Jump to content
Flirc Forums

dnalloheoj

Members
  • Posts

    38
  • Joined

  • Last visited

Everything posted by dnalloheoj

  1. So was having issues with my old "broken" VM that I was testing with, so I spun up another brand new one. Fresh W10 Pro 22H2 install. Virtual host is also fairly newly installed (As pictured above). Fresh installs, both work fine. Install ASUS Crate, and ... well actually it still worked just fine. BUT, since my Virtual Machine doesn't actually have any ASUS parts in it (Because duh, virtual), it didn't give me the option to install any of the components that actually fuck around at a system-level. To be clear, my actual computer (the Virtual Host in this scenario) does have ASUS components, and when I previously had done a reinstall, and intentionally broke my computer, that was by installing ASUS Crate along with a butt load of the components that it lets you choose at install (Because I had the parts in my PC). After I installed it, and the components, the remote was no longer working. And then I too tried the ASUS Crate Uninstaller but that didn't solve the issue with the remote. But I think this is key here though. I think when you uninstall ASUS Crate, it's only uninstalling the customer-facing software. It's not getting rid of any of those actual components that allow control over your computer, at a system level. Since I couldn't install those on the VM, I couldn't test that theory. But when I used that uninstaller tool back 4-5 pages ago, and mentioned "do a Ctrl+F in regedit, hit F3 over and over" that's what I was talking about. It left stuff behind that a true "uninstaller" shouldn't. It didn't do crap. Not trying to badmouth anyone's build, the vendor (well okay maybe a little bit, but not the quality of their hardware) or anything like that. Just that, that software injects itself into the system in a way that it's the admin, not you. Rootkit behavior, but not necessarily malicious. It's a hodge-podge of different applications mashed into one that probably requires ridiculous permissions in order to get those things to actually talk to each other somewhat nicely. Go through control panel and uninstall the various parts of it, you see like 6 different looking "uninstallers" - that's not normal behavior. Now, since that wasn't able to work, I reverted my VM to a snapshot I took before I installed ASUS Crate just to get that out of the picture. Installed the second "rootkit" that I believed to be a culprit. FortiClient (Personally invested in this one for work related reasons). Rebooted. Upon reboot, yep. Issues are back. Remote still connects to my PC just fine (vHost), but in the VM it'll either just not really connect, or get the ~1s connected->disconnected behavior. Uninstalled FortiClient, same behavior, still broke. As you can see, fairly clean install, the Skip is 'Attached' to the VM, but FortiClient is there. Otherwise, exact same setup. Onto Bitdefender. Revert snapshot again. Same behavior as FortiClient: I guess the next thing I'd try would be having someone with a broken setup, download VirtualBox, download a Win 10 Pro ISO using the tool here: https://www.microsoft.com/en-us/software-download/windows10 Spin up a VM. Pass-thru the Skip to a fresh install. See what happens. If I'm recalling correctly from my tests back when I had the intentionally broken setup, it should work just fine.
  2. Works fine. And here's every single file I've downloaded on this computer since reinstalling: https://i.imgur.com/5RAiGLM.png - Note: Just 5293 and 0.9.4 (Files from a long time ago = moved from another drive into this folder).
  3. @bantar Do you possibly have OneDrive disabled on your computer in any fashion? Or have you done anything in particular to disable certain built-in Windows features that you recall? I think your issues are more related to a corrupt profile/install or the Windows Store specifically, personally. Basing that off what I was seeing when I was having the same issue, and yep, I had done plenty of fucky "hacks" in the past to do things like disable OneDrive for Business, etc. Could try a wsreset, reinstalling the Store app, re-registering the Store App, clearing Store cache, etc. But why bother when a new profile would do all of that at once. A windows reinstall would likely clear it up, but ideally there's a fix that doesn't require that. Might be worth trying to create a new user account (local admin rights), log out, log in as that user, download the Skip App again, install, see what happens. That said, it very possibly could be BitDefender + ASUS related (I feel like you chimed in that you had that installed? Maybe I'm wrong), and that a simple new profile wouldn't work, as those would likely follow you around since they get installed with SYSTEM permissions. I've had this happen on some fresh installs/profiles/newly created VMs where I've installed 5293, seen that issue, and then downloaded & installed the version from the website. Even though it says 'Do you want to update' when installing the Website version, it stays at 5293, but works just fine afterwards. Though this wasn't necessarily while mine was doing the weird crashing (Or maybe it was doing it then also, that was about a week ago, don't recall exactly). Maybe another thing worth trying. Task manager -> Details tab. Locate asuscertservice.exe -> Right Click -> Open File Location. Right click asuscerservice.exe in the folder that opened up, rename to asuscertservice.exe.old. Reboot. Test Skip App. If it still doesn't work (Or introduces new issues), rename the file back to asuscertservice.exe, reboot again.
  4. Right, I'm not having the issue any longer post reinstall, and Sentry wasn't brought up prior to this page as far as I can tell. Had app logs but not Sentry. Grabbed a vhdx of my broken state but reinstalling again this morning and not planning on putting the ASUS software back on. Expecting everything will work just fine. Edit: Fresh install, works just fine again. Just to clarify, I'm not having any issues at this point that I'm asking for a fix for regarding the new Skip App. I'm just trying to provide whatever extra info could be helpful. If I can manage to reproduce that issue, I'll definitely grab Sentry and collect some logs. Random side question though, and apologies for this being off-topic. Is interkey delay still supposed to be an option in the Advanced settings on the Flirc software? I don't see it in there. Skip is working great with the Flirc (Gen 2), just having the inverse issue of the commonly reported 'repeating keys' thing with my Flirc. Holding down a button won't let it repeat. Have a few spare Gen 1s I could try though.
  5. ^ The KERNELBASE crashes were the same ones that I was getting back on Page 3 for what it's worth. I never really found any fix for that. Just kind of put up with it until I eventually reinstalled Windows because I was still able to test the connectivity somewhat reliably. Chalked it up to my computer having ~5-6 years worth of customizations and likely numerous things I've broken over the years for testing purposes lol. But yeah, it'd occur typically within about 10-15s of opening the App.
  6. Hey my bad. EOD got hectic and pulled into a couple bonus meetings with clients, just finishing up. Were you still waiting for me to try to break it, I guess further? Since it did end up going back to it's broken state, and still sits there. I was thinking I'd take a quick Disk2VHD to preserve the thing it it's current state if that'd be at all helpful. Could ship the thing out to you since my Upload would probably make it take longer than 2 day shipping. Might D2VHD it either way. Or I could jump back on one of the working Flirc local admin accounts I created, try to re-install ASUS again, see what happens. If it breaks, gives us more info, or at least confirms the first time wasn't a one-off, and still have the other spare Local Admin to play around with. Haven't dug into FortiClient yet much further since I have to imagine the amount of people using a Skip 1 on a corp-owned device with FortiClient is gonna be near 0, and not a lot of people that aren't like myself using it just for funsies to see how it interacts with things (Testing phase before our org's stack changes). But most importantly, I typically move in sort of a crescent moon shape? There's a steel pole between my desks that I have to navigate around, so it's not quite a straight line. I could also ship out a spare steel 8' beam if you need one for testing.
  7. Shit, I hadn't considered the chair this entire time. You might be on to something here... But seriously, yep, still on 5276, tasklist attached. About to jump into a meeting here at 1:30-2ish so can't compare for similaraties right this second - but suspect the only differences might be more web browser processes, MSPaint, Notepad. Maybe PowerToys wasn't running on the other profiles? But nothing crazy different. tasklist3.txt
  8. Correction - it's broken. I did nothing, just moved my chair over 4 feet to sit in front of it (since typing up that last message). Disconnected. Unplug/plug back in, 1s connected then DC'd.
  9. I can't break it simply by unplugging/plugging back in, which has allowed me to break it in the past, yes. I can start going wild and installing software in an effort to get it to break again, though, if that's the next goal.
  10. Correct, I did not update. I only hit the update button (On the left prompt - it's not apparent in the picture, as I already clicked it) in order to bring up the prompt (on the right) that I was more used to seeing. I'm still on 5276.
  11. That's the difference I noticed. I clicked on the 'Update' button on the left prompt in order to bring up the right one. But the left prompt was never showing up for me prior. It'd always show the right one straight away. So yeah, could be that I wasn't using that build before, only thing that's been uninstalled on this PC would be the ASUS software, IIRC. Everything else would've just been installed and left to sit. E: Correction - I did uninstall Synology Drive prior to the system restore. But that was uninstalled on a non-working setup, and restored to a non-working setup.
  12. Previously broken profile (Prior to creating two new local admin accounts) works on v5276. Not quite certain which build it was on prior, unfortunately, but I just logged in, opened it up, and it worked. It prompted for the update, but did so in a manner that I've only now seen twice, this time, and just ~10 minutes ago. Previously any prompts for update were from a more Windows-Store style prompt.
  13. 5276 does appear to stay connected - it tries to update right away but just X'ing out clears that. Prior tests on this new profile(s) would have been using whatever build is the one linked on the website. Trying my damndest to do the weirdest possible unplug/plug-in, always goes back to connected. Going to try re-joining domain, see if that "broken" profile works with that build, post-ASUS uninstall.
  14. Resulted in the same behavior with the second new account - 1s-ish of connectivity, then DC'd. Nothing new and fun in Event Viewer. Note, yes an absence of ASUS software, but reg keys are still installed. serviceslist.txt Processlist-Flirc2.txt
  15. @jason Nothing new, no. All event logs are still from 1/18 8:55p-ish. At least for the HID/USB devices. Can't recall exactly what I was doing at that time, but pretty sure I was just waking up from an unintentional nap lol. Maybe the first time I actually plugged it into the computer yesterday?
  16. Certainly possible. And yeah see my edit - I was able to get it to come back after enough plug-cycles. @AeroCluster may be able to confirm for us that before you try ripping ASUS out though, since he already did.
  17. @theboomr Was just removing my PC from the domain, set up a new local admin account so Jason could test from there, and re-installed the Skip App. To my surprise, that worked. Do you or anyone else have time to quick test this? Control Panel -> User Accounts, create a new user, give it Local Administrator rights, logout and login as that user, re-download skip from flirc.tv, test. Edit: Enough unplugging and plugging back in and it looks like it went back to failing after ~<1s every time. But that's interesting. Maybe worth researching.
  18. I wouldn't say that I've narrowed it down specifically to these two pieces of software, no, but I think whatever both of these programs do, is what the issue is. And my guess is cert related tbh. So the question 'Anyone with issues that DOESNT have this' is an attempt to see what other software pops up, check into how it behaves, and see if we have similar rootkit-type behavior. A Mac reporting in doesn't surprise me one bit, for essentially the same reasons. Macs are going to be locked down a lot further than a Windows PC natively. "Macs don't get viruses" - Yeah, it's because they have their own rootkit(/AVish thing) already installed. BUT, I would still like to see what other processes would be running on a Mac with the issue, because I'm certain you tested on a Mac without issues, given there's software for it. I'm available here pretty much all day with a non-working PC sitting right beside me if you want access to it since I'm on my work PC. At this point, looks like I'll need to reinstall Windows again anyway so you're welcome to break anything you want, basically.
  19. Uninstalled. Still broken. Suspicions all but confirmed here. This thing took about 45 minutes to install, yet the uninstaller removed it in all but <2 minutes? No way. Pop open regedit, CTRL+F "ASUS" keep hitting F3, look at em all. Everywhere. And guess what the very first one that pops up is? AsusCertService. That uninstaller doesn't clean up shit. I really don't know if this is going to be possible without an actual reinstall. That is messy. fucking. software. @jason was half-joking. But seriously. Burn it with fire. E: aaaaand now synology photobackup fucked up my restore point, lmao, darn. E2: Nevermind, synology was just holding it up. Got the restore to go through. Guess what still didn't get removed? Fuckin' Asus' wild regedits. I repeat: Except apparently, you can't. So here's the question - does anyone here, who is having issues, use a computer where ASUS Crate, or Forticlient has NEVER been installed?
  20. Restore completed, reinstalling ASUS was a few clicks away so I let it ride. Broke again: https://imgur.com/a/2L6wpmb (Yeah I know that doesn't actually prove anything, I could just have it unplugged for all you know, but whatever) Now let's see if uninstalling stays broke.
  21. @AeroCluster thanks for testing. Interesting findings here. I'm just finishing up running a System Restore on my computer after installing ASUS Crate Full Installer which indeed did result in my errors re-appearing. I didn't take a bunch of screenshots this time around, but everything I was seeing in event viewer and device manager was pretty similar to when everything was working and I posted snips a couple days back. (I do have an ASUS Motherboard installed on this PC - though none of the software, until now. Model: SABERTOOTH 990FX R3.0 AM3+) Should be noted though, that I installed EVERY component (E: to clarify this - every component, but not every device for each component). There was like what, 100 of them? So.. figuring out which one it is exactly... Yeah sounds "fun". But probably not entirely necessary, seeing as most of them were specific devices IIRC. Testing with Forticlient next assuming this restore finishes up before I have to get to work, usually is only 5-10 minutes, already 5-10 minutes past that though. WFH today though so can monitor throughout the day. What I was kind of afraid of is that the ASUS stuff isn't going to uninstall nicely, same with FortiClient. Uninstalling that, and removing the devices that it added from Device Manager did not clear up my issue, either. Only when I reformatted and reinstalled it did. Lot happens when that occurs though, so not even saying that ASUS is the culprit, despite the timing of it appearing when I installed that. But .. possibly that it's making changes to other system files that don't get neatly reverted upon uninstall. We'll see if I can get it to reappear with Forticlient and continue digging. Edit: Shit, forgot to test the custom apps before restoring. D'oh. Random additional note, my desktop was not yet on 22H2 prior to reformat/reinstall, but is now. That was partly the reason for the reinstall, but prompted by a drive cloning process going wonky. Only adding that to say this isn't specific to 22H2. E2: Not going through the full install on this second PC, but noticing as soon as you start up the installer, it starts registering PIDs to an ASUS service. @jason Curious, and maybe you don't want to share this info for any number of reasons, but roughly how many remotes have been sent out? We've got 5-10 people in here with an issue, but was the first run sent out, idk, 1000 devices? Just trying to get an idea of how wide or narrow the scope of the issue is. Like, if 1000 devices are out there but only the handful of issues are being reported here, and we're all finding a certain ASUS software installed, no, it might not be the actual culprit, but it's definitely a trend. Who knows, maybe it's something with the hardware itself - like I said, I didn't have that software installed prior, but was seeing the issue, and clearly we've all got ASUS components, at the very least. Are we all running ASUS Mobo's? TBD, but we'll see. Just to also clarify for funsies here. Software that's intercepting and issuing out it's own certs is essentially a rootkit. It's taking control over authorization of your computer without your control/consent (I mean, I guess by installing it you consented, but whatever), at the system level.
  22. Neat. "Good" to hear AeroCluster. If nothing else, finding a similarity between two computers that are effected seems like we're moving in the right direction. I'm currently running on the guess that the ASUS Cert Service, and what I still think was my issue, the FortiDeviceGuard from FortiClient, do similar things. I know uninstalling FortiClient didn't remove the FortiDeviceGuard entry in Device Manager and I ended up having to manually uninstall the device from Device Manager. More digging into that, looks like it's very possible that removing it that way wasn't the best idea: https://www.reddit.com/r/fortinet/comments/krpph5/fortideviceguardsys/ - I also installed it using FortiEMS which I'm seeing plenty of other reports about it breaking USB Devices: https://www.reddit.com/r/fortinet/comments/je3gq0/forticlient_ems_blocking_all_usb_devices/ Then, of course, reformat/reinstall removed that. Never reinstalled it (yet). Maybe I'll take a System Restore point and try and install it in the morning, see if I can re-create the issue. If this does end up having something to do with it, who knows how many other applications out there are doing similar things. E: Just further mind-dump. I'm guessing the issue here would be cert related. Asus cert service and FortiDeviceGuard are probably acting as their own root cert authorities, issuing out certs to attached devices. This would make sense in the realm of ASUS as it would be 'authorizing' valid (cert'd) devices to operate at the system level. This would also make sense for FortiDeviceGuard as it would be protecting the system from unauthorized devices. Inverse of Asus, but a similar function, and one that's possibly messing with the Skip. Another wild theory - anyone with issues have Bitlocker enabled / enforced on their PC?
  23. @theboomr Oh for sure, and obviously it's totally up to you. You've got a working PC to config the remote on, so no real need to do anything if you think it'd cause problems. I'm just trying to track down what might be at play for the sake of anyone else running into the same issues you and I have/had.
  24. I'd agree on Everything.exe completely. Like I said, just totally threw it at the wall as it was something I had installed as well. It being portable makes it even less likely than the already near 0% chance. Does your other computer, that the remote works on, have that same ASUS software? With the ASUS stuff, even just for the sake of testing here, download the latest version of ROG from the website - backup your 'config' for your light settings if that's a thing - uninstall ROG - test the skip app, see if it works - install the newest ROG version you downloaded, restore config (If it doesn't automatically). Can't hurt to get it up to date and possibly troubleshoot your issue at the same time. Safe Mode wouldn't exactly be a good test here, neither would Diagnostic Startup, as it very likely will restrict necessary services for the App to run. Also notice from the process list that some of the ASUS stuff is running at a system level - not the user. Things like the Cert Service are very likely to be in play here. I can see that the LED controller stuff doesn't, so that's very likely not the issue, but other parts of that ASUS software are. I would THINK that the ASUS software would let you choose which components to of the package as a whole that you want to install - i.e. only install the fan/lights/etc controllers, but don't install whatever has to do with Certificates. But I don't know if the software allows that or not.
×
×
  • Create New...