Jump to content

the "enter" virus


Recommended Posts

keeps repeating the "enter' command even when the keyboard is not attached. pretty much makes the computer unusable. funny thing is that after it happened the first time, i reformatted the drive, used different drives, used a different OS, and after I had installed and updated all of my programs, there it is again. Kaspersky cant find it and now the second install is unusable, it starts happening sooner and sooner after bootup and then the computer becomes unusable at all.

This is very strange that it would happen on the same computer, so soon after reformat. Has anyone heard of this at all? Seems very strange, I know how to avoid viruses and haven't had any in years and years.

Windows 7/64

any help?

thanks . . . :D

Link to post
Share on other sites

It has been suggested that the virus is in the MBR so that it is active whenever windows is active. So yes, i did press F8 to get the startup options, and when it came to the screen with the options, including safe mode, of course Start Windows Normally is highlighted, and that screen disappears immediately which tells me that the "enter" is active at that point and I can't choose safe mode.

i am scanning this, my main computer, whcih is not infected, with Malwarebytes, as i really need to re-connect the other infected hard drive to retrieve some info off of it, but dont want to infect my other computers, if it is capbalbe of that

Link to post
Share on other sites

I'm thinking there's a hardware issue here. If you know how to burn an ISO image to a CD, then create a Linux boot disk from one of the links below, and try booting your computer off of it and see if the issue persists:

Puppy 4.30

Knoppix 6.0.1

Fedora 11

If the issue persists in a Linux environment that has loaded off of a CD or DVD, then the issue is a hardware issue. If the issue does not persist in the Linux environment loaded off of a CD, then I can give you instructions for wiping out the boot sector and replacing it.

Link to post
Share on other sites

  • Root Admin

Yes you can easily transfer Malware between systems. Depending on what the virus/malware/worm and how you manage and use the tools it can be dormant when installed as a slave drive or it could become active so that's a very difficult question to answer.

If you need assistance cleaning the system then please follow the directions below and someone will assist you as soon as they can.

Scan and post logs - read note at bottom in green

If you're having Malware related issues with your computer that you're unable to resolve.

  1. Please read and follow the instructions provided here: I'm infected - What do I do now?
  2. If needed please post your logs in a NEW topic here: Malware Removal - HijackThis Logs
  3. When posting logs please do not use any Quote, Code, or other tags. Please copy/paste directly into your post and do not attach files unless requested.

  • Please do not post any logs in the General forum. We do not work on any logs posted in the General forum.
  • Please do not install any software or use any removal/scanning tool except for those you're requested to run by the Helper that will assist you.
  • Using these other tools often makes the cleanup task more difficult and time consuming.
  • If you have already submitted for assistance at one of the other support sites on the Internet then you should not post a new log here, you should stay working with the Helper from that site until the issue is resolved.
  • Do not assume you're clean because you don't see something in the logs. Please wait until the person assisting you provides feedback.
  • There are often many others that require asistance as well, so please be patient. If no one has responded within 48 hours then please go ahead and post a request for review

  • NOTE: If for some reason you're unable to run some or any of the tools in the first link, then skip that step and move on to the next one. If you can't even run HijackThis, then just proceed and post a NEW topic as shown in the second link describing your issues and someone will assist you as soon as they can.

Link to post
Share on other sites

I'm thinking there's a hardware issue here. If you know how to burn an ISO image to a CD, then create a Linux boot disk from one of the links below, and try booting your computer off of it and see if the issue persists:

Puppy 4.30

Knoppix 6.0.1

Fedora 11

If the issue persists in a Linux environment that has loaded off of a CD or DVD, then the issue is a hardware issue. If the issue does not persist in the Linux environment loaded off of a CD, then I can give you instructions for wiping out the boot sector and replacing it.

you mean you think the virus is embedded in the firmware of a piece of hardware? I am going to try the Linux boot thing and see what happens.

Link to post
Share on other sites

you mean you think the virus is embedded in the firmware of a piece of hardware? I am going to try the Linux boot thing and see what happens.

No, I don't believe it's a virus. I believe it's a bad keyboard controller. Such things happen, and such failures are random, but always unfortunate.

Link to post
Share on other sites

I started from the puppy linux just fine

error message: cannot find tocblock

. . . and then loading stuff in to ram

i looked away for a sec and when i looked back the screen was scrolling vertically very fast and now it is a pretty design of green and yellow diagonal designs.

so, that means it is a hard ware issue? What next?

in the meantime i will try the other linux versions just to see what happens . . .

Link to post
Share on other sites

It's possible that Puppy isn't compatible with your computer. Sometimes these Linux boot disks take a while to load, and sometimes if they don't like the chipset on the motherboard they wont load at all. Each one of the boot disks I mentioned is built differently, so try each one and see if any of them will boot up properly. If not, then you may have to make a BartPE disk and use it.

Link to post
Share on other sites

I tried the Puppy again, and went through the prompts just fine, time zone, etc, and then chose a video resolution, and thats when the screen started scrolling again with jagged lines. now it just reboots and doenst go in to the Puppy menu at all.

What hardware is possibly infected? Its not the ram, i bought new and upgraded when i reformatted. Its not the hard drive, there sere seperate also, and its not the motherboard, i flashed the bios as part of the solution.

BUT, the BIOS update dialog box did come up a day before it started having problems, on Gigabyte its called X-Bios or something, and it asked me for a disk to flash the bios. This also was very strange as there would be no reason for it to come up unless it was copromised.

Link to post
Share on other sites

OK, its happening sometimes in the BIOS and always when I reload the Linuz boot CD, which always ends in a funny colored grahics screen becasue that is the last option for the Puppu boot, choosing the screen resolution.

so, now, can i assume that it is a hardware issue and maybe the keyboard controller, wherever that is?

funny thing happened other day of or the day before the failure, the BIOS flash program came up when i rebooted, and there would be no reason for it to do that. I later re-flashed the bios as a precautrion, but that was the first sign that something was wrong. Would that be compatible with a bad keyboard controller? And how does one replace a bad keyboard controller? But a new MB? Dont say yes as i will have to go with SCSI 15k raid for everything. ;+)

Not that i know what I'm doing.

thanks for the suggestions, what next?

Link to post
Share on other sites

And how does one replace a bad keyboard controller? But a new MB? Dont say yes as i will have to go with SCSI 15k raid for everything. ;+)

The keyboard controller is part of the motherboard. If it's bad, then a new motherboard is the only way to go.

Try the Fedora boot CD, and see if it works. Just click the "Download Now!" button, and that will be the bootable one. It's possible that the issue with Puppy is that it doesn't like your video card, and if it's ATI then that would be why.

Link to post
Share on other sites

I unplugged the OS and paging/scratch drives, and rebooted from the Puppy Linux, and it still happened. I could choose which version I wanted to use, but as soon as it started loading in to ram, then the scrolling started. Does it make sense that this is a strong indication that it is the controller? If it is a virus, then it could not be active without a hard drive present. Unless it reinfected the BIOS or something similiar.

Link to post
Share on other sites

the "enter" problem happens in the bios, without any drives or keyboards attached at all, after flashing the bios yesterday with the latest update.

Try redownloading the update and reflashing. If that doesn't help, try downloading the previous BIOS version and flashing with that. Sometimes they introduce new bugs with new BIOS versions.

What motherboard is this? Hope it's something easy to flash like ASUS. :D

Link to post
Share on other sites

I cant actually because of the problem. That is what Gigabyte tech support suggested as well, flash with the oldest v4 and then flash with the latest v9. But I cant do either and bought a replacement board. So the only question in my mind, is if it is in fact a virus, and the virus infected the bios again after it was flashed, then the problem isn't solved. But its $100 well spent since I cant spend any more time futzing with floppys which take forever to read and write. The suggestion of a bad keyboard controller well, it sounds perfect and I hope you are right. Thanks again for the suggestions.

Link to post
Share on other sites

My recommendation is to turn off the computer, unplug it, and look for the battery on the motherboard (refer to the picture below). Take that battery out, and leave it out for about 20 seconds. Then, put it back in, plug your computer back in, and see if you can get into the BIOS without the Enter key issue. If you can, you will have to reset the clock, and make sure that any custom settings are the way you want them (such as the boot order).

battery9ulwd2.jpg

Link to post
Share on other sites

I had tried that as one of the first things, not really knowing what it might be doing, but that it would reset the system somehow. And the delay would get shorter before it started happening. In windows at first it was a day, then a couple of hours, then a few minutes, and then immediately on boot up. Same thing with the bios, it happens as soon as I get in to the bios now whereas before i had some time. The guy at Gigabyte said yes, there is a keyboard controller and it is a piece of hardware on the board. If it is bad, then i need to finish installing this new board, which is about half way done.

Link to post
Share on other sites

So . . . The Gigabyte GA-EP45-UD3L and GA-EP45-UD3LR manual which came with my GA-EP45-UD3L board, which doesn't have raid, doesn't explain that until the foot note on the page explaining how to set up raid in the bios. I looked at the manual in the store, saw that the raid setup was the same as what I had, and assumed it would work. It does not. It is missing. I am done with Gigabyte. This is the second board that is going back.

Link to post
Share on other sites

Yea, I've had Gigabyte boards come with multiple manuals and multiple driver install disk. Had to reinstall Windows on a new PC build once because the drivers on one of the disks actually broke the audio in Windows, and I couldn't remove the driver. I guess in retrospect I could have used The Avenger or ComboFix to blow it away, but at the time it didn't even occur to me.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.