I *really* don't know what's going on - hence this message

[britechguy]

I have a "sudden incident" on my primary laptop that is unlike anything I've ever experienced. I'll preface this with:

1. I have not clicked through on any strange links.
2. I have had no strange, unaccounted for pop-ups.
3. The only thing "unusual" I did this evening was to connect an external USB number pad to test it out. No software or drivers involved.

As I was tooling along, as per usual, suddenly UAC started asking, repeatedly, whether I wanted to allow Brave to make changes to my machine. Initially I though I'd accidentally triggered something, but it became quickly apparent this wasn't the case. When I went to start MS-Word UAC threw the same behavior.

So, I thought, let's do a hard shutdown with the power button and see if things return to normal when I reboot. They didn't.

Then, I thought, this has to be an exotic infection of some kind, so I'll trigger an offline Windows Defender scan. It found nothing.

Everything is still hosed, with myriad oddities. One thing I noticed is that when the Win10 lock screen comes up it does not ever do the bits of white text asking, "Do you like what you see?" at the upper right, the location and temperature on the lower left, etc. This always pops up if I let the machine wait a few seconds after it initially shows, but it's not doing it now.

I take regular full system image backups, so I can recover using one. But I am wondering if the symptoms ring any sort of bell for anyone. I really don't believe that my almost brand new Crucial SSD could be crashing and burning this quickly, but maybe it is.

If any of this seems familiar to anyone, and you've got some theory as to root cause, I'd love to hear it. I'd also love to know if recovering the system from my most recent backup will rectify things (I'll try that, anyway, just to see, but . . .)

It's handy to have a backup machine that, while not exactly the same environment as the primary, is close enough to make it an easy switch in a pinch like this one.

 

[Porthos]

repeatedly, whether I wanted to allow Brave to make changes to my machine.

Is it possible Brave was doing an update?

 

[britechguy]

No, not after I started seeing every program, including MS-Word, throw the same UAC warning.

I have uninstalled Brave, and reinstalled it, and I'm now typing from the primary machine and so far everything seems to be OK.

Before, even Vivaldi was misbehaving in a weird way when it came up, with a little "candy stripe" square appearing around the tab one was trying to make active.

I'm firing up all my other browsers now and they all seem to be back to normal. MS-Word is now coming up normally, too.

It's taken multiple reboot cycles and uninstalling and reinstalling Brave to get here. I'm actually afraid to try that external number pad again (I know, it's irrational). I tell people frequently that there are weird things like this that happen that you'll never know the root cause of. But it's generally not quite this weird!

 

[GTP]

Before you start the mental torture....
Dism? or SFC scan to correct any corruption?
Uninstall/reinstall Brave?
System restore?

 

[britechguy]

SFC and DISM clean as a whistle.

Had already done the Brave uninstall/reinstall, which seems to have fixed things. If this holds, I'll be very happy.

System restore would also be an option. My experience with it is that when it works, it's great, but it fails as often as it works. I keep System Protection turned on, but definitely don't rely on it.

 

[GTP]

Had already done the Brave uninstall/reinstall, which seems to have fixed things. If this holds, I'll be very happy.

System restore would also be an option. My experience with it is that when it works, it's great, but it fails as often as it works. I keep System Protection turned on, but definitely don't rely on it.

I've had good results with System Restore the few times I've used it.
It's worked well at times as a "quick and dirty" way of getting a non boot PC to come up so I can diagnose it.

One of the first things I do on client machines is delete all restore points and create a new restore point after I do an image and before any "work" is commenced - especially if the computer has any infections.
After I've done what I need to do I reboot a couple of times then delete the first created restore point.
I then create a new one with current date and time.

 

[trevm999]

It kind of sounds like a registry entry or file/folder had got it's permissions corrupted and programs were trying to elevate in order to read it. Process Monitor would have been your friend here.

 

[nlinecomputers]

It kind of sounds like a registry entry or file/folder had got it's permissions corrupted and programs were trying to elevate in order to read it. Process Monitor would have been your friend here.

This. Brave or it's data folders didn't have your user or system with the proper permissions, no write rights for example.

 

[Markverhyden]

Did you fire up event viewer to see what it was saying?

 

[Markverhyden]

System restore would also be an option. My experience with it is that when it works, it's great, but it fails as often as it works. I keep System Protection turned on, but definitely don't rely on it.

I only try system restore if something has totally failed and I can't get it back any other way. My experience is similar to yours, it's great when it works but most of the time it doesn't fix the problem.

 

[britechguy]

Did you fire up event viewer to see what it was saying?

No. I literally posted here before doing almost anything, given how strange this event was.

In all my years dealing with every version of Windows that's existed I've never suddenly had all programs causing UAC to fire up asking if I wanted to allow them to make changes to the computer, and trying to get out of those "loops" becoming next to impossible. It was, without doubt, one of the two strangest things I've ever encountered, the other being wild misbehavior of a keyboard not due to a hardware issue, but because something had become corrupted in the mini-hibernation file used for Fast Startup. That's why I never keep Fast Startup enabled on any machine for which I'm responsible.

 

[Philippe]

I'm seeing a lot of profile corruption lately. When these happen Windows use a temporarily non-admin profile so a lot of UAC & settings are removed at every startup...

 

[britechguy]

Well, it would be nice if you were given warning, any warning.

I have been seeing profile errors from Edge Dev, but that seemed to be specific to Edge Dev.

And if I had a profile error, which is entirely possible, it occurred "at random" long after I'd logged in to the machine. I typically keep my computer up and running for days to weeks at a time (which was not really possible with earlier versions of Windows like it is with Windows 10). The misbehaviors just appeared, out of nowhere, with no indication of what had gone wrong.

 

[GTP]

I have uninstalled Brave, and reinstalled it,......

May I ask why you use Brave? What do you like/dislike about it?
I tried it but the "rewards" part of it had me sweating.

Thank you

 

[britechguy]

I like both Brave and Vivaldi for their privacy focus and built-in ad blocking.

As to Brave Rewards, they're entirely optional, and I never elected to participate.

There's been tons of cyber ink spilled regarding Brave, they have a very good reputation and long track record, and it would be directly against their interests based on the market segment they've occupied to engage in any "funny business."

 

[GTP]

I like both Brave and Vivaldi for their privacy focus and built-in ad blocking.

As to Brave Rewards, they're entirely optional, and I never elected to participate.

There's been tons of cyber ink spilled regarding Brave, they have a very good reputation and long track record, and it would be directly against their interests based on the market segment they've occupied to engage in any "funny business."

Thanks for that.
Privacy is the reason I prefer to use Opera. Built in VPN, ad blocking, custom hosts lists etc. I have used it for many years now.
Opera has its detractors but I havent had any issues yet.

 

[britechguy]

Opera has its detractors but I havent had any issues yet.

Replace "Opera" with any other web browser (or piece of software, or even just product) and your statement remains true.

I used Opera quite a while back and actually liked it, as well as having given Opera Mail (which I think has been discontinued) a spin as a potential client to use with my blind and visually-impaired clients, but they had not written accessible code (their bad). I had nothing against the browser, I just wasn't as concerned about privacy (and I should have been) at the time.

But I guess by some metrics I'm still not "concerned enough" about privacy because I think the VPN craze is just that - a craze. They have their place, but I feel no need of one for casual web browsing and emailing like I do all the time at home.

 

[GTP]

Interesting discussion by Steve Gibson on his latest podcast (Ep #807) regarding "a clever new means of web browser identification and tracking and at a little mistake the Brave browser made that had big effect.."

Worth a listen imo.

 

[nlinecomputers]

TLL

Can you give a quick synopsis. Not listing to his diatribe for 2 hours for one browser issue comment.

 

[GTP]

TLL

....for one browser issue comment.

A lot more than "one browser issue comment."

He also discusses "Solorigate" and Microsofts actions in respect thereof as well as other topics. So the podcast is well worth a listen.
But a "quick synopsis" is:

He discusses "browser tracking" and what the large advertising networks (Google etc) are doing to track our behaviour and how valuable the collected information is.
"a group of researchers from the University of Illinois at Chicago will be presenting this week their paper on the use of
favicons for tracking"

Quoted from the .pdf of the podcast..

"But I mentioned that the Brave browser has just fixed a privacy mistake. It was kind of
bad. And I'm a little annoyed with them. So the privacy mistake was that the Brave
browser was sending DNS lookup queries for .onion domains - in other words, domains
that are supposed to be hidden, right, by Tor - out onto the public Internet, rather than
routing them through Tor nodes. This, of course, exposes users' visits to dark websites.
The mistake was fixed in a hot fix release of Brave 1.20.108 which was made available
last Friday. So anyone who is depending upon Brave's otherwise nifty built-in what they
call the "private window with Tor" feature for safer TOR-based anonymity will want to be
sure to be running the 1.20.108 or later release."

There is much more so do yourself a favour (or not) and read the full discussion.
From the last paragraph of page 4 to page 9.