and select 'Disable Service' on the content menu.

 

07_06_2009_20_18_45.png

 

Hopefully it'll disable the service ok and you'll get this new prompt telling you to reboot.

 

07_06_2009_20_19_08.png

 

Assuming that's the only red service entry you need to disable, go ahead and reboot.

 

Once the machine is back up and running again, load GMER. You should hopefully see that the red service entries have the word '[DISABLED]' by them in the 'Value' column. That's a good sign!

 

07_06_2009_20_26_34.png

 

Right click them and selete 'Delete Service'.

 

07_06_2009_20_28_10.png

 

Click 'Yes' to confirm that you want to remove the service.

 

07_06_2009_20_28_48.png

 

Click 'Yes' to confirm you know it might cause the system to crash (it won't!)

 

07_06_2009_20_28_33.png

 

That's it, ImgBurn should work fine again :)

 

I would now suggest you run a full scan on every AntiVirus / Anti-Malware program you can lay your hands on to clean up the remains.

Share this post


Link to post
Share on other sites

Removing the virus with avast! AntiVirus

 

avast! Antivirus Home Edition can be downloaded (for free) from: http://www.avast.com/

 

Right click the avast tray icon and select 'Start avast! Antivirus' from the context menu.

 

07_06_2009_21_33_01.png

 

07_06_2009_21_32_44.png

 

Its should then perform a quick scan as it starts up.

 

07_06_2009_21_34_52.png

 

Chances are that it'll then pop up a box similar to that below. Just click the 'Continue' option at this point so it continues with the quick scan.

 

07_06_2009_21_34_17.png

 

When it's finished you should see a message like this:

 

07_06_2009_21_35_19.png

 

Click the 'Yes' button so it restarts and performs a boot time virus scan.

 

The boot time scan should pick up on the bad files and you'll be prompted to delete them by pressing the '1' key.

 

When you've done all that, Windows should boot as normal and ImgBurn should be working again.

 

I would now suggest you run a full scan on every AntiVirus / Anti-Malware program you can lay your hands on to clean up the remains.

Share this post


Link to post
Share on other sites

Disabling the virus with RootRepeal

 

RootRepeal can be downloaded (for free) from: http://rootrepeal.googlepages.com/

 

Run RootRepeal

 

09_06_2009_15_08_40.png

 

You should the see a screen like this:

 

09_06_2009_15_09_18.png

 

Switch to the 'Files' tab and click the 'Scan' button.

 

09_06_2009_16_23_18.png

 

The 'Select Drives' window will then pop up.

 

Select the 'C:\' entry in the list and click the 'OK' button.

 

09_06_2009_15_10_18.png

 

RootRepeal will then scan the selected drive for files... this may take a few minutes so be patient.

 

When it's finished you should see something like this:

 

09_06_2009_15_43_48.png

 

Select the main driver file (this is probably the one in the 'drivers' folder or one with the '.sys' file extension). If you're unsure of which one to select, just ask us for help!

 

Right click the file entry and select 'Wipe File'.

 

09_06_2009_15_44_10.png

 

When prompted, confirm you want to wipe the file by clicking the 'Yes' button.

 

09_06_2009_16_24_41.png

 

Hopefully it'll be able to wipe it ok and then you'll see the 'Success' message.

 

09_06_2009_16_24_53.png

 

Click the 'OK' button and then reboot your machine quickly.

 

That's it, the virus should now be disabled (well, the main part that 'hides' everything else anyway). Now you need to actually clean it off your system!

 

I would now suggest you run a full scan on every AntiVirus / Anti-Malware program you can lay your hands on to clean up the remains.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×

Important Information

By using this site, you agree to our Terms of Use.