Re: Keyboard and Touchpad Crashes When Installing Update KB890830

[Guest PA Bear [MS MVP]]

[Let me note that your problem really has nothing to do with Windows Update

other than the fact that AU gave you this month's version of the MSRT once.

As the thread's really OT for Windows Update newsgroup, I'm going to

crosspost to Vista Security newsgroup, too.]

 

You paid for BitDefender support with your subscription: What have they had

to say about all this?

<span style="color:blue">

> Both Bit Defender and MSRT KB890830 are recognising and deleting the

> file US30Kbd2K.sys as a trojan - but they are not deleting/modifying the

> associated registry entries.</span>

 

Have you tried to delete them manually?

<span style="color:blue">

> ...I suspect this version may have come from a P2P source</span>

 

As you participate in P2P file sharing, there's a very good chance are that

you are seeing the affects of other hijackware (e.g., a rootkit that's

"protecting" the infection you know about and others). If only to rule out

this possibility, I'd recommend that you run a thorough check for

hijackware, including posting the requested logs in an appropriate forum.

 

Checking for/Help with Hijackware

http://aumha.net/viewtopic.php?f=30&t=4075

http://mvps.org/winhelp2002/unwanted.htm

http://inetexplorer.mvps.org/data/prevention.htm

http://inetexplorer.mvps.org/tshoot.html

http://www.mvps.org/sramesh2k/Malware_Defence.htm

http://www.elephantboycomputers.com/page2....emoving_Malware

 

Seek expert assistance in

http://spywarehammer.com/simplemachinesfor....php?board=10.0,

http://forums.spybot.info/forumdisplay.php?f=22,

http://aumha.net/viewforum.php?f=30, or other appropriate forums.

 

If the procedures look too complex - and there is no shame in admitting this

isn't your cup of tea - take the machine to a local, reputable and

independent (i.e., not BigBoxStoreUSA) computer repair shop.

--

~PA Bear

 

Sombrero wrote:<span style="color:blue">

> Hi Bear -thanks for the reply

> First up, no I have never had McAfee or Norton installed on my laptop.

> Bit Defender Anti Virus 2009 is a licensed and fully updated copy,

> recently

> installed as an upgrade from 2008.

> MSRT was downloaded 13 March - not sure of time -but has been deleted and

> reinstalled by me (using System Restore) a t least three times since.

>

> However, I now have a clearer situation update about the problem. It now

> seems certain that I have a trojan installed in my machine, which Bit

> Defender identifies as "Trojan.Generic 1487884", in the form of file

> US30Kbd2K.sys, which is located in

> Windows/System32/Drivers and is loading as a PS2 keyboard driver. There

> appear to be at least three Registry entries in HKLMSystemCurrent

> Control

> SetServices that are associated with this trojan. I understand that

> US30Kbd2K

> was originally part of a program called Universal Shield,which was

> installed

> and removed from my machine about a year ago (not Vista compatible), but I

> suspect this version may have come from a P2P source only last week.

>

> US30Kbd2K.sys is showing up in Device Manager under the Standard PS2

> Keyboard entry as an additional driver to the two regular microsoft

> drivers

> (i8042prt.sys and kbdclass.sys).

>

> Both Bit Defender and MSRT KB890830 are recognising and deleting the

> file US30Kbd2K.sys as a trojan - but they are not deleting/modifying the

> associated

> registry entries. So when I reboot Vista, I loose both my Keyboard and my

> (PS2) TouchPad facilities. An external keyboard will not work either.

> Device

> Manager then shows that the drivers (both Keyboard and PS2 mouse) cannot

> load (Keyboard error code 39, Mouse error code 10). I tried uninstaling

> and

> reinstalling the normal drivers but Vista says the registry may be corrupt

> (Catch 22!!). My USB mouse is working OK

>

> So the only way that I can keep my laptop working properly (at the moment)

> is to stop Bit Defender from deleting the trojan during its overnight

> scan,

> and to

> not download MSRT KB890830 (although I might try the latter after

> temporarily renaming the trojan file?). I have used Windows System Restore

> several times to revert back to a useable version of Vista so that I can

> keep typing!

>

> Can you offer any suggestions please?

> sombrero

>

>

> "PA Bear [MS MVP]" wrote:

><span style="color:green">

>> cf. http://virscan.org/report/a47ab803039fbbe5...e8bc003f46.html

>>

>> When (date & time) did the MSRT download?

>>

>> Did the MSRT alert you to an infection it found?

>>

>> When did you install BitDefender? Have you purchased BitDefender? Can

>> you

>> manually update BitDefender and have you done so? What anti-virus

>> application were you using before you installed BitDefender?

>>

>> Has a Norton or McAfee application ever been installed on this machine

>> (e.g., a free-trial version that came preinstalled when you bought it)?

>> --

>> ~Robear Dyer (PA Bear)

>> MS MVP-IE, Mail, Security, Windows Client - since 2002

>> AumHa VSOP & Admin http://aumha.net

>> DTS-L http://dts-l.net/

>>

>> Sombrero wrote:<span style="color:darkred">

>>> Keyboard and Touchpad Crashes with Windows Update KB 890830 -

>>> Malicious Software Tool - March 2009.

>>>

>>> After installing the above update on a Fujitsu Lifebook E 8410 Laptop

>>> (Windows Vista Business) , I lost use of both my Keyboard and my Touch

>>> Pad. The wired USB Mouse works OK. Used Windows Restore and the

>>> system returned to normal.

>>>

>>> When installing KB 890830, my Bit Defender 2009 Virus Scanner identifies

>>> a

>>> Trojan.Generic.1487884 (file reference is US30Kbd2K.sys) in

>>> C:WindowsSystem32Drivers and deletes same. Also, when running

>>> WINDOWS Defender on its own, BIT Defender again pops up and also deletes

>>> file US30Kbd2K.sys.

>>>

>>> My keyboard drivers are listed in Devise Manager as i8042prt.sys,

>>> kbdclass.sys and US30Kbd2K.sys - the latter is possibly a trojan.

>>> However,

>>> when US30Kbd2K.sys is removed (either manually or by Bit Defender) the

>>> keyboard and touch pad will not work. I tried uninstalling and and

>>> reinstalling the two legitimate Microsoft keyboard drivers, but received

>>> a

>>> message saying I could not do so as the Registry was corrupt.

>>>

>>> Can you suggest please how I might overcome this problem. I have

>>> curently

>>> removed KB890830 (March 2009) from my system to keep the keyboard and

>>> touch

>>> pad working. An external PS2 keyboard does not work, but the on-screen

>>> (manual access) keyboard does. </span></span></span>

[Guest Sombrero]

All OK PA Bear

Sorry about the incorrect thread, however this matter arose from a Windows

Update - I just didn't realise at the time that MSRT was simply doing its job

by deleting a trojan!! The aftermath being that my keyboard and Touchpad

wouldn't work. And yes,I did email Bit Defender, but I'm still waiting for a

response.

 

However, I believe that I have just this minute fixed the problem. I found

an article on the internet about a similar problem, so fromthat I managed to

find where the trojan had "edited" my registry to load itself as an extra

keyboard driver. I edited out the (two) Registry changes, deleted the

US30Kbs2K.sys driver file, uninstalled the keyboard and mouse drivers in

Device Manager, then rebooted the laptop and everything seems to be back to

normal again. Sounds simple now, but working out exactly what the problem was

took me some time and effort, as well as two visits to the local laptop

Doctor (which here in Thailand is an adventure in itself, given the language

difficulties!).

Thanks anyway for your assistance and advice. And yes, I am well aware of

the perils of accessing P2P sites but even being careful, I was still caught

unawares!

Regards

sombrero, Phuket, Thailand

 

"PA Bear [MS MVP]" wrote:

<span style="color:blue">

> [Let me note that your problem really has nothing to do with Windows Update

> other than the fact that AU gave you this month's version of the MSRT once.

> As the thread's really OT for Windows Update newsgroup, I'm going to

> crosspost to Vista Security newsgroup, too.]

>

> You paid for BitDefender support with your subscription: What have they had

> to say about all this?

> <span style="color:green">

> > Both Bit Defender and MSRT KB890830 are recognising and deleting the

> > file US30Kbd2K.sys as a trojan - but they are not deleting/modifying the

> > associated registry entries.</span>

>

> Have you tried to delete them manually?

> <span style="color:green">

> > ...I suspect this version may have come from a P2P source</span>

>

> As you participate in P2P file sharing, there's a very good chance are that

> you are seeing the affects of other hijackware (e.g., a rootkit that's

> "protecting" the infection you know about and others). If only to rule out

> this possibility, I'd recommend that you run a thorough check for

> hijackware, including posting the requested logs in an appropriate forum.

>

> Checking for/Help with Hijackware

> http://aumha.net/viewtopic.php?f=30&t=4075

> http://mvps.org/winhelp2002/unwanted.htm

> http://inetexplorer.mvps.org/data/prevention.htm

> http://inetexplorer.mvps.org/tshoot.html

> http://www.mvps.org/sramesh2k/Malware_Defence.htm

> http://www.elephantboycomputers.com/page2....emoving_Malware

>

> Seek expert assistance in

> http://spywarehammer.com/simplemachinesfor....php?board=10.0,

> http://forums.spybot.info/forumdisplay.php?f=22,

> http://aumha.net/viewforum.php?f=30, or other appropriate forums.

>

> If the procedures look too complex - and there is no shame in admitting this

> isn't your cup of tea - take the machine to a local, reputable and

> independent (i.e., not BigBoxStoreUSA) computer repair shop.

> --

> ~PA Bear

>

> Sombrero wrote:<span style="color:green">

> > Hi Bear -thanks for the reply

> > First up, no I have never had McAfee or Norton installed on my laptop.

> > Bit Defender Anti Virus 2009 is a licensed and fully updated copy,

> > recently

> > installed as an upgrade from 2008.

> > MSRT was downloaded 13 March - not sure of time -but has been deleted and

> > reinstalled by me (using System Restore) a t least three times since.

> >

> > However, I now have a clearer situation update about the problem. It now

> > seems certain that I have a trojan installed in my machine, which Bit

> > Defender identifies as "Trojan.Generic 1487884", in the form of file

> > US30Kbd2K.sys, which is located in

> > Windows/System32/Drivers and is loading as a PS2 keyboard driver. There

> > appear to be at least three Registry entries in HKLMSystemCurrent

> > Control

> > SetServices that are associated with this trojan. I understand that

> > US30Kbd2K

> > was originally part of a program called Universal Shield,which was

> > installed

> > and removed from my machine about a year ago (not Vista compatible), but I

> > suspect this version may have come from a P2P source only last week.

> >

> > US30Kbd2K.sys is showing up in Device Manager under the Standard PS2

> > Keyboard entry as an additional driver to the two regular microsoft

> > drivers

> > (i8042prt.sys and kbdclass.sys).

> >

> > Both Bit Defender and MSRT KB890830 are recognising and deleting the

> > file US30Kbd2K.sys as a trojan - but they are not deleting/modifying the

> > associated

> > registry entries. So when I reboot Vista, I loose both my Keyboard and my

> > (PS2) TouchPad facilities. An external keyboard will not work either.

> > Device

> > Manager then shows that the drivers (both Keyboard and PS2 mouse) cannot

> > load (Keyboard error code 39, Mouse error code 10). I tried uninstaling

> > and

> > reinstalling the normal drivers but Vista says the registry may be corrupt

> > (Catch 22!!). My USB mouse is working OK

> >

> > So the only way that I can keep my laptop working properly (at the moment)

> > is to stop Bit Defender from deleting the trojan during its overnight

> > scan,

> > and to

> > not download MSRT KB890830 (although I might try the latter after

> > temporarily renaming the trojan file?). I have used Windows System Restore

> > several times to revert back to a useable version of Vista so that I can

> > keep typing!

> >

> > Can you offer any suggestions please?

> > sombrero

> >

> >

> > "PA Bear [MS MVP]" wrote:

> ><span style="color:darkred">

> >> cf. http://virscan.org/report/a47ab803039fbbe5...e8bc003f46.html

> >>

> >> When (date & time) did the MSRT download?

> >>

> >> Did the MSRT alert you to an infection it found?

> >>

> >> When did you install BitDefender? Have you purchased BitDefender? Can

> >> you

> >> manually update BitDefender and have you done so? What anti-virus

> >> application were you using before you installed BitDefender?

> >>

> >> Has a Norton or McAfee application ever been installed on this machine

> >> (e.g., a free-trial version that came preinstalled when you bought it)?

> >> --

> >> ~Robear Dyer (PA Bear)

> >> MS MVP-IE, Mail, Security, Windows Client - since 2002

> >> AumHa VSOP & Admin http://aumha.net

> >> DTS-L http://dts-l.net/

> >>

> >> Sombrero wrote:

> >>> Keyboard and Touchpad Crashes with Windows Update KB 890830 -

> >>> Malicious Software Tool - March 2009.

> >>>

> >>> After installing the above update on a Fujitsu Lifebook E 8410 Laptop

> >>> (Windows Vista Business) , I lost use of both my Keyboard and my Touch

> >>> Pad. The wired USB Mouse works OK. Used Windows Restore and the

> >>> system returned to normal.

> >>>

> >>> When installing KB 890830, my Bit Defender 2009 Virus Scanner identifies

> >>> a

> >>> Trojan.Generic.1487884 (file reference is US30Kbd2K.sys) in

> >>> C:WindowsSystem32Drivers and deletes same. Also, when running

> >>> WINDOWS Defender on its own, BIT Defender again pops up and also deletes

> >>> file US30Kbd2K.sys.

> >>>

> >>> My keyboard drivers are listed in Devise Manager as i8042prt.sys,

> >>> kbdclass.sys and US30Kbd2K.sys - the latter is possibly a trojan.

> >>> However,

> >>> when US30Kbd2K.sys is removed (either manually or by Bit Defender) the

> >>> keyboard and touch pad will not work. I tried uninstalling and and

> >>> reinstalling the two legitimate Microsoft keyboard drivers, but received

> >>> a

> >>> message saying I could not do so as the Registry was corrupt.

> >>>

> >>> Can you suggest please how I might overcome this problem. I have

> >>> curently

> >>> removed KB890830 (March 2009) from my system to keep the keyboard and

> >>> touch

> >>> pad working. An external PS2 keyboard does not work, but the on-screen

> >>> (manual access) keyboard does. </span></span>

>

> </span>

[Guest PA Bear [MS MVP]]

YW & thanks for your feedback.

 

Risks & Benefits of P2P File Sharing

http://www.microsoft.com/protect/yourself/...ilesharing.mspx

 

Also see http://p2p.malwareremoval.com/

 

Sombrero wrote:<span style="color:blue">

> All OK PA Bear

> Sorry about the incorrect thread, however this matter arose from a Windows

> Update - I just didn't realise at the time that MSRT was simply doing its

> job by deleting a trojan!! The aftermath being that my keyboard and

> Touchpad

> wouldn't work. And yes,I did email Bit Defender, but I'm still waiting for

> a

> response.

>

> However, I believe that I have just this minute fixed the problem. I

> found

> an article on the internet about a similar problem, so fromthat I managed

> to

> find where the trojan had "edited" my registry to load itself as an extra

> keyboard driver. I edited out the (two) Registry changes, deleted the

> US30Kbs2K.sys driver file, uninstalled the keyboard and mouse drivers in

> Device Manager, then rebooted the laptop and everything seems to be back

> to

> normal again. Sounds simple now, but working out exactly what the problem

> was took me some time and effort, as well as two visits to the local

> laptop

> Doctor (which here in Thailand is an adventure in itself, given the

> language

> difficulties!).

> Thanks anyway for your assistance and advice. And yes, I am well aware of

> the perils of accessing P2P sites but even being careful, I was still

> caught

> unawares!

> Regards

> sombrero, Phuket, Thailand

>

> "PA Bear [MS MVP]" wrote:<span style="color:green">

>> [Let me note that your problem really has nothing to do with Windows

>> Update

>> other than the fact that AU gave you this month's version of the MSRT

>> once.

>> As the thread's really OT for Windows Update newsgroup, I'm going to

>> crosspost to Vista Security newsgroup, too.]

>>

>> You paid for BitDefender support with your subscription: What have they

>> had

>> to say about all this?

>><span style="color:darkred">

>>> Both Bit Defender and MSRT KB890830 are recognising and deleting the

>>> file US30Kbd2K.sys as a trojan - but they are not deleting/modifying the

>>> associated registry entries.</span>

>>

>> Have you tried to delete them manually?

>><span style="color:darkred">

>>> ...I suspect this version may have come from a P2P source</span>

>>

>> As you participate in P2P file sharing, there's a very good chance are

>> that

>> you are seeing the affects of other hijackware (e.g., a rootkit that's

>> "protecting" the infection you know about and others). If only to rule

>> out

>> this possibility, I'd recommend that you run a thorough check for

>> hijackware, including posting the requested logs in an appropriate forum.

>>

>> Checking for/Help with Hijackware

>> http://aumha.net/viewtopic.php?f=30&t=4075

>> http://mvps.org/winhelp2002/unwanted.htm

>> http://inetexplorer.mvps.org/data/prevention.htm

>> http://inetexplorer.mvps.org/tshoot.html

>> http://www.mvps.org/sramesh2k/Malware_Defence.htm

>> http://www.elephantboycomputers.com/page2....emoving_Malware

>>

>> Seek expert assistance in

>> http://spywarehammer.com/simplemachinesfor....php?board=10.0,

>> http://forums.spybot.info/forumdisplay.php?f=22,

>> http://aumha.net/viewforum.php?f=30, or other appropriate forums.

>>

>> If the procedures look too complex - and there is no shame in admitting

>> this isn't your cup of tea - take the machine to a local, reputable and

>> independent (i.e., not BigBoxStoreUSA) computer repair shop.

>> --

>> ~PA Bear

>>

>> Sombrero wrote:<span style="color:darkred">

>>> Hi Bear -thanks for the reply

>>> First up, no I have never had McAfee or Norton installed on my laptop.

>>> Bit Defender Anti Virus 2009 is a licensed and fully updated copy,

>>> recently

>>> installed as an upgrade from 2008.

>>> MSRT was downloaded 13 March - not sure of time -but has been deleted

>>> and

>>> reinstalled by me (using System Restore) a t least three times since.

>>>

>>> However, I now have a clearer situation update about the problem. It now

>>> seems certain that I have a trojan installed in my machine, which Bit

>>> Defender identifies as "Trojan.Generic 1487884", in the form of file

>>> US30Kbd2K.sys, which is located in

>>> Windows/System32/Drivers and is loading as a PS2 keyboard driver. There

>>> appear to be at least three Registry entries in HKLMSystemCurrent

>>> Control

>>> SetServices that are associated with this trojan. I understand that

>>> US30Kbd2K

>>> was originally part of a program called Universal Shield,which was

>>> installed

>>> and removed from my machine about a year ago (not Vista compatible), but

>>> I

>>> suspect this version may have come from a P2P source only last week.

>>>

>>> US30Kbd2K.sys is showing up in Device Manager under the Standard PS2

>>> Keyboard entry as an additional driver to the two regular microsoft

>>> drivers

>>> (i8042prt.sys and kbdclass.sys).

>>>

>>> Both Bit Defender and MSRT KB890830 are recognising and deleting the

>>> file US30Kbd2K.sys as a trojan - but they are not deleting/modifying the

>>> associated

>>> registry entries. So when I reboot Vista, I loose both my Keyboard and

>>> my

>>> (PS2) TouchPad facilities. An external keyboard will not work either.

>>> Device

>>> Manager then shows that the drivers (both Keyboard and PS2 mouse) cannot

>>> load (Keyboard error code 39, Mouse error code 10). I tried uninstaling

>>> and

>>> reinstalling the normal drivers but Vista says the registry may be

>>> corrupt

>>> (Catch 22!!). My USB mouse is working OK

>>>

>>> So the only way that I can keep my laptop working properly (at the

>>> moment)

>>> is to stop Bit Defender from deleting the trojan during its overnight

>>> scan,

>>> and to

>>> not download MSRT KB890830 (although I might try the latter after

>>> temporarily renaming the trojan file?). I have used Windows System

>>> Restore

>>> several times to revert back to a useable version of Vista so that I can

>>> keep typing!

>>>

>>> Can you offer any suggestions please?

>>> sombrero

>>>

>>>

>>> "PA Bear [MS MVP]" wrote:

>>>

>>>> cf. http://virscan.org/report/a47ab803039fbbe5...e8bc003f46.html

>>>>

>>>> When (date & time) did the MSRT download?

>>>>

>>>> Did the MSRT alert you to an infection it found?

>>>>

>>>> When did you install BitDefender? Have you purchased BitDefender? Can

>>>> you

>>>> manually update BitDefender and have you done so? What anti-virus

>>>> application were you using before you installed BitDefender?

>>>>

>>>> Has a Norton or McAfee application ever been installed on this machine

>>>> (e.g., a free-trial version that came preinstalled when you bought it)?

>>>> --

>>>> ~Robear Dyer (PA Bear)

>>>> MS MVP-IE, Mail, Security, Windows Client - since 2002

>>>> AumHa VSOP & Admin http://aumha.net

>>>> DTS-L http://dts-l.net/

>>>>

>>>> Sombrero wrote:

>>>>> Keyboard and Touchpad Crashes with Windows Update KB 890830 -

>>>>> Malicious Software Tool - March 2009.

>>>>>

>>>>> After installing the above update on a Fujitsu Lifebook E 8410 Laptop

>>>>> (Windows Vista Business) , I lost use of both my Keyboard and my Touch

>>>>> Pad. The wired USB Mouse works OK. Used Windows Restore and the

>>>>> system returned to normal.

>>>>>

>>>>> When installing KB 890830, my Bit Defender 2009 Virus Scanner

>>>>> identifies

>>>>> a

>>>>> Trojan.Generic.1487884 (file reference is US30Kbd2K.sys) in

>>>>> C:WindowsSystem32Drivers and deletes same. Also, when running

>>>>> WINDOWS Defender on its own, BIT Defender again pops up and also

>>>>> deletes

>>>>> file US30Kbd2K.sys.

>>>>>

>>>>> My keyboard drivers are listed in Devise Manager as i8042prt.sys,

>>>>> kbdclass.sys and US30Kbd2K.sys - the latter is possibly a trojan.

>>>>> However,

>>>>> when US30Kbd2K.sys is removed (either manually or by Bit Defender) the

>>>>> keyboard and touch pad will not work. I tried uninstalling and and

>>>>> reinstalling the two legitimate Microsoft keyboard drivers, but

>>>>> received

>>>>> a

>>>>> message saying I could not do so as the Registry was corrupt.

>>>>>

>>>>> Can you suggest please how I might overcome this problem. I have

>>>>> curently

>>>>> removed KB890830 (March 2009) from my system to keep the keyboard and

>>>>> touch

>>>>> pad working. An external PS2 keyboard does not work, but the on-screen

>>>>> (manual access) keyboard does. </span></span></span>