Windows 7: keyboard won't work

okay, the free edition is fine, do you keep it updated, either manually or automatically, or are you unsure?

is windows updated fully and the firewall activated? or else avast's firewall?

Am I to assume you do not use any of Mark's SYSINTERNAL tools - PSTools, you would it know if you have?

next we'll look for the existance of the file and it's location, if it is the malware sync.exe (as Windows 7 has no file with that name I am quite certian), it will almost certianly be in one of 3 places,


Mike

avast is automatically updated, firewall is on, windows updated and never heard of SYSINTERNAL tools and of PST Tools. i could never find the location of sync.exe in the computer.

well look for the "process"

click (START) : and type "taskmgr.exe" in the searchbox, press (enter)

after a potential delay, you'll see windows task manager window appear.

it will have around 6 "tabs", simply click on the one labeled "processes"

a list of all the current processes will be displayed, there will be a button at the bottom of the list that reads (Show Processes from ALL Users).... click it and the list will fill up with more entrys (althogh you may not notice it if the list is already long. that's okay.

now UNDER the tabs where you selected "processes" before, there is a list header, which gives the title of each COLUMN (i.e. Image Name, User Name, CPU, etc.), click Image Name once and the list which has been moving fluidly up until this point should freeze and be in alphebetic order (or reverese "z" to "a"), eather way your going to make use of the scroll bars at the right side of the list and locate a process named similarly "sync.exe", it will be in alphebetic order so finding it should just take singing the ABC song! If it is there, stop and tell me, prior to taking any further actions, if it is not,... double and triple check. and likewise let meknow


if anything is not clear ask before continuing the steps above. (take it one step at a time)


Mike

after tripple check, sync.exe is not there

great, and you did it with ease

now for a file search, it should be in the programs, windows or system folder, but to be thou rough well check the whole drive, and while windows search is capable, command prompt is just as capable, with less potential for hazards.

Now go back to (start) and type cmd.exe, but instead of pressing enter, move up to the black icon with the same name"cmd.exe" and right click it

A drop-down menu will appear with one option reading "run as administrator" with a shield icon at its right side, you should left click this option. then a pop up will confirm your request click (yes) and the command prompt window will open w/ administrative privileges active.

type the following into the black window prompt: "cd..\.." (no quotes), this should place you in the c:\ drive root directory

now to do the search for "any file, in all directory's and subdirectories, including hidden and system files" type the following command: "dir sync.exe /a:sh-s-h /s /p" followed by (enter) BE SURE TO TYPE IT EXACTLY spaces and all and wait for a while as it searches your drive for the file, the /p flag tells it to show you the results "one-page-at-a-time" so you can use space or enter to move down any listed results line by line or page by page. you will have plenty of time to look at any potential results, if any are produced, since you control the page movement as i just mentioned, so look carefully for the file that is causing the error "sync.exe" in any of the results and report back to me.

please.

thanks,
mike

after “dir sync.exe /a:sh-s-h /s /p, i have the following message: the volume in drive c has no name . the serial number is...
can't go further

it aslo says can't find the file which is ... good?

yes there would be the volume id, drive name (which it must be unnamed) then a long search before in your case coming up empty the file appears to not be present. I did a bit of research and i was correct that no Windows 7 system files have that name, only that "tech tool" by sys internals which i am sure you do not have and the similarly named ssync.exe. There is however, depending on the source a keylogger type malware, as well as a spyware type of program that watches your browsing habits and sends whatever they see fit to their server for analysis/or sale. Both are harmful from a security standpoint, but the file has no virus/worm/rootkit type of behavior (and any file could have introduced it to your system from mira or any similar torrents, I recommend not using such apps, although the decision is personal, just be fully aware of the risk, and make your own judgment call, no one can stop you is basically what I'm saying, but the risks far outweight the benefits, unless your uber-rich!

I was expecting to see a keylogger since they can be poorly written and cause issues including ones like you have (I just don't get why the KB is just as flawed in BIOS setup, without a hardware issue.

Do you have the original install disc(s) or did you make system restore discs to be able to reinstall windows?

if so, that might be your best option, a full wipe and reinstall (after copying your important files to another storage medium)

I'll look it up and see what I can learn about its specifics, I know it (apparently trys unsuccessfully) to load the file a boot time, executing a process which changes a few registry keys to be sure it loads at startup again, then transmits some sort of data to a server out there! I guess windows defender does have a startup program checker/disabler as part of its mini tool suite (the gear shaped icon) You could look for the sync.exe file there and if removed/disabled the registry entry will not reload it at each boot-time.

hopefully you have the discs at least as a safety-net if nothing else. I'll see what i can dig up and get back with you tommo....well today, since it is 4:57am here. If I come up empty or unsure, I'll ask one of the security experts, probably will either way. Just be careful just incase it does log your typing not to volunteer private info, or run much in the meantime!

I wish i could do more, but we'll see tomorrow.

Mike

(oh and the name of one of the malware is "AdShooter.SearchForIt" the other potential one i don't have a name for yet)

EDIT: even a old fashion hijack this log would likely locate this type of beast

ok thanks. just one last question. does it have anything to do with my keyboard problem?

it is unlikely two problems at once, so one is likely casued by the other and the s/w if malicious could not be CAUSED by a H/W issue, so Best bet is the keyboard issue is caused by the software carried in as a trojan with your torrent s/w or some other route (email, driveby, etc).... try BIOS setup again unless you are absolutely certian that it acted identially (the keyboard) while in that enviromnet (prior to ANY code execution or even the Master Boot Record (MBR), short of a nasty rootkit, that type of malware just couldn't bypass windows x64 security (yet)

got it...
mike