Jump to content
Flirc Forums

dnalloheoj

Members
  • Posts

    45
  • Joined

  • Last visited

Everything posted by dnalloheoj

  1. I wouldn't say that I've narrowed it down specifically to these two pieces of software, no, but I think whatever both of these programs do, is what the issue is. And my guess is cert related tbh. So the question 'Anyone with issues that DOESNT have this' is an attempt to see what other software pops up, check into how it behaves, and see if we have similar rootkit-type behavior. A Mac reporting in doesn't surprise me one bit, for essentially the same reasons. Macs are going to be locked down a lot further than a Windows PC natively. "Macs don't get viruses" - Yeah, it's because they have their own rootkit(/AVish thing) already installed. BUT, I would still like to see what other processes would be running on a Mac with the issue, because I'm certain you tested on a Mac without issues, given there's software for it. I'm available here pretty much all day with a non-working PC sitting right beside me if you want access to it since I'm on my work PC. At this point, looks like I'll need to reinstall Windows again anyway so you're welcome to break anything you want, basically.
  2. Uninstalled. Still broken. Suspicions all but confirmed here. This thing took about 45 minutes to install, yet the uninstaller removed it in all but <2 minutes? No way. Pop open regedit, CTRL+F "ASUS" keep hitting F3, look at em all. Everywhere. And guess what the very first one that pops up is? AsusCertService. That uninstaller doesn't clean up shit. I really don't know if this is going to be possible without an actual reinstall. That is messy. fucking. software. @jason was half-joking. But seriously. Burn it with fire. E: aaaaand now synology photobackup fucked up my restore point, lmao, darn. E2: Nevermind, synology was just holding it up. Got the restore to go through. Guess what still didn't get removed? Fuckin' Asus' wild regedits. I repeat: Except apparently, you can't. So here's the question - does anyone here, who is having issues, use a computer where ASUS Crate, or Forticlient has NEVER been installed?
  3. Restore completed, reinstalling ASUS was a few clicks away so I let it ride. Broke again: https://imgur.com/a/2L6wpmb (Yeah I know that doesn't actually prove anything, I could just have it unplugged for all you know, but whatever) Now let's see if uninstalling stays broke.
  4. @AeroCluster thanks for testing. Interesting findings here. I'm just finishing up running a System Restore on my computer after installing ASUS Crate Full Installer which indeed did result in my errors re-appearing. I didn't take a bunch of screenshots this time around, but everything I was seeing in event viewer and device manager was pretty similar to when everything was working and I posted snips a couple days back. (I do have an ASUS Motherboard installed on this PC - though none of the software, until now. Model: SABERTOOTH 990FX R3.0 AM3+) Should be noted though, that I installed EVERY component (E: to clarify this - every component, but not every device for each component). There was like what, 100 of them? So.. figuring out which one it is exactly... Yeah sounds "fun". But probably not entirely necessary, seeing as most of them were specific devices IIRC. Testing with Forticlient next assuming this restore finishes up before I have to get to work, usually is only 5-10 minutes, already 5-10 minutes past that though. WFH today though so can monitor throughout the day. What I was kind of afraid of is that the ASUS stuff isn't going to uninstall nicely, same with FortiClient. Uninstalling that, and removing the devices that it added from Device Manager did not clear up my issue, either. Only when I reformatted and reinstalled it did. Lot happens when that occurs though, so not even saying that ASUS is the culprit, despite the timing of it appearing when I installed that. But .. possibly that it's making changes to other system files that don't get neatly reverted upon uninstall. We'll see if I can get it to reappear with Forticlient and continue digging. Edit: Shit, forgot to test the custom apps before restoring. D'oh. Random additional note, my desktop was not yet on 22H2 prior to reformat/reinstall, but is now. That was partly the reason for the reinstall, but prompted by a drive cloning process going wonky. Only adding that to say this isn't specific to 22H2. E2: Not going through the full install on this second PC, but noticing as soon as you start up the installer, it starts registering PIDs to an ASUS service. @jason Curious, and maybe you don't want to share this info for any number of reasons, but roughly how many remotes have been sent out? We've got 5-10 people in here with an issue, but was the first run sent out, idk, 1000 devices? Just trying to get an idea of how wide or narrow the scope of the issue is. Like, if 1000 devices are out there but only the handful of issues are being reported here, and we're all finding a certain ASUS software installed, no, it might not be the actual culprit, but it's definitely a trend. Who knows, maybe it's something with the hardware itself - like I said, I didn't have that software installed prior, but was seeing the issue, and clearly we've all got ASUS components, at the very least. Are we all running ASUS Mobo's? TBD, but we'll see. Just to also clarify for funsies here. Software that's intercepting and issuing out it's own certs is essentially a rootkit. It's taking control over authorization of your computer without your control/consent (I mean, I guess by installing it you consented, but whatever), at the system level.
  5. Neat. "Good" to hear AeroCluster. If nothing else, finding a similarity between two computers that are effected seems like we're moving in the right direction. I'm currently running on the guess that the ASUS Cert Service, and what I still think was my issue, the FortiDeviceGuard from FortiClient, do similar things. I know uninstalling FortiClient didn't remove the FortiDeviceGuard entry in Device Manager and I ended up having to manually uninstall the device from Device Manager. More digging into that, looks like it's very possible that removing it that way wasn't the best idea: https://www.reddit.com/r/fortinet/comments/krpph5/fortideviceguardsys/ - I also installed it using FortiEMS which I'm seeing plenty of other reports about it breaking USB Devices: https://www.reddit.com/r/fortinet/comments/je3gq0/forticlient_ems_blocking_all_usb_devices/ Then, of course, reformat/reinstall removed that. Never reinstalled it (yet). Maybe I'll take a System Restore point and try and install it in the morning, see if I can re-create the issue. If this does end up having something to do with it, who knows how many other applications out there are doing similar things. E: Just further mind-dump. I'm guessing the issue here would be cert related. Asus cert service and FortiDeviceGuard are probably acting as their own root cert authorities, issuing out certs to attached devices. This would make sense in the realm of ASUS as it would be 'authorizing' valid (cert'd) devices to operate at the system level. This would also make sense for FortiDeviceGuard as it would be protecting the system from unauthorized devices. Inverse of Asus, but a similar function, and one that's possibly messing with the Skip. Another wild theory - anyone with issues have Bitlocker enabled / enforced on their PC?
  6. @theboomr Oh for sure, and obviously it's totally up to you. You've got a working PC to config the remote on, so no real need to do anything if you think it'd cause problems. I'm just trying to track down what might be at play for the sake of anyone else running into the same issues you and I have/had.
  7. I'd agree on Everything.exe completely. Like I said, just totally threw it at the wall as it was something I had installed as well. It being portable makes it even less likely than the already near 0% chance. Does your other computer, that the remote works on, have that same ASUS software? With the ASUS stuff, even just for the sake of testing here, download the latest version of ROG from the website - backup your 'config' for your light settings if that's a thing - uninstall ROG - test the skip app, see if it works - install the newest ROG version you downloaded, restore config (If it doesn't automatically). Can't hurt to get it up to date and possibly troubleshoot your issue at the same time. Safe Mode wouldn't exactly be a good test here, neither would Diagnostic Startup, as it very likely will restrict necessary services for the App to run. Also notice from the process list that some of the ASUS stuff is running at a system level - not the user. Things like the Cert Service are very likely to be in play here. I can see that the LED controller stuff doesn't, so that's very likely not the issue, but other parts of that ASUS software are. I would THINK that the ASUS software would let you choose which components to of the package as a whole that you want to install - i.e. only install the fan/lights/etc controllers, but don't install whatever has to do with Certificates. But I don't know if the software allows that or not.
  8. @theboomr If I were to take a wild guess based on your running processes list from a page or two back, it looks like you've got some sort of ASUS software installed. asuscertservice.exe - Personally, I don't like that one bit. ROG software, perhaps? I also see ArmoryCrate on there, so I'm guessing ROG. Get rid of it. At least that's where I'd start, just going off nothing other than that Process List and what you've been describing here. Edit: Just going through the whole list quickly ... it looks pretty clean. I'll just toss Everything.exe out there as another possible culprit. For no other reason being, other than that's a program that I also had installed on my W10 machine when it was having issues, prior to reformatting/reinstalling Windows, and now I don't, and the remote works. I really don't think that would have anything to do with it.. It's just a similarity I see.
  9. Confirming no issues on W10 (Enterprise - but shouldn't matter here) 22H2 once I removed the previous known-broken 5923 or whatever it was and reinstalled the public release. Opening the app with Steam started works, opening steam with the app already open works. Noticed one tiny little blip, maybe .5-1s, when I opened up the App with Steam already opened, but it re-connected straight away and remained connected.
  10. Just tossing my results in here for information's sake:
  11. No problem. If @theboomr wants some help with his stuff and you think it's separate I could set some time away this weekend to hop on his computer remotely if he trusts a random internet stranger. Out for the night and on-site all day tomorrow, but ping me on reddit at the same name or discord dnalloheoj#4449 or whatever, might see it a little quicker if you need anything further, otherwise I'll check back here soon enough. Thanks for the work on this Jason.
  12. https://imgur.com/a/vVEnLrU Multiple copies of the same looking windows to get the whole content of 'Information:' The pictures from event viewer previously are what pop up in View All Events.
  13. Correct - VID_20A0 showing This device is working properly. Edit: Confirmed those same events linked in imgur (from 80EE and 40E8) are essentially the same ones that show up for the relevant 20A0 VID
  14. Here's a couple more pictures from Event Viewer, was able to track down which specific HID-Compliant Vendor Defined device it was popping up as in Devmgmt, grabbed all the different EventID's I found. https://imgur.com/a/jJ398Zp
  15. Apologies for dropping off for a few days, work got busy this week and ended up decided to format and reinstall for a separate reason a couple days ago. Darn Samsung Data Migration. So back in with a fresh W10 Ent install on my PC, testing from the W11 VM shortly. Oddly, seems I can't USB passthrough the Skip any more to the W11 box without it temporarily disconnecting the USB->NVME drive I've got the VM on. Will try rebuilding it quick. Nevermind, rebuilding didn't help. I guess that's just completely broken now. Not sure if related to the recently installed update or either of those demo apps, other USB devices still pass through fine though. Currently got getting much of a response at all in the App, should be on the version from a page or two back. Getting connected via HID though. USB same error as above poster. flirc20230118.log
  16. Edit: Spoke too soon. It was steady for a good 4-5 minutes, but now, same behavior. Fresh install on a VM, W10 Pro 22H2 1905.2006 and can confirm that works as well, similar to the W11 VM, with the non-working W10 Enterprise host. Logs attached from working W10 VM. Re-Uploaded Logs (Zipped as they were 7MB) Hardware on both non-working PCs (W10 Pro and Ent) are Intel and AMD (respectively). 16-32GB RAM. Desktop is a custom build, Laptop is an HP Elitebook Gsomethingoranother. If anyone's willing to pull a list of installed programs using powershell: Get-ItemProperty HKLM:\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | Select-Object DisplayName, DisplayVersion, Publisher, Size, InstallDate | Format-Table -AutoSize or CMD to grab a list of installed updates: wmic qfe list Could start trying to hunt down similarities on effected machines, install a bunch of programs until we find one that starts causing problems. Could be USB controller related and I'm just getting different drivers via passthrough on the VMs. Spitballin'. flirc20230116.zip
  17. At least some of those log entries would've been while the Flirc (receiver) button mapping application was running, most would've been just the Skip App though, but there would've also been reboots in between (Selective startup and Diagnostic startup). Behavior never changed. Just as a completely random one, maybe this rings a bell for someone else, but I previously had FortiClient on my PC while doing some testing for work, which installed a Device (In Device Manager) called 'FortiDeviceGuard' - ever since then I've had a lot of "weirdness" with USB ports. Most notably, it'd hard-crash my PC to a black screen whenever an Xbox controller was plugged in. It's since been removed, but things still act .. funky, sometimes. My other laptop, that is also experiencing this issue, still might have that installed as well. I'll spin up a fresh w10 box in the AM and see if I have any similar results to W11 on a totally clean install. (As an aside, works great on W11! All setup in a manner of minutes just as I wanted it.) Thanks for your efforts on this Jason.
  18. It might contain some extra garbage because of regular crashes (not related to this Windows 'App' in particular), just a heads up. flirc20230116.log
  19. Just for whatever it's worth, spinning up a W11 VM in VirtualBox and using USB passthrough works just fine. Remote stays connected. W10 vHost that experiences the same disconnect issues being discussed. Said W10 machine - not the person you're replying to, but no AV, Defender fully disabled, local admin.
  20. (Skip to the bottom 5-6 lines for the actual issue, the rest of this is just me trying to provide as much info as possible). I have 4 Flircs (3x V1, 1x V2), and 3 Kodi Boxes (2x HTPC, 1x Raspberry Pi), and 4x Comcast Remotes (1x Older Style and 3x of the slightly newer style - one is broken). Recently I had to replace one of the newer style remotes due to physical damage to the older one. Upon pairing the new remote to a Flirc V1, it prompted me to upgrade the firmware so I figured why not. Did that, and tried to setup the new remote to no avail. It looks like the new remote only uses IR for a few functions (When on the 'TV Setting'), because it processes every key as the same key when in the 'Cable' setting, despite looking the exact same as the other remotes of that style that I had. Before noticing that was the issue, I took my Flirc V2 and tried to pair it with the newer style remotes (Not the newly purchased one) to see if it worked, as the other newer style remotes that I had seemed to work OK with the Flirc V2. It was still giving me the same issue with the keypresses, so I figured I'd give it a firmware update and see if that helped at all. Unfortunately it didn't and this was when I started to realize that the newest remote just isn't going to work. So then I went back and tried to re-pair my Flirc V2 to the remote it was previously connected to. That worked just fine, all the buttons registered ok, great. I noticed while doing so there was a fix for the Flirc being unresponsive when waking from sleep, so I figured I'd go back and update all of the other Flircs I have as well (Except one of them, which I still haven't touched as it works flawlessly, no sleep issues, nothin). Now, I've got 3 Flircs (2x V1s and 1x V1) and two different types of Comcast Remotes (1x Older 2x Newer), and the only one that hasn't had the firmware upgraded settings changed on it within the newest software version is the only one that doesn't seem to have some pretty severe delays between keypresses. Whether I'm pressing a button repeatedly, or whether I'm holding 'Down' to scroll through an episode guide, there's a solid ~half a second delay between each time it registers. In the past I could scroll through ~1000 channels in about 20 seconds. Now it takes nearly 3 minutes. I see that the V1 flirc (fw 3.6.0) that I worked on today does still have the Interkey Delay option. When I set this to 6 or 7, it does seem to resolve my issues a bit. Not perfect, but much better than at 0-3. The delay is consistent no matter which remote, or which TV. Edit: After testing a little more, the flirc V1 that I did not touch today is ALSO on 3.6.0, but does not have the delay issues on either HTPC. It is also set to Interkey 7, but even after loading it into the software (No changed settings, mind you) it still works flawlessly. Likewise with the V1 Flirc on fw 3.9.0. Once i changed that interkey delay, things seem to work a little better. Probably about 45seconds to scroll through ~1000 channels (Compared to the ~20s / 3min times previously mentioned). But with the V2 (4.6.3) that's not an option and it's unfortunately become pretty useless for me, as it takes me about 5 minutes from start-up to finally actually finding the channel or TV show due to how slow navigating the menus has become. It should probably also be mentioned that I upgraded the Flirc GUI today from ~v2.x.x to 3.22.4. Essentially any Flirc that I've worked on since making that upgrade, has had the delay issue. Is there any repository of older firmware versions, or older software versions, where one could download a few to try them out? I unfortunately have no recollection of what FW I upgraded the V2 FROM, so I don't know exactly which one I need to request.
×
×
  • Create New...