Solved

USB keyboard stops working when Windows 7 starts

Posted on 2013-01-24
14
796 Views
Last Modified: 2013-02-05
This is an Acer AIO running Windows 7 Home Premium.  All was fine until trying to update Kaspersky Internet Security... which would not activate.  Client found a support number on Kaspersky's website, called it and after the answering party took control of the computer, the client was informed that the system and their entire network was virused and that they'd need to pay $199.00 to clean it up.  At that point they stopped the person, asked them to disconnect and brought it to me.

I booted from a Kaspersky scan CD, updated definitions and performed a full scan (nothing found).  I attempted to uninstall KIS but it hung and failed to complete.  After the restart, I wanted to run Kaspersky's Software Removal Tool and needed to input a CAPTCHA code.  It was at this point that I noted that I had no keyboard access.  As I think about it, all actions prior to this point, within the client's Windows environment, had been by mouse control only... so it is possible that keyboard access had been unavailable from the start.  [It should be noted that all tested keyboards work when booting from other environments or upon startup.  Loss seems to occur upon transferring control to Windows.]  After using the removal tool (which could be completed through use of the built-in touchscreen), I attempted to install KIS 2013.  There were problems again (though I don't remember exactly what they were) so I again used the Removal Tool.

At this point I performed a complete image backup of all partitions on the hard drive before proceeding to determine if there was any indication of virus infection.  I ran ComboFix and Malwarebytes and found no indication of any virus activity.

Attempts to do a system restore fails to complete.  Hardware diagnostics on the system give no indication of problems. SFC /SCANNOW completes without concern.  In Device Manager, I can see the HID Keyboard Device and USB Composite Device being added when I plug in a wired USB Keyboard.  Yet still, any keyboard (other than touchscreen) fails to respond.

I would appreciate any help that might guide me towards the return of proper keyboard access.

Thanks!

Jim
0
Comment
Question by:JimBillyJoeBob
  • 7
  • 3
  • 3
  • +1
14 Comments
 
LVL 21

Assisted Solution

by:ivanoviola
ivanoviola earned 167 total points
Comment Utility
Let's first start by seeing if the problem is profile related or system related. Create a temporary new administrator profile. Log into the new profile then connect the keyboard. See if the problem persists using the new profile.

IV
0
 

Author Comment

by:JimBillyJoeBob
Comment Utility
I neglected to note that I had previously created a new profile with administrator rights. No keyboard there, either.
0
 
LVL 7

Expert Comment

by:Scobber
Comment Utility
disconnect the hard disk connect to a working machine and clean it that way

you will fins that the virus/rootkit has infected hiddrv.sys (or another part) which is essentially a wrapper, now hiddrv has been infected/deleted as part of the cleaning process the system driver no longer exists. you could copy it back in, and restore the removed drivers or you could go again. up to you

i would think that this is only the tip of the iceberg, some of these things infect mass storage device drivers too, so you might find usb sticks wont work in the machine either.
0
 
LVL 7

Expert Comment

by:Scobber
Comment Utility
you say it has a touchscreen? use the on screen keyboard to do your diagnostic.

start run osk.exe
c:\windows\system32\osk.exe
start [all programs] accessories [ease of access] [on screen keyboard]
0
 
LVL 91

Assisted Solution

by:nobus
nobus earned 167 total points
Comment Utility
did you try running the offline defender scan ?
 http://windows.microsoft.com/en-US/windows/what-is-windows-defender-offline
also, run these on your system
http://www.malwarebytes.org/mbam.php                         MBAM
http://majorgeeks.com/RogueKiller_d6983.html                  Roguekiller
0
 

Author Comment

by:JimBillyJoeBob
Comment Utility
@Scobber - I will have to admit that I've had some disbelief that the system is actually virused.  Had the Kaspersky scan shown any indication whatsoever, I'd have been more thorough by doing other offline scans.  You are right, however, when you point out that best detection is accomplished when the drive being scanned isn't being controlled by the Operating System that resides on that same suspect drive.  In regards to the touchscreen keyboard... that's what I've been using for keyboard input during this process (or the one Acer provided).

@nobus - Did run MBAM... but not RogueKiller or Windows Defender Offline.  Have just made a bootable CD for WDO, will run it and will then follow up with RogueKiller.

As a reminder... there were no apparent problems with this system until the support agent connected and proclaimed their entire home network as virused and needing cleaning.  Personally, I'm still suspicious as to the system really having an infection issue... but will pursue detection/cleaning as the current course of action.

I do appreciate everyone's effort on my behalf...

Jim
0
 
LVL 91

Expert Comment

by:nobus
Comment Utility
i just wonder whats your real name - jimBillyJoe or Bob
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:JimBillyJoeBob
Comment Utility
Real name is Jim.  Had a new client who couldn't remember my name and called me JimBillyJoeBob.  I thought it was great and have used it again from time to time.  Was in "one of those moods" when I signed up here (a number of years ago).  So there ya go!  :)
0
 

Author Comment

by:JimBillyJoeBob
Comment Utility
Windows Defender Online found one item:  Adware:Win32/PriceGong... which I allowed to be removed.  Restarted in Normal mode and ran Rogue Killer.  It found four items... two related to the clients Epson printer and two related to NewStartPanel.

Anything we can do to directly tackle regaining keyboard access or do we continue to look for viruses?  I can tear into the All-In-One, gain access to the hard drive, remove it and scan it from another system if someone still thinks that needs to be done...
0
 
LVL 7

Assisted Solution

by:Scobber
Scobber earned 166 total points
Comment Utility
did you get the on screen keyboard to work?

get into the admin command prompt and do a sfc /scannow

Ive seen this problem hundreds of times before where a anti-virus deletes the infected item which is essentially a wrapper for the real driver. gives the infection ring 0 access (kernel level access) because the wrapper got removed no keyboard.

The easiest way out is to backup and reinstall windows.
0
 

Author Comment

by:JimBillyJoeBob
Comment Utility
Have run SFC /SCANNOW from the Command Prompt as Administrator.  No problems found.
0
 
LVL 91

Expert Comment

by:nobus
Comment Utility
from your posts, i take it the virus scans did not cure the problem?
maybe time to consider a full backup-wipe - and fresh install
0
 

Accepted Solution

by:
JimBillyJoeBob earned 0 total points
Comment Utility
The problem was never resolved... as I was never able to perform the necessary repair to regain control from an external keyboard.  As it appears that there are no more suggestions forthcoming, I will close this and move to the next necessary action; that of a "wipe and clean install".  My thanks to each of you for monitoring for posts such as mine and for taking the time to read and respond.  Though your efforts did not afford me the solution I sought, the time and care was greatly appreciated.  As such, I have split points amongst the respondents.

Again, Thanks!

Jim
0
 

Author Closing Comment

by:JimBillyJoeBob
Comment Utility
I accepted my own comment as the solution because performing a wipe and reinstall was the option that I was seeking to avoid.
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Log files are useful in diagnosing and repairing problems.  This is a list of common log files and their standard locations that I've compiled.   While this is not exhaustive, it is a pretty good list that I've found to be useful.  I may update it f…
When you upgrade from Windows 8 to 8.1 or to Windows 10 or if you are like me you are on the Insider Program you may find yourself with many 450MB recovery partitions.  With a traditional disk that may not be a problem but with relatively smaller SS…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now