D7 v4.8.1 & Missing Non-Plug and Play Drivers in Device Manager

November 10, 2011 Posted by Nick d7x (PC Technician Software), Tech (for IT Pros) No Comments

First, I hope you know that D7 has ALWAYS done the set devmgr_show_nonpresent_devices=1 environment variable bit before launching Computer Management in the Windows tab, so you can simply select Show Hidden Devices in the Device Manager and see actual missing devices and the Non-Plug and Play Devices category.

That feature is a given, and has been around since long before D7 went public.

The Missing Non-Plug and Play category in Device Manager:

However, I noticed a few weeks ago that my feature appeared to quit working on this particular system; I was doing a malware removal and was almost finished, just wanted to clean up and remove the file system driver it installs.

So I investigated, setting the environment variable manually and starting Device Manager – still no Non-Plug and Play category. That is when I realized that the environment variable WAS in fact working, and I *could* see missing devices in Device Manager (that I wouldn’t otherwise be able to see without the environment variable set), but it was just that I still couldn’t see the Non-Plug and Play category! Well I ended up finding the file system driver I wanted to remove in the EnumRoot section of D7’s Malware Scan, and moved on.

Since that time, I’ve run across a dozen more systems that will not show the Non-Plug and Play category.

It appears that newer malware (e.g. Zero Access rootkit) is now hiding the “Non-Plug and Play Drivers” category in Device Manager in an attempt to prevent removal, as it has a file system driver under a random name installed in there to allow the malware to access its own proprietary file system.

It accomplishes this by deleting this registry key:

HKLMSYSTEMCurrentControlSetControlClass{8ECC055D-047F-11D1-A537-0000F8753ED1}

…and with it a number of values that determine the behavior of how the category is displayed in Device Manager.

D7 v4.8.1 addresses this in three ways.

It automatically rewrites the key and all required registry values when you do one of the following:

When you run the Fix for it on the Repair tab > Misc section.
When you run “Repair Lots of Stuff” on the Malware tab.
Or simply when you launch “Computer Management” from the Windows menu in D7

So if you’re working on a system and you can’t see the NPNP device category even when you manually run set devmgr_show_nonpresent_devices=1 and you get nothing for your troubles… then D7 has your fix.

As usual, the fix has been tested and is known to work on Windows XP and Windows 7 (I don’t generally test on Vista.)

No Comments

About Nick

Founder and Developer - After over a dozen years "in the trenches" as a computer repair technician specializing in malware removal, I came to focus on a software development hobby. Initially I created tools to assist technicians like myself with the inefficient, repetitive, and mundane tasks PC techs face daily, in order to provide a far more efficient means of getting the job done. Later came an interest in using my development skills and tech experience for prevention of malware...

D7 v4.8.1 & Missing Non-Plug and Play Drivers in Device Manager

About Nick

Leave a ReplyCancel reply

Latest News

Subscribe to Blog via Email

Brian Agland

Julian from JustInpired

Stevo

Steve Reeder

Douglas Bradshaw, December 12th 2016 (d7II Subscriber since Q1 2015)