Coffeehouse Thread

11 posts

Troubleshooting? You don't need that!

Back to Forum: Coffeehouse
  • User profile image
    wastingtime​withforums

    Among the myriad of dropped features to, eh, simplify Win 8:

    http://social.technet.microsoft.com/Forums/en-US/w8itprogeneral/thread/18b53644-6c6b-4d32-820a-53134a0913f3

    The ability to get easier rid of viruses and other nasties catched my attention. Quote:

    MSConfig's Startup tab has been killed and replaced by the Task Manager's Startup tab that doesn't have the 'Location' column which was useful for example to know if the process started from HKCU or HKLM.

    Chkdsk when run at startup does not display any information about file system repairs besides % complete. The screen with scanning and correction details is gone when Chkdsk runs at startup and replaced by just a % complete.

    Memory addresses and other technical information has been removed from the Windows 8 bug check screen (BSOD)

    Device Manager no longer shows Non-Plug and Play Drivers/hidden devices. The "Devmgr_Show_NonPresent_Devices=1' environment variable has no effect.

    Especially the last one is quite servere, so I decided to check it out, and indeed, it's gone. Here's the screenie I made:

     

    No PNP gone!

    No Non-PNP, nada!

    And now a screenshot from Win 7:

    Win 7

    That is what you lose in Win 8. This is quite serious, because malware likes to appear in the list, and a common way to get rid of those is to disable their drivers here:

    http://www.ehow.com/how_6969212_remove-dns-hijack-85_255.html

    DNS Hijack 85.255 is a particular instance of the Trojan DNSChanger family, a dangerous family of hijack Trojans. These Trojan viruses hijack your network connections and change your DNS so that your browser automatically redirects you to dangerous websites. Symptoms of the DNS Hijack 85.255 include constant redirects to MSN or other unrelated websites and blocked access to the msconfig or system restore utilities. Getting rid of a Trojan DNSChanger requires that you delete certain files, remove associated malware and reset your DNS settings.

    How to remove:

    1. Click "Start" and input "Device Manager" into the search bar. Click on "Device Manager" to open Windows device manager.

    2. Click "View" and select "Show hidden devices."

    3. "Scroll to the "Non-Plug and Play Drivers" and expand the selection using the "Plus" sign. Search through the listing of drivers and look for "TDSSserv.sys," "msqpdxser.sys," "seneka" or "seneka.sys." Right-click the drivers and select "Disable.""

    ...

    Get over it, you don't need this anymore! Don't forget, our cloud overlords have decided that you need to put all your documents on plushy cloudy servers anyay. And you can't get malware at all, because all your apps will be Metro as soon as Win 8 is released.

    Problem solved!



  • User profile image
    AndyC

    Chkdsk in Windows 8 works entirely differently, such that you'll probably not be running it long enough to actually read any output. So I'd not be overly worried about that.

    The "technical info" on Bugcheck screens has always been almost entirely pointless, to anyone who has even a hope of making sense of it they're better off attaching the kernel debugger where you can get much richer info. To everyone else it's just scary complicated stuff and they don't know which bits are important enough to describe to anyone they ask for help.

    As to the hidden devices issue, I honestly don't think I've ever even noticed it personally. If I'm cleaning up a machine from a virus infection I'd go straight to the underlying registry entries rather than mess around trying to disable them in Device Manager (something it's much easier for them to counter by re-enabling them before you've done anything else). The inclusion of an anti-malware engine in Windows 8 should also hopefully mean that less people actually get infected from day one, or at least have it auto-cleaned without messing around doing it manually.

    Not everything that gets removed is a bad thing.

  • User profile image
    wastingtime​withforums

    , AndyC wrote

    As to the hidden devices issue, I honestly don't think I've ever even noticed it personally. If I'm cleaning up a machine from a virus infection I'd go straight to the underlying registry entries rather than mess around trying to disable them in Device Manager (something it's much easier for them to counter by re-enabling them before you've done anything else). The inclusion of an anti-malware engine in Windows 8 should also hopefully mean that less people actually get infected from day one, or at least have it auto-cleaned without messing around doing it manually.

    I sort of agree with your other points, I included them for completeness, but the non-pnp devices are very useful. Not only for malware, but to see what applications in general load up. I've just noticed that VMWare Player whopped up five device drivers here. Useful info.

    And as I said it's not only for malware, CD-emulation software is notorious for messing up stuff, this can be usually solved by deactiving its non-pnp driver.

    I see no reason why this had to be removed. It also makes developing certain applications not exactly easier, like AV.

    I am asking you: What good is achieved by removing this feature?

  • User profile image
    GoddersUK

    While I agree that it seems odd to remove some of these features I think that most people that will (should) be messing around in these places will know of other tools to achieve the same end (example: http://technet.microsoft.com/en-us/sysinternals/bb963902).

  • User profile image
    GoddersUK

    , wastingtimewithforums wrote

    And as I said it's not only for malware, CD-emulation software is notorious for messing up stuff, this can be usually solved by deactiving its non-pnp driver.

    I've had to remove at least two dodgy non-pnp drivers from my system in the past two months. One of them was daemon tools related (on my system for a perfectly legitimate reason, I hasten to add). The other was a piece of anti-virus software I'd long since uninstalled  that thought I might appreciate it leaving drivers behind on my system for years...

  • User profile image
    cbae

    , GoddersUK wrote

    While I agree that it seems odd to remove some of these features I think that most people that will (should) be messing around in these places will know of other tools to achieve the same end (example: http://technet.microsoft.com/en-us/sysinternals/bb963902).

    Sysinternals should come with Windows, and you should be able to show/hide the program group like you can with "Administrative Tools".

  • User profile image
    AndyC

    @cbae: I'm not so sure about that. Keeping them seperate means theres a bigger chance of them getting revved more often. And some of those tools can be used for bad as well as good, so I wouldn't really want them lying around on someones machine if they were never likely to use them themselves.

  • User profile image
    Craig_​Matthews

    Disabling the Non-PnP "Beep" device is one of the most often requested changes (by users) in every company I've worked for. Don't ask me why, it just is.

  • User profile image
    wastingtime​withforums

    , GoddersUK wrote

    While I agree that it seems odd to remove some of these features I think that most people that will (should) be messing around in these places will know of other tools to achieve the same end (example: http://technet.microsoft.com/en-us/sysinternals/bb963902).

    Where's the tool for showing the non-pnp devices there?
    Can't find it: http://technet.microsoft.com/en-us/sysinternals/bb545027

    LoadOrder lists all drivers, but you can't deactivate them in it.

  • User profile image
    GoddersUK

    Autoruns does it. Under the "Drivers" tab:

    Generic Forum Image

     

  • User profile image
    wastingtime​withforums

    Ah, thanks.

Comments closed

Comments have been closed since this content was published more than 30 days ago, but if you'd like to continue the conversation, please create a new thread in our Forums, or Contact Us and let us know.