Improve company productivity with a Business Account.Sign Up


virus---keyboad/mouse not working

Posted on 2002-05-18
Medium Priority
Last Modified: 2010-05-18
I got a virus that keeps my mouse and keyboard from working..

I recently, in the last week, loaded pc cillian 2000 upgrading from version 6.0

yesterday the problems started.  the first clue i had a problem was that my mouse and keyboard did not work on a start up.
ran scan and found 2 viruses....worm_badtrans.b
and also worm_klez.h

files were quaranteened.

In trying to fix the problem,,
started in safe mode, and followed instruction for each to clean then rebooted.  I did not find any of the indicated changes in the registry, and so did not change any of the copy there. while i did not find any problems wit the registery, i did find the file cp_25389.nls which i deleted.

have rebooted several times,
.none have worked in regular windows load.

1 time, tried safe mode, and when I tried to open pcc2000, got a blue screen that failure in pccmain etc ect etc  krnl386.exe.

rebooted and it did not reappear.  I have run pc virus scan 2 other times with no viruses detected  with p[attern 283 AND Engine and program


i do find that on regular windows load, sometimes windows quites with just a few desktop icon pictures missing...and the hourglass onscreen, but no keyboard or mouse working...except the mouse moves but no clicking..
thanks for the help.


basicially, the scan does not pick up any problems but  it still does not work...Help and thanks

systems is win 98, pIII 500 mhz, 128 meg ram etc

status day, did get the system to boot with keyboard/mouse working...1st time, locked up with execution of virus software......the ie gave blue screen.

with several reboots, 2 times loaded ok and all worked.....scan showed no viruses.

then a few more reboots, same problem....keyboard/mmouse inop, like the system has loadd all but alittle and the hour glass sometimes stays on....all icons load ok.

Question by:hassenfeld
  • 4
  • 3
  • 2
  • +3

Accepted Solution

tituba2 earned 2000 total points
ID: 7019536
What OS are you using?  Before you do ANYTHING more - BACKUP what is important to you.  Klez can and will destroy files and you may not have a vote very shortly.

Klez_H needs to be repaired using a tool.  Virus software won't clean it as Klez is very clever and destroys files of virus software products so they can't work correctly.  Until Klez is gone, you have to remove viruses with a tool.

I've had the best luck with the tool for Klez provided by Symantec and not Trend.  Go to and download the tools for both Klez and Bad_Trans.  You will have to run the tool several times.  After Klez is gone, you will find it's accompanying virus (most likely Elerkn).  However, and this is a very scary one, Klez has been recent found to be dropping CIH.  Go to Symantec's site and read about CIH and I'd download that tool too.

(If you do have CIH, I'd personally format the hard drive (using /u switch), clear the MBR and start over.)

Be VERY careful about reading all the directions with the readme files on both of these tools.  If you are using XP or ME, you need to take additional steps.  

After all tools have been run, go to and run a scan.  Don't rely on local installed virus software for accurate reading.  When you are absolutely sure all is gone, uninstall and reinstall the virus software.

Virus scan all files you backuped before putting them back.

Be very careful to follow the directions on Symantec's site regarding this virus as both are very bad news, especially the variant H of Klez.  Good luck.


Expert Comment

ID: 7019546
Also - if you go to Trend's site, search ERD, you will go to a link to create an emergency boot disk with pattern file 279.  Do this ON A CLEAN system and not the system you have these viruses on.  In fact, run the housecall on the system you create these disks from prior to creating your Emergency Boot Disks so as to be very sure.

Anyways - you'll need six floppies.  You boot from the first and follow the directions.  Pattern file 279 will load and will scan and delete viruses in DOS mode.  However,run the tool first as I don't believe the ERD set with pattern 279 will delete Klez.  It will, however, take care of Elerkn.

Author Comment

ID: 7019637
now you have me really scared.  I have now found that the virus, if thats the problem is with pcc2000.  when I removced it and installed pcc 6.0, an earlier version, everything would load ok.  I need to repeat that I have probably scanned the system 4-5 times with pcc 2000, 1 with pcc 6.0 and also hpouse doctor already, and nothing was detected....but by what you are saying, i may still have them??

the one curouus thing is that the virus fixes refered to changes in the regusry,  i never did find the lines they mentioned.

how can I be sure the system is at least clean, yet while it does not work with ppcc 2000.

i have all my data on a separate drive, so I could reformat c:, but one of the files that had the virus was in f: (data), which was supposedly quarantined the first time and then deleted.
what else can i check??
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!


Author Comment

ID: 7019638
i am using win 98,  if i reinstall, is me better than 98se?(

Expert Comment

ID: 7019646
Yes, you may very well still have them.  Klez is VERY clever and you cannot rely on any virus software product when Klez is on your system.  Klez destroys key files in Pc-cillian, Norton, McAfee in order to survive.  It gives you a false result that you are clean, when in fact, it is still resident.

Go to:

click scan without registering
When dialog box comes up - click C drive and scan

This won't fix anything but you will get an accurate reading as to what is on your system.  If you are still infected, you need to download the tools I mentioned above and run them.

You have to run the tool first, then the emergency boot disks, then reload your virus software product and update and scan.  Go out to housecall again to verify all is gone.

Author Comment

ID: 7019766
i have run the following programs:
boot to safe mode
run klez reboot to safe
run badtransb reboot to safe
run cih  reboot to safe
run klez again
reboot to regular windows.
ran housecall

even before all these steps, i used pcc2000 on a networked computer to scan the one with problems,  used pattern file 285.

in all cases , nothing was detected...

now, i did notice in the copy for cleaning klez, that while it removes the virus, it will not necessarily repair the files??

my only symptom is that pcc 2000 does not work with the keyboard/mouse problem, which is when these were originally discovered.

1)how sure can i be that i am ok,
2) what about not being able to use pcc 2000
yet pcc 6.0 (olderversion) seems ok
note that i had pcc 2000 installed when the problem first came up
3)  i have comcast and i did have a few odd problems getting to sign on for mail?  system locked up.....if this was related, should i be ok now??
4) do i need to do the booting with the erd?? have not done it ,,,see note on scaning with 285

what else have i overlooked...


Expert Comment

ID: 7019837
Really unsafe to be on a network with the Klez virus.  Klez searches out for network shares and can infect the entire network.  If you are not the IT person, you should notify them ASAP to scan for possible infections. Always do scanning locally and not connected to a network.

In any case.  Remove Pccillian.  Boot using the ERD disks (making sure to have created the ERD disks on a clean PC)

Yes, while it removes virus, cannot repair files.  If they are system files, you should reload your OS.

Anything freezing, locking up etc. is expected when you have these kinds of viruses.  You cannot diagnose system issues when you have a virus.  

Go out to and do a scan to verify you are OK.  If housecall finds anything, then you are not.  After you are clean, then reinstall and update your virus software.

Expert Comment

ID: 7048090

Expert Comment

ID: 7057535

Expert Comment

ID: 7170979
This problem MUST have been resolved by now.

Expert Comment

ID: 7299776

Expert Comment

ID: 7300550
This person has been suspended for multiple violations of the Member Agreement, and will reject the proposed answer, and return your question to the Active Questions List.  The Moderator Group is deleting all 388 locked questions.

These were posted by three persons:

Thank you,
CS Admin @ EE

Featured Post

Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

PREFACE The purpose of this guide is to explain how to manually move a SEP client to a different client group by performing steps on the client-side. These steps may prove particularly useful because they allow the client to move after it has alrea…
PREFACE The purpose of this guide is to explain what the SEPC Status Utility is and how it works. I have written the utility using AutoIt and have included the source code for your review. You are welcome to modify the code to your liking, but I wi…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

606 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question