Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

USB keyboard stops working when Windows 7 starts

Posted on 2013-01-24
14
804 Views
Last Modified: 2013-02-05
This is an Acer AIO running Windows 7 Home Premium.  All was fine until trying to update Kaspersky Internet Security... which would not activate.  Client found a support number on Kaspersky's website, called it and after the answering party took control of the computer, the client was informed that the system and their entire network was virused and that they'd need to pay $199.00 to clean it up.  At that point they stopped the person, asked them to disconnect and brought it to me.

I booted from a Kaspersky scan CD, updated definitions and performed a full scan (nothing found).  I attempted to uninstall KIS but it hung and failed to complete.  After the restart, I wanted to run Kaspersky's Software Removal Tool and needed to input a CAPTCHA code.  It was at this point that I noted that I had no keyboard access.  As I think about it, all actions prior to this point, within the client's Windows environment, had been by mouse control only... so it is possible that keyboard access had been unavailable from the start.  [It should be noted that all tested keyboards work when booting from other environments or upon startup.  Loss seems to occur upon transferring control to Windows.]  After using the removal tool (which could be completed through use of the built-in touchscreen), I attempted to install KIS 2013.  There were problems again (though I don't remember exactly what they were) so I again used the Removal Tool.

At this point I performed a complete image backup of all partitions on the hard drive before proceeding to determine if there was any indication of virus infection.  I ran ComboFix and Malwarebytes and found no indication of any virus activity.

Attempts to do a system restore fails to complete.  Hardware diagnostics on the system give no indication of problems. SFC /SCANNOW completes without concern.  In Device Manager, I can see the HID Keyboard Device and USB Composite Device being added when I plug in a wired USB Keyboard.  Yet still, any keyboard (other than touchscreen) fails to respond.

I would appreciate any help that might guide me towards the return of proper keyboard access.

Thanks!

Jim
0
Comment
Question by:JimBillyJoeBob
  • 7
  • 3
  • 3
  • +1
14 Comments
 
LVL 21

Assisted Solution

by:ivanoviola
ivanoviola earned 167 total points
ID: 38815686
Let's first start by seeing if the problem is profile related or system related. Create a temporary new administrator profile. Log into the new profile then connect the keyboard. See if the problem persists using the new profile.

IV
0
 

Author Comment

by:JimBillyJoeBob
ID: 38815786
I neglected to note that I had previously created a new profile with administrator rights. No keyboard there, either.
0
 
LVL 7

Expert Comment

by:Scobber
ID: 38816336
disconnect the hard disk connect to a working machine and clean it that way

you will fins that the virus/rootkit has infected hiddrv.sys (or another part) which is essentially a wrapper, now hiddrv has been infected/deleted as part of the cleaning process the system driver no longer exists. you could copy it back in, and restore the removed drivers or you could go again. up to you

i would think that this is only the tip of the iceberg, some of these things infect mass storage device drivers too, so you might find usb sticks wont work in the machine either.
0
Networking for the Cloud Era

Join Microsoft and Riverbed for a discussion and demonstration of enhancements to SteelConnect:
-One-click orchestration and cloud connectivity in Azure environments
-Tight integration of SD-WAN and WAN optimization capabilities
-Scalability and resiliency equal to a data center

 
LVL 7

Expert Comment

by:Scobber
ID: 38816339
you say it has a touchscreen? use the on screen keyboard to do your diagnostic.

start run osk.exe
c:\windows\system32\osk.exe
start [all programs] accessories [ease of access] [on screen keyboard]
0
 
LVL 92

Assisted Solution

by:nobus
nobus earned 167 total points
ID: 38817745
did you try running the offline defender scan ?
 http://windows.microsoft.com/en-US/windows/what-is-windows-defender-offline
also, run these on your system
http://www.malwarebytes.org/mbam.php                         MBAM
http://majorgeeks.com/RogueKiller_d6983.html                  Roguekiller
0
 

Author Comment

by:JimBillyJoeBob
ID: 38819089
@Scobber - I will have to admit that I've had some disbelief that the system is actually virused.  Had the Kaspersky scan shown any indication whatsoever, I'd have been more thorough by doing other offline scans.  You are right, however, when you point out that best detection is accomplished when the drive being scanned isn't being controlled by the Operating System that resides on that same suspect drive.  In regards to the touchscreen keyboard... that's what I've been using for keyboard input during this process (or the one Acer provided).

@nobus - Did run MBAM... but not RogueKiller or Windows Defender Offline.  Have just made a bootable CD for WDO, will run it and will then follow up with RogueKiller.

As a reminder... there were no apparent problems with this system until the support agent connected and proclaimed their entire home network as virused and needing cleaning.  Personally, I'm still suspicious as to the system really having an infection issue... but will pursue detection/cleaning as the current course of action.

I do appreciate everyone's effort on my behalf...

Jim
0
 
LVL 92

Expert Comment

by:nobus
ID: 38819477
i just wonder whats your real name - jimBillyJoe or Bob
0
 

Author Comment

by:JimBillyJoeBob
ID: 38819636
Real name is Jim.  Had a new client who couldn't remember my name and called me JimBillyJoeBob.  I thought it was great and have used it again from time to time.  Was in "one of those moods" when I signed up here (a number of years ago).  So there ya go!  :)
0
 

Author Comment

by:JimBillyJoeBob
ID: 38819842
Windows Defender Online found one item:  Adware:Win32/PriceGong... which I allowed to be removed.  Restarted in Normal mode and ran Rogue Killer.  It found four items... two related to the clients Epson printer and two related to NewStartPanel.

Anything we can do to directly tackle regaining keyboard access or do we continue to look for viruses?  I can tear into the All-In-One, gain access to the hard drive, remove it and scan it from another system if someone still thinks that needs to be done...
0
 
LVL 7

Assisted Solution

by:Scobber
Scobber earned 166 total points
ID: 38820470
did you get the on screen keyboard to work?

get into the admin command prompt and do a sfc /scannow

Ive seen this problem hundreds of times before where a anti-virus deletes the infected item which is essentially a wrapper for the real driver. gives the infection ring 0 access (kernel level access) because the wrapper got removed no keyboard.

The easiest way out is to backup and reinstall windows.
0
 

Author Comment

by:JimBillyJoeBob
ID: 38820480
Have run SFC /SCANNOW from the Command Prompt as Administrator.  No problems found.
0
 
LVL 92

Expert Comment

by:nobus
ID: 38821597
from your posts, i take it the virus scans did not cure the problem?
maybe time to consider a full backup-wipe - and fresh install
0
 

Accepted Solution

by:
JimBillyJoeBob earned 0 total points
ID: 38840924
The problem was never resolved... as I was never able to perform the necessary repair to regain control from an external keyboard.  As it appears that there are no more suggestions forthcoming, I will close this and move to the next necessary action; that of a "wipe and clean install".  My thanks to each of you for monitoring for posts such as mine and for taking the time to read and respond.  Though your efforts did not afford me the solution I sought, the time and care was greatly appreciated.  As such, I have split points amongst the respondents.

Again, Thanks!

Jim
0
 

Author Closing Comment

by:JimBillyJoeBob
ID: 38854312
I accepted my own comment as the solution because performing a wipe and reinstall was the option that I was seeking to avoid.
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The way I use Experts Exchange to assist me in analyzing and diagnosing a problem is I first enter a Verbose Question at Experts Exchange like: Office 2007 will hang when opening and saving files I then launch WordPad (any text editor will do) an…
INTRODUCTION The purpose of this document is to demonstrate the Installation and configuration of the Data Protection Manager product. Note that this demonstration was prepared on the basis of Windows OS is 2008 R2 and DPM 2010. DATA PROTECTI…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question