Randomly generating characters turned out not to be a virus

Thomas Zucker-ScharffSenior Data Analyst
CERTIFIED EXPERT
Veteran in computer systems, malware removal and ransomware topics.  I have been working in the field since 1985.
Published:
It started not too long ago. It was at first annoying. My keystrokes seemed to be randomly generated, not the ones I typed on the keyboard. For some reason this only happened in certain applications (especially browsers such as IE11, Firefox and Chrome), but not in others and in some applications only when I typed too quickly. What was, I thought, the oddest part of the whole thing was that the characters were random, in that if I held down a key it would generate a succession of characters, all different, one of which would eventually be itself. Odd....

I was immediately suspicious. Could this be malware of some type? Maybe a keylogger? I am fairly strict when it comes to my production machine and what I allow on it. I have multilayered security installed and several protection apps that work together to protect me from all kinds of malware. So what was happening? I scanned with everything under the sun.
 
  1. Malwarebytes Pro (with rootkit detection on)
  2. Chameleon
  3. Superantispyware
  4. SpyDLLRemover/SpyBHORemover
  5. Antirootkit software 
    1. F-secure
    2. Sophos
    3. Panda (pavark)
    4. RootkitRevealer
And those were just the first 2 days. All my scans found absolutely nothing. I was frustrated and a little embarrassed that this had happened to me even though I had taken all the possible precautions (except those that involve running your system in a virtual environment, for which I don't have the resources to do all the time). I tested for traffic going both ways, but there was none and this happened even when my machine was disconnected from the internet entirely. I rebooted several times (I rarley reboot, so I thought this might help), to no avail. 

I made do with using another machine for a short time, but was not happy I could not solve my own problem. I started searching EE for an answer. It may be here somewhere, but I couldn't find it. So I started searching the Internet using google.com (googling). I eventually found an answer.

The Answer:

I thought this would be something complicated involving malware and a reformat of my computer, but it was far from that (although I may do the reformat anyway). In my searches I found the answer to be a simple set of keypresses. When I pressed Num Lock and Scroll Lock at the same time my keyboard stopped generating random characters and went back to outputting the characters I typed!

I would link to the page where I found the answer, but I can't find it again.
7
3,524 Views
Thomas Zucker-ScharffSenior Data Analyst
CERTIFIED EXPERT
Veteran in computer systems, malware removal and ransomware topics.  I have been working in the field since 1985.

Comments (28)

CERTIFIED EXPERT

Commented:
Time to reformat and change all passwords used from that machine and do a credit check as well.
Thomas Zucker-ScharffSenior Data Analyst
CERTIFIED EXPERT

Author

Commented:
I disagree.  As I said it was actually my own security software,  hitmanpro.alert from surfright, that caused the problem. The support people from surfright have already contacted me.
CERTIFIED EXPERT

Commented:
Oh. I see. I didn't know what hitman pro was.  Oh well. guess you've solved it.  Good luck.
Thomas Zucker-ScharffSenior Data Analyst
CERTIFIED EXPERT

Author

Commented:
Thanks. Hope it is solved.
Thomas Zucker-ScharffSenior Data Analyst
CERTIFIED EXPERT

Author

Commented:
SOLUTION!! (when I first typed that it was totally unreadable)

It turns out that one of my security applications, HitmanPro.Alert, has a setting that is called Keystroke Encryption.  It is to protect you from keyloggers. When it is turned off my typing looks like this, but when I turn it on my typing looks like this: ywsrc2utfsbqi8d4mj62a2hsm5 (I typed "my typing looks like this ").  So if you run into this - check to make sure it isn't this app (now owned by Sophos, not Surfright, and called HitmanPro.Alert/cryptoguard/InteruptX)

View More

Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.