• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 813
  • Last Modified:

USB keyboard stops working when Windows 7 starts

This is an Acer AIO running Windows 7 Home Premium.  All was fine until trying to update Kaspersky Internet Security... which would not activate.  Client found a support number on Kaspersky's website, called it and after the answering party took control of the computer, the client was informed that the system and their entire network was virused and that they'd need to pay $199.00 to clean it up.  At that point they stopped the person, asked them to disconnect and brought it to me.

I booted from a Kaspersky scan CD, updated definitions and performed a full scan (nothing found).  I attempted to uninstall KIS but it hung and failed to complete.  After the restart, I wanted to run Kaspersky's Software Removal Tool and needed to input a CAPTCHA code.  It was at this point that I noted that I had no keyboard access.  As I think about it, all actions prior to this point, within the client's Windows environment, had been by mouse control only... so it is possible that keyboard access had been unavailable from the start.  [It should be noted that all tested keyboards work when booting from other environments or upon startup.  Loss seems to occur upon transferring control to Windows.]  After using the removal tool (which could be completed through use of the built-in touchscreen), I attempted to install KIS 2013.  There were problems again (though I don't remember exactly what they were) so I again used the Removal Tool.

At this point I performed a complete image backup of all partitions on the hard drive before proceeding to determine if there was any indication of virus infection.  I ran ComboFix and Malwarebytes and found no indication of any virus activity.

Attempts to do a system restore fails to complete.  Hardware diagnostics on the system give no indication of problems. SFC /SCANNOW completes without concern.  In Device Manager, I can see the HID Keyboard Device and USB Composite Device being added when I plug in a wired USB Keyboard.  Yet still, any keyboard (other than touchscreen) fails to respond.

I would appreciate any help that might guide me towards the return of proper keyboard access.

Thanks!

Jim
0
JimBillyJoeBob
Asked:
JimBillyJoeBob
  • 7
  • 3
  • 3
  • +1
4 Solutions
 
Ivano ViolaSystem AdministratorCommented:
Let's first start by seeing if the problem is profile related or system related. Create a temporary new administrator profile. Log into the new profile then connect the keyboard. See if the problem persists using the new profile.

IV
0
 
JimBillyJoeBobAuthor Commented:
I neglected to note that I had previously created a new profile with administrator rights. No keyboard there, either.
0
 
ScobberCommented:
disconnect the hard disk connect to a working machine and clean it that way

you will fins that the virus/rootkit has infected hiddrv.sys (or another part) which is essentially a wrapper, now hiddrv has been infected/deleted as part of the cleaning process the system driver no longer exists. you could copy it back in, and restore the removed drivers or you could go again. up to you

i would think that this is only the tip of the iceberg, some of these things infect mass storage device drivers too, so you might find usb sticks wont work in the machine either.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
ScobberCommented:
you say it has a touchscreen? use the on screen keyboard to do your diagnostic.

start run osk.exe
c:\windows\system32\osk.exe
start [all programs] accessories [ease of access] [on screen keyboard]
0
 
nobusCommented:
did you try running the offline defender scan ?
 http://windows.microsoft.com/en-US/windows/what-is-windows-defender-offline
also, run these on your system
http://www.malwarebytes.org/mbam.php                         MBAM
http://majorgeeks.com/RogueKiller_d6983.html                  Roguekiller
0
 
JimBillyJoeBobAuthor Commented:
@Scobber - I will have to admit that I've had some disbelief that the system is actually virused.  Had the Kaspersky scan shown any indication whatsoever, I'd have been more thorough by doing other offline scans.  You are right, however, when you point out that best detection is accomplished when the drive being scanned isn't being controlled by the Operating System that resides on that same suspect drive.  In regards to the touchscreen keyboard... that's what I've been using for keyboard input during this process (or the one Acer provided).

@nobus - Did run MBAM... but not RogueKiller or Windows Defender Offline.  Have just made a bootable CD for WDO, will run it and will then follow up with RogueKiller.

As a reminder... there were no apparent problems with this system until the support agent connected and proclaimed their entire home network as virused and needing cleaning.  Personally, I'm still suspicious as to the system really having an infection issue... but will pursue detection/cleaning as the current course of action.

I do appreciate everyone's effort on my behalf...

Jim
0
 
nobusCommented:
i just wonder whats your real name - jimBillyJoe or Bob
0
 
JimBillyJoeBobAuthor Commented:
Real name is Jim.  Had a new client who couldn't remember my name and called me JimBillyJoeBob.  I thought it was great and have used it again from time to time.  Was in "one of those moods" when I signed up here (a number of years ago).  So there ya go!  :)
0
 
JimBillyJoeBobAuthor Commented:
Windows Defender Online found one item:  Adware:Win32/PriceGong... which I allowed to be removed.  Restarted in Normal mode and ran Rogue Killer.  It found four items... two related to the clients Epson printer and two related to NewStartPanel.

Anything we can do to directly tackle regaining keyboard access or do we continue to look for viruses?  I can tear into the All-In-One, gain access to the hard drive, remove it and scan it from another system if someone still thinks that needs to be done...
0
 
ScobberCommented:
did you get the on screen keyboard to work?

get into the admin command prompt and do a sfc /scannow

Ive seen this problem hundreds of times before where a anti-virus deletes the infected item which is essentially a wrapper for the real driver. gives the infection ring 0 access (kernel level access) because the wrapper got removed no keyboard.

The easiest way out is to backup and reinstall windows.
0
 
JimBillyJoeBobAuthor Commented:
Have run SFC /SCANNOW from the Command Prompt as Administrator.  No problems found.
0
 
nobusCommented:
from your posts, i take it the virus scans did not cure the problem?
maybe time to consider a full backup-wipe - and fresh install
0
 
JimBillyJoeBobAuthor Commented:
The problem was never resolved... as I was never able to perform the necessary repair to regain control from an external keyboard.  As it appears that there are no more suggestions forthcoming, I will close this and move to the next necessary action; that of a "wipe and clean install".  My thanks to each of you for monitoring for posts such as mine and for taking the time to read and respond.  Though your efforts did not afford me the solution I sought, the time and care was greatly appreciated.  As such, I have split points amongst the respondents.

Again, Thanks!

Jim
0
 
JimBillyJoeBobAuthor Commented:
I accepted my own comment as the solution because performing a wipe and reinstall was the option that I was seeking to avoid.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 7
  • 3
  • 3
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now