P
PA Bear [MS MVP]
[Let me note that your problem really has nothing to do with Windows Update
other than the fact that AU gave you this month's version of the MSRT once.
As the thread's really OT for Windows Update newsgroup, I'm going to
crosspost to Vista Security newsgroup, too.]
You paid for BitDefender support with your subscription: What have they had
to say about all this?
> Both Bit Defender and MSRT KB890830 are recognising and deleting the
> file US30Kbd2K.sys as a trojan - but they are not deleting/modifying the
> associated registry entries.
Have you tried to delete them manually?
> ...I suspect this version may have come from a P2P source
As you participate in P2P file sharing, there's a very good chance are that
you are seeing the affects of other hijackware (e.g., a rootkit that's
"protecting" the infection you know about and others). If only to rule out
this possibility, I'd recommend that you run a thorough check for
hijackware, including posting the requested logs in an appropriate forum.
Checking for/Help with Hijackware
http://aumha.net/viewtopic.php?f=30&t=4075
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://www.elephantboycomputers.com/page2....emoving_Malware
**Seek expert assistance in
http://spywarehammer.com/simplemachinesfor....php?board=10.0,
http://forums.spybot.info/forumdisplay.php?f=22,
http://aumha.net/viewforum.php?f=30, or other appropriate forums.**
If the procedures look too complex - and there is no shame in admitting this
isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA) computer repair shop.
--
~PA Bear
Sombrero wrote:
> Hi Bear -thanks for the reply
> First up, no I have never had McAfee or Norton installed on my laptop.
> Bit Defender Anti Virus 2009 is a licensed and fully updated copy,
> recently
> installed as an upgrade from 2008.
> MSRT was downloaded 13 March - not sure of time -but has been deleted and
> reinstalled by me (using System Restore) a t least three times since.
>
> However, I now have a clearer situation update about the problem. It now
> seems certain that I have a trojan installed in my machine, which Bit
> Defender identifies as "Trojan.Generic 1487884", in the form of file
> US30Kbd2K.sys, which is located in
> Windows/System32/Drivers and is loading as a PS2 keyboard driver. There
> appear to be at least three Registry entries in HKLMSystemCurrent
> Control
> SetServices that are associated with this trojan. I understand that
> US30Kbd2K
> was originally part of a program called Universal Shield,which was
> installed
> and removed from my machine about a year ago (not Vista compatible), but I
> suspect this version may have come from a P2P source only last week.
>
> US30Kbd2K.sys is showing up in Device Manager under the Standard PS2
> Keyboard entry as an additional driver to the two regular microsoft
> drivers
> (i8042prt.sys and kbdclass.sys).
>
> Both Bit Defender and MSRT KB890830 are recognising and deleting the
> file US30Kbd2K.sys as a trojan - but they are not deleting/modifying the
> associated
> registry entries. So when I reboot Vista, I loose both my Keyboard and my
> (PS2) TouchPad facilities. An external keyboard will not work either.
> Device
> Manager then shows that the drivers (both Keyboard and PS2 mouse) cannot
> load (Keyboard error code 39, Mouse error code 10). I tried uninstaling
> and
> reinstalling the normal drivers but Vista says the registry may be corrupt
> (Catch 22!!). My USB mouse is working OK
>
> So the only way that I can keep my laptop working properly (at the moment)
> is to stop Bit Defender from deleting the trojan during its overnight
> scan,
> and to
> not download MSRT KB890830 (although I might try the latter after
> temporarily renaming the trojan file?). I have used Windows System Restore
> several times to revert back to a useable version of Vista so that I can
> keep typing!
>
> Can you offer any suggestions please?
> sombrero
>
>
> "PA Bear [MS MVP]" wrote:
>
>> cf. http://virscan.org/report/a47ab803039fbbe5...e8bc003f46.html
>>
>> When (date & time) did the MSRT download?
>>
>> Did the MSRT alert you to an infection it found?
>>
>> When did you install BitDefender? Have you purchased BitDefender? Can
>> you
>> manually update BitDefender and have you done so? What anti-virus
>> application were you using before you installed BitDefender?
>>
>> Has a Norton or McAfee application ever been installed on this machine
>> (e.g., a free-trial version that came preinstalled when you bought it)?
>> --
>> ~Robear Dyer (PA Bear)
>> MS MVP-IE, Mail, Security, Windows Client - since 2002
>> AumHa VSOP & Admin http://aumha.net
>> DTS-L http://dts-l.net/
>>
>> Sombrero wrote:
>>> Keyboard and Touchpad Crashes with Windows Update KB 890830 -
>>> Malicious Software Tool - March 2009.
>>>
>>> After installing the above update on a Fujitsu Lifebook E 8410 Laptop
>>> (Windows Vista Business) , I lost use of both my Keyboard and my Touch
>>> Pad. The wired USB Mouse works OK. Used Windows Restore and the
>>> system returned to normal.
>>>
>>> When installing KB 890830, my Bit Defender 2009 Virus Scanner identifies
>>> a
>>> Trojan.Generic.1487884 (file reference is US30Kbd2K.sys) in
>>> C:WindowsSystem32Drivers and deletes same. Also, when running
>>> WINDOWS Defender on its own, BIT Defender again pops up and also deletes
>>> file US30Kbd2K.sys.
>>>
>>> My keyboard drivers are listed in Devise Manager as i8042prt.sys,
>>> kbdclass.sys and US30Kbd2K.sys - the latter is possibly a trojan.
>>> However,
>>> when US30Kbd2K.sys is removed (either manually or by Bit Defender) the
>>> keyboard and touch pad will not work. I tried uninstalling and and
>>> reinstalling the two legitimate Microsoft keyboard drivers, but received
>>> a
>>> message saying I could not do so as the Registry was corrupt.
>>>
>>> Can you suggest please how I might overcome this problem. I have
>>> curently
>>> removed KB890830 (March 2009) from my system to keep the keyboard and
>>> touch
>>> pad working. An external PS2 keyboard does not work, but the on-screen
>>> (manual access) keyboard does.
other than the fact that AU gave you this month's version of the MSRT once.
As the thread's really OT for Windows Update newsgroup, I'm going to
crosspost to Vista Security newsgroup, too.]
You paid for BitDefender support with your subscription: What have they had
to say about all this?
> Both Bit Defender and MSRT KB890830 are recognising and deleting the
> file US30Kbd2K.sys as a trojan - but they are not deleting/modifying the
> associated registry entries.
Have you tried to delete them manually?
> ...I suspect this version may have come from a P2P source
As you participate in P2P file sharing, there's a very good chance are that
you are seeing the affects of other hijackware (e.g., a rootkit that's
"protecting" the infection you know about and others). If only to rule out
this possibility, I'd recommend that you run a thorough check for
hijackware, including posting the requested logs in an appropriate forum.
Checking for/Help with Hijackware
http://aumha.net/viewtopic.php?f=30&t=4075
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://www.elephantboycomputers.com/page2....emoving_Malware
**Seek expert assistance in
http://spywarehammer.com/simplemachinesfor....php?board=10.0,
http://forums.spybot.info/forumdisplay.php?f=22,
http://aumha.net/viewforum.php?f=30, or other appropriate forums.**
If the procedures look too complex - and there is no shame in admitting this
isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA) computer repair shop.
--
~PA Bear
Sombrero wrote:
> Hi Bear -thanks for the reply
> First up, no I have never had McAfee or Norton installed on my laptop.
> Bit Defender Anti Virus 2009 is a licensed and fully updated copy,
> recently
> installed as an upgrade from 2008.
> MSRT was downloaded 13 March - not sure of time -but has been deleted and
> reinstalled by me (using System Restore) a t least three times since.
>
> However, I now have a clearer situation update about the problem. It now
> seems certain that I have a trojan installed in my machine, which Bit
> Defender identifies as "Trojan.Generic 1487884", in the form of file
> US30Kbd2K.sys, which is located in
> Windows/System32/Drivers and is loading as a PS2 keyboard driver. There
> appear to be at least three Registry entries in HKLMSystemCurrent
> Control
> SetServices that are associated with this trojan. I understand that
> US30Kbd2K
> was originally part of a program called Universal Shield,which was
> installed
> and removed from my machine about a year ago (not Vista compatible), but I
> suspect this version may have come from a P2P source only last week.
>
> US30Kbd2K.sys is showing up in Device Manager under the Standard PS2
> Keyboard entry as an additional driver to the two regular microsoft
> drivers
> (i8042prt.sys and kbdclass.sys).
>
> Both Bit Defender and MSRT KB890830 are recognising and deleting the
> file US30Kbd2K.sys as a trojan - but they are not deleting/modifying the
> associated
> registry entries. So when I reboot Vista, I loose both my Keyboard and my
> (PS2) TouchPad facilities. An external keyboard will not work either.
> Device
> Manager then shows that the drivers (both Keyboard and PS2 mouse) cannot
> load (Keyboard error code 39, Mouse error code 10). I tried uninstaling
> and
> reinstalling the normal drivers but Vista says the registry may be corrupt
> (Catch 22!!). My USB mouse is working OK
>
> So the only way that I can keep my laptop working properly (at the moment)
> is to stop Bit Defender from deleting the trojan during its overnight
> scan,
> and to
> not download MSRT KB890830 (although I might try the latter after
> temporarily renaming the trojan file?). I have used Windows System Restore
> several times to revert back to a useable version of Vista so that I can
> keep typing!
>
> Can you offer any suggestions please?
> sombrero
>
>
> "PA Bear [MS MVP]" wrote:
>
>> cf. http://virscan.org/report/a47ab803039fbbe5...e8bc003f46.html
>>
>> When (date & time) did the MSRT download?
>>
>> Did the MSRT alert you to an infection it found?
>>
>> When did you install BitDefender? Have you purchased BitDefender? Can
>> you
>> manually update BitDefender and have you done so? What anti-virus
>> application were you using before you installed BitDefender?
>>
>> Has a Norton or McAfee application ever been installed on this machine
>> (e.g., a free-trial version that came preinstalled when you bought it)?
>> --
>> ~Robear Dyer (PA Bear)
>> MS MVP-IE, Mail, Security, Windows Client - since 2002
>> AumHa VSOP & Admin http://aumha.net
>> DTS-L http://dts-l.net/
>>
>> Sombrero wrote:
>>> Keyboard and Touchpad Crashes with Windows Update KB 890830 -
>>> Malicious Software Tool - March 2009.
>>>
>>> After installing the above update on a Fujitsu Lifebook E 8410 Laptop
>>> (Windows Vista Business) , I lost use of both my Keyboard and my Touch
>>> Pad. The wired USB Mouse works OK. Used Windows Restore and the
>>> system returned to normal.
>>>
>>> When installing KB 890830, my Bit Defender 2009 Virus Scanner identifies
>>> a
>>> Trojan.Generic.1487884 (file reference is US30Kbd2K.sys) in
>>> C:WindowsSystem32Drivers and deletes same. Also, when running
>>> WINDOWS Defender on its own, BIT Defender again pops up and also deletes
>>> file US30Kbd2K.sys.
>>>
>>> My keyboard drivers are listed in Devise Manager as i8042prt.sys,
>>> kbdclass.sys and US30Kbd2K.sys - the latter is possibly a trojan.
>>> However,
>>> when US30Kbd2K.sys is removed (either manually or by Bit Defender) the
>>> keyboard and touch pad will not work. I tried uninstalling and and
>>> reinstalling the two legitimate Microsoft keyboard drivers, but received
>>> a
>>> message saying I could not do so as the Registry was corrupt.
>>>
>>> Can you suggest please how I might overcome this problem. I have
>>> curently
>>> removed KB890830 (March 2009) from my system to keep the keyboard and
>>> touch
>>> pad working. An external PS2 keyboard does not work, but the on-screen
>>> (manual access) keyboard does.