Virus prevents keyboard from working

[Rebel1]

I had a scary situation where none of the keys worked, including the Del
key so I couldn't enter the Safe Mode. The green lights at the top right
of the keyboard all flashed for a second during boot, so everything was
connected okay.

I ran a quick scan with Malawarebytes, which found nothing. I then
decided to run a full scan, just on the c: drive. It found one threat.
When I removed it, the keyboard resumed working perfectly.

Bottom line: don't rely just on the quick scan.

Even though Malawarebytes reported just a single threat, when I looked
at the details there were 30 items affecting files, folders, registry
keys and registry values.

The names of all 30 items began with PUP.Optional. The rest of the name
was any of the following: Spigot, Spigot.A, SearchProtection.A
1ClickDownload.A, OpenCandy, BabylonToolBar.A, DataMngr.A, and Delta.A

I hope this saves someone some grief, and saves them the expense of a
replacement keyboard when the keyboard isn't really the problem.

I give full credit to a Best Buy Geek who alerted me to possibility of a
virus/malware causing the problem.

R1

 

[Paul]

I had a scary situation where none of the keys worked, including the Del
key so I couldn't enter the Safe Mode. The green lights at the top right
of the keyboard all flashed for a second during boot, so everything was
connected okay.

I ran a quick scan with Malawarebytes, which found nothing. I then
decided to run a full scan, just on the c: drive. It found one threat.
When I removed it, the keyboard resumed working perfectly.

Bottom line: don't rely just on the quick scan.

Even though Malawarebytes reported just a single threat, when I looked
at the details there were 30 items affecting files, folders, registry
keys and registry values.

The names of all 30 items began with PUP.Optional. The rest of the name
was any of the following: Spigot, Spigot.A, SearchProtection.A
1ClickDownload.A, OpenCandy, BabylonToolBar.A, DataMngr.A, and Delta.A

I hope this saves someone some grief, and saves them the expense of a
replacement keyboard when the keyboard isn't really the problem.

I give full credit to a Best Buy Geek who alerted me to possibility of a
virus/malware causing the problem.

R1

There is another way to do this.

People who attempt to fix the optical drive, by looking for
an UpperFilter related to {4d36e965-e325-11ce-bfc1-08002be10318} ...

http://msdn.microsoft.com/en-us/library/windows/hardware/ff553426(v=vs.85).aspx

They instead, attempt to delete every UpperFilter they can find,
like the one associated with a keyboard device {4d36e96b-e325-11ce-bfc1-08002be10318}

In this picture, is shown the "kbdclass" filter driver, which if
removed, causes the keyboard to fail. That's a root cause of
keyboard failure (malware or otherwise). It's possible you
could "put a computer together again", by repairing the associated
registry entry (loading the hive into another computer and
fixing it there, then returning the file to the broken computer).

http://i60.tinypic.com/2j2gqs8.gif

There was even an optional hardware driver update in Windows Update,
which caused massive keyboard failures. It was apparently a TrackPad
filter driver, which the Windows Update logic was causing to be
installed on systems without a TrackPad.

It could be, that an antimalware product, in the process of
cleaning up the computer, deleted the entry necessary for the
keyboard to work.

This can also happen, when your antimalware gets a definitions update,
an important system file becomes a "false positive" and the system
file is quarantined. And the computer can't work without the file.
And then the computer doesn't boot and work properly any more.

The message here, is antimalware can be just as dangerous as malware.

Paul

 

[Rebel1]

There is another way to do this.

People who attempt to fix the optical drive, by looking for
an UpperFilter related to {4d36e965-e325-11ce-bfc1-08002be10318} ...

http://msdn.microsoft.com/en-us/library/windows/hardware/ff553426(v=vs.85).aspx


They instead, attempt to delete every UpperFilter they can find,
like the one associated with a keyboard device
{4d36e96b-e325-11ce-bfc1-08002be10318}

In this picture, is shown the "kbdclass" filter driver, which if
removed, causes the keyboard to fail. That's a root cause of
keyboard failure (malware or otherwise). It's possible you
could "put a computer together again", by repairing the associated
registry entry (loading the hive into another computer and
fixing it there, then returning the file to the broken computer).

http://i60.tinypic.com/2j2gqs8.gif

There was even an optional hardware driver update in Windows Update,
which caused massive keyboard failures. It was apparently a TrackPad
filter driver, which the Windows Update logic was causing to be
installed on systems without a TrackPad.

It could be, that an antimalware product, in the process of
cleaning up the computer, deleted the entry necessary for the
keyboard to work.

This can also happen, when your antimalware gets a definitions update,
an important system file becomes a "false positive" and the system
file is quarantined. And the computer can't work without the file.
And then the computer doesn't boot and work properly any more.

The message here, is antimalware can be just as dangerous as malware.

Paul

Thanks for the info, Paul.

The odd thing is that I thought I specified a full scan of just the C:
drive. But when I looked at the log, it says it also scanned the H:
drive, which is where the bad file was found:

H:\$AVG\System Volume
Information\_restore{D46D064C-3A63-4D09-9CAC-F89E811B5394}\RP20\A0014595.exe
(PUP.Optional.Softonic.A) -> Quarantined and deleted successfully.

So I have to backtrack about what I said about quick vs. full scan. The
full scan scanned additional drive (partition) and that's where the
problem originated.

R1