Thread: O.T. Missing Folder/files
View Single Post
  #161  
Old May 21st 21, 03:03 PM posted to microsoft.public.windowsxp.general
Paul[_32_]
external usenet poster
  
Posts: 11,873
Default O.T. Missing Folder/files
Robert in CA wrote:
It didn't let me install Avast Clear on the desktop instead it gave me this.

https://postimg.cc/xJB1zhCd


I tried saying NO but then it started running the program instead so I stopped
it and went into Safe Mode and downloaded it and it immediately started to run
then I restarted the computer

https://postimg.cc/QVWt384K

I checked Program and Features to make sure it was gone. Then I checked eBay,
Google,Yahoo for backspacing. It was same as all the others it still didn't function.
So installed Avast again.

So by a process of elimination we have tested all the A/V, VLC media and the keyboard
and Rootkit found nothing or Sharp Keys. I wanted to try to uninstall Sea Monkey to test
it since we've tested everything else but its not listed in Program and Features?

What could it be? I would hate to move forward with this and clone hds with no
backspace function.

Thoughts/suggestions?
Robert


The only other suggestion I could see, from someone
who works on malware, is to check the "Run keys".
That's something you would likely see in Autoruns,
and you already had a look there.

Or, you can use Device Manager, find the keyboard,
do Properties, and look in the "Details" for
"Device UpperFilters" and "Device LowerFilters".
There should not be anything in those two.

The "Class UpperFilters" has "kbdclass", which is
a Microsoft entry.

But I don't have a purpose-built debug util.
Sharpkeys is a step in the right direction, but
it's not feature-complete as a malware buster.

Apparently ETW has key character tracing capability,
but I'm unable to collect such events in Process Monitor,
and it's possible there's no handler for them. People
have even built keyloggers using ETW. But in that subsystem,
there is no ability to "interfere" with the stream, so
the backspace key would continue to work. Whereas a Filter
Driver allows both logging as well as making characters
disappear.

Part of the problem at times like this, is the OS is
entirely too flexible, and it's pretty hard to know
where all the attack surfaces are, and what the signs
of being attacked that way are.

Paul
Ads