<

Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x

Randomly generating characters turned out not to be a virus

Published on
5,911 Points
2,211 Views
7 Endorsements
Last Modified:
Thomas Zucker-Scharff
Veteran in computer systems, malware removal and ransomware topics.  I have been working in the field since 1985.
It started not too long ago. It was at first annoying. My keystrokes seemed to be randomly generated, not the ones I typed on the keyboard. For some reason this only happened in certain applications (especially browsers such as IE11, Firefox and Chrome), but not in others and in some applications only when I typed too quickly. What was, I thought, the oddest part of the whole thing was that the characters were random, in that if I held down a key it would generate a succession of characters, all different, one of which would eventually be itself. Odd....

I was immediately suspicious. Could this be malware of some type? Maybe a keylogger? I am fairly strict when it comes to my production machine and what I allow on it. I have multilayered security installed and several protection apps that work together to protect me from all kinds of malware. So what was happening? I scanned with everything under the sun.
 
  1. Malwarebytes Pro (with rootkit detection on)
  2. Chameleon
  3. Superantispyware
  4. SpyDLLRemover/SpyBHORemover
  5. Antirootkit software 
    1. F-secure
    2. Sophos
    3. Panda (pavark)
    4. RootkitRevealer
And those were just the first 2 days. All my scans found absolutely nothing. I was frustrated and a little embarrassed that this had happened to me even though I had taken all the possible precautions (except those that involve running your system in a virtual environment, for which I don't have the resources to do all the time). I tested for traffic going both ways, but there was none and this happened even when my machine was disconnected from the internet entirely. I rebooted several times (I rarley reboot, so I thought this might help), to no avail. 

I made do with using another machine for a short time, but was not happy I could not solve my own problem. I started searching EE for an answer. It may be here somewhere, but I couldn't find it. So I started searching the Internet using google.com (googling). I eventually found an answer.

The Answer:

I thought this would be something complicated involving malware and a reformat of my computer, but it was far from that (although I may do the reformat anyway). In my searches I found the answer to be a simple set of keypresses. When I pressed Num Lock and Scroll Lock at the same time my keyboard stopped generating random characters and went back to outputting the characters I typed!

I would link to the page where I found the answer, but I can't find it again.
7
Comment
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 15
  • 10
  • 2
  • +1
28 Comments
 
LVL 9

Expert Comment

by:Rob_Jeffrey
You've written a fantastic cliff-hanger!


WHAT WAS IT?!?!?!??!?!?!
0
 
LVL 30

Author Comment

by:Thomas Zucker-Scharff
Um, the Scroll lock/Number lock combination.
0
 
LVL 9

Expert Comment

by:Rob_Jeffrey
Yes, but was that a function of the BIOS, operating system or an installed application?  

What was it programmed for?  Why would anyone make a feature that when those buttons were pressed it would produce random characters but in only a select few applications?
0
Are You Ready for GDPR?

With the GDPR deadline set for May 25, 2018, many organizations are ill-prepared due to uncertainty about the criteria for compliance. According to a recent WatchGuard survey, a staggering 37% of respondents don't even know if their organization needs to comply with GDPR. Do you?

 
LVL 30

Author Comment

by:Thomas Zucker-Scharff
One word answer - Dell.  I can't reproduce it, so I don't know the exact sequence that started this.  I only know that the Num Lock/Scroll Lock combo solved it.
0
 
LVL 30

Expert Comment

by:Olaf Doschke
Great Story, made my day.

NUM LOCK on some notebook keyboards without a separate num block sets some keys as number keys. If that's the case it's not random, but meant this way. Wikipeadia also has much to say about SCROLL LOCK behaviour.

Do you by chance use an editor allowing multiple text cursors, eg phpStorm?

Bye, Olaf.
0
 
LVL 30

Author Comment

by:Thomas Zucker-Scharff
It was on my desktop.  I don't think I use such an editor, would SciTE count?
0
 
LVL 25

Expert Comment

by:SStory
Anytime I have any keyboard related issues, I beat the keyboard well. ;) And blow it out with compressed air. If that doesn't work I trash it for another one--assuming that solves the problem.  I appreciate the trouble you went to, however. Have been there with different situations and felt the same.
0
 
LVL 30

Author Comment

by:Thomas Zucker-Scharff
I have plenty of other keyboards, but assumed, maybe wrongly, that it was a software issue.
0
 
LVL 25

Expert Comment

by:SStory
Yeah. It happens to the best of us.
0
 
LVL 30

Author Comment

by:Thomas Zucker-Scharff
The key remapping just happened again.  Very weird.  it only happens in IE and Firefox so far.  Chrome and Opera work fine as do all the applications on my computer.  I am going to first run them in safemode and if that doesn't work I'll uninstall and reinstall both of these browsers to see what happens.
0
 
LVL 25

Expert Comment

by:SStory
Well, you might have a browser helper object or activeX control or other hijacking that could be responsible for that.  There could be a keylogger gone mad I suppose. Or it could be a BIOS problem, but that should not be limited to just a few applications if it were.
0
 
LVL 30

Author Comment

by:Thomas Zucker-Scharff
I'm looking into it. Thanks.
0
 
LVL 25

Expert Comment

by:SStory
Do you have any helper objects or plugins that are only installed in IE/Firefox? If so they may be responsible.
0
 
LVL 30

Author Comment

by:Thomas Zucker-Scharff
tried launching in safemode and uninstalling and reinstalling - no luck.  Interestingly enough a save dialogue that launches from FF exhibits the same behavior, while the same save dialogue launched from Opera or Chrome does NOT exhibit this behavior.  I may just roll back the machine, but that won't help me find the problem.
0
 
LVL 25

Expert Comment

by:SStory
Hmm. Well the other options:
1.) Someone has full control of your computer and is messing with you.
2.) Your keyboard could be bad (try another one)
3.) Bios or other hardware issue, yet strange it only shows up some times.
0
 
LVL 30

Author Comment

by:Thomas Zucker-Scharff
1 - would be odd, but doesn't make sense for only some browsers and the dialogues they generate
2 - tried already
3 - haven't even tried, mostly because I agree it would be strange that it occurs in only some apps.

UPDATE: I discovered today that until I rebooted my computer system restore was not working properly or at all.  Once I rebooted it has restore points listed to the middle of yesterday.  

previous versions is working fine though.  Another thing - Links from outlook no longer open in my browser, they say they need a program associated with them. I'm about to reformat this baby, as much as I don't want to - it is my main production machine.
0
 
LVL 25

Expert Comment

by:SStory
That almost sounds like a browser hijacking of some sort. Like something is in the middle between your browser and the OS or replaced some needed file. I would do system restore back a few months or longer and evaluate. If that didn't work I'd do a complete format and reinstall.  Imaging the machine in a pristine state with Clonezilla or something similar can cut down on rebuild times some (for future reference).
0
 
LVL 30

Author Comment

by:Thomas Zucker-Scharff
Tried an upgrade to windows 10 from 7 and experiencing the same problems.  Except now it affects IE11 (not edge).
0
 
LVL 25

Expert Comment

by:SStory
IE and Firefox support ActiveX controls (Firefox through an addon). That's where I'd start looking.
0
 
LVL 30

Author Comment

by:Thomas Zucker-Scharff
thanks
0
 
LVL 30

Author Comment

by:Thomas Zucker-Scharff
I have started looking at ActiveX, so far nothing.  I did experience a new symptom - Chrome started doing the same thing!  I may open a question, not sure.  I feel I should just reformat, but I'm not sure I like the idea, I am on my way to doing it - just made a new backup and checked old backups.  I would probably need to reinstall several apps, but I have the ISOs for virtually everything.  It is just a PITA.

I give the recommendation to reimage or reformat often enough, so I shouldn't complain, but ...
0
 
LVL 25

Expert Comment

by:SStory
Yes, I think I would reformat.  On the other hand you might boot to a live CD of Windows or Linux and see if it still happens I guess. If not reformat it.
0
 
LVL 30

Author Comment

by:Thomas Zucker-Scharff
Had a helpdesk tech in here doing something else and asked him about it.  It took him about 10 minutes to figure out that it was a keystroke encryption program I had on my computer (HitmanPro.Alert) that was the culprit.  I had discounted it since it would affect the whole computer, but it turns out that some browsers are able to enter the keystrokes before encryption.
0
 
LVL 25

Expert Comment

by:SStory
Time to reformat and change all passwords used from that machine and do a credit check as well.
0
 
LVL 30

Author Comment

by:Thomas Zucker-Scharff
I disagree.  As I said it was actually my own security software,  hitmanpro.alert from surfright, that caused the problem. The support people from surfright have already contacted me.
0
 
LVL 25

Expert Comment

by:SStory
Oh. I see. I didn't know what hitman pro was.  Oh well. guess you've solved it.  Good luck.
0
 
LVL 30

Author Comment

by:Thomas Zucker-Scharff
Thanks. Hope it is solved.
0
 
LVL 30

Author Comment

by:Thomas Zucker-Scharff
SOLUTION!! (when I first typed that it was totally unreadable)

It turns out that one of my security applications, HitmanPro.Alert, has a setting that is called Keystroke Encryption.  It is to protect you from keyloggers. When it is turned off my typing looks like this, but when I turn it on my typing looks like this: ywsrc2utfsbqi8d4mj62a2hsm5 (I typed "my typing looks like this ").  So if you run into this - check to make sure it isn't this app (now owned by Sophos, not Surfright, and called HitmanPro.Alert/cryptoguard/InteruptX)
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Join & Write a Comment

This Micro Tutorial will go in depth within Systems and Security in Windows 7 and will go into detail regarding Action Center, Windows Firewall, System, etc. This will be demonstrated using Windows 7 operating system.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month