Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Keyboard Virus


  • Please log in to reply
7 replies to this topic

#1 kodak375

kodak375

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:42 PM

Posted 18 October 2012 - 04:54 PM

Several weeks ago my XP Pro PC contracted a Google Chrome redirect virus. While browsing I selected "enable pop-ups this time" before I realized that I had been redirected. Immediately Avast (free version) began alerting me that "A threat has been detected." There were typically 5-6 alerts one right after the other. After about 20-60 seconds it would repeat. After about 1 hour no further alerts would occur. After rebooting the alert sequence would start again. I do not remember the details but some of the alerts contained URLs containing the words "credit", "bank" and other terms that implied that a keyboard logger might be running.

I ran Malwarebytes from both a normal boot and also in safe mode. It found an infection and I selected "delete" but the problem persisted.

I then did a disk restore (sector restore) from an Acronis Home 2011 backup set. This backup set was made 1-1/2 years ago when there was no indication of virus activity so I believe that it is (was) a clean backup set. After installing and configuring items that had been installed after the backup set was made all appeared to be working without problems. After 1-2 days I noticed that the "T" key was not working. After rebooting the "T" worked again but another key was not working. Now there is almost always at least one key that does not work even after rebooting.

I have numerous applications installed so formatting and installing from scratch is a prolonged process (2-3 days) but I am willing to do that if that is the best recovery method.

Questions:
1 Since after recovering the backup set failed is it possible that a virus is in the boot sectors or another location?
2 Will reformatting resolve this issue?
3 Should I reformat then restore the backup set?
4 Will antivirus/malware programs clear this problem easier? If so, how?

Than you in advance for your help.

Edited by hamluis, 18 October 2012 - 05:16 PM.
Moved from XP to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 David D

David D

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:42 PM

Posted 18 October 2012 - 05:26 PM

Since you restored your computer, I would try a different keyboard first. If that does not help, then run some scans to see if you find a virus or malware.

#3 kodak375

kodak375
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:42 PM

Posted 18 October 2012 - 06:10 PM

This is a 1-month old keyboard and the bad keys tend to move around so I thought it unlikely to be a hardware error. But I will try another just to be sure and report back with the results.

#4 kodak375

kodak375
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:42 PM

Posted 20 October 2012 - 12:05 PM

Well - good news and bad news. The good news is that I have not had any keyboard errors since my last post (original keyboard). The bad news is that I have no idea what happened and whether the problem has gone away or is just dormant.

Are there any tools available that can check for keyboard/key logger viruses?

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:42 PM

Posted 20 October 2012 - 09:17 PM

You can run SFC to check for file damage.

Please run SFC (System File Checker)
Please run System File Checker sfc /scannow... For more information on this tool see How To Use Sfc.exe To Repair System Files

NOTE for Vista/WIN 7 users..The command needs to be run from an Elevated Command Prompt.Click Start, type cmd into the Start/Search box,
right-click cmd.exe in the list above and select 'Run as Administrator'


You will need your operating system CD handy.

Open Windows Task Manager....by pressing CTRL+SHIFT+ESC

Then click File.. then New Task(Run)

In the box that opens type sfc /scannow ......There is a space between c and /

Click OK
Let it run and insert the CD when asked.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 kodak375

kodak375
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:42 PM

Posted 24 November 2012 - 12:11 PM

I replaced the CMOS battery because experience has shown that a weak battery can cause strange problems. All the keys worked for 2 days (not abnormal) but then failed again today. I ran System File Checker and there were no messages when it completed. I assume this means that it found no errors. Also replaced the new keyboard with a 2nd new keyboard (different manufacturer) but still have the bad key problem where 1 or more keys do not work. It is seldom the same key and rebooting usually fixes it.

Repeating the questions from my first post:
1 Since after recovering the Acronis backup set failed is it possible that a virus is in the boot sectors?
2 Will reformatting resolve this issue?
3 Should I reformat then restore the backup set?
4 Will antivirus/malware programs clear this problem easier? If so, how?
5 What else can I try?

#7 TwinHeadedEagle

TwinHeadedEagle

  • Security Colleague
  • 350 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:09:42 PM

Posted 24 November 2012 - 12:29 PM

What type of connections these keyboards have? PS/2 or USB. Did you tried both of them?

1. It is possible, but this could also be the hardware problem

2. If it's hardware problem, it possibly won't

3. Why don't you try?

4. You should google, there are a plenty materials how to clean possibly infected system, for example this --> http://www.techsupportalert.com/content/how-clean-infected-computer.htm

Or, ask help here at Malware Removal subforum

5. Try above suggestions first...

#8 kodak375

kodak375
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:42 PM

Posted 26 November 2012 - 11:54 AM

I have tried wired USB, wireless USB and PS/2 keyboards and all exhibit the same problem. So this is not a USB problem, not a PS/2 input problem. I am not sure where the common hardware point is between the two. Is there a chip that processes the keyboard or is it done in the MCU? Still have questions about a boot sector problem.




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users