Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

UnHackMe Locked Keyboard


  • Please log in to reply

#1
MWD

MWD

    New Member

  • Member
  • Pip
  • 2 posts
I ran a program named UnHackMe distributed by Greatis Software, www.greatis.com, which runs in the background and detects hidden rootkits. The program detected a .sys file, I can't remember the name something starting with TKB or TBK and stated that it was an AFX rootkit. I was given the option to delete, which I choose. The sytem rebooted, deleted the file and brought up my logon screen where I type in my password. Well, now my keyboard doesn't work, so I can't type in my password. I tried booting into safe mode but, system still requires my password. I also tried restoring from "last known good configuration", still no luck. I restored Windows XP using the origianl Windows CD and selected Repair, Windows reinstalled but, keyboard still doesn't work.

If someone could tell me how to bypass my logon password so I can get into my system I could uninstall UnHackMe and hopefully everything will be back to normal. BTW, mouse works.

Windows XP SP2

Thanks,
MWD
  • 0

Advertisements


#2
silencedmessage

silencedmessage

    Member

  • Member
  • PipPipPip
  • 987 posts
Hi MWD,

Welcome to GeeksToGo!

My best advice to you would be to boot to safemode, and select the admin account. From there, you should be able to uninstall the program. Please let us know how that works out, there are many other options if it doesn't work. :)

-Silenced Message
  • 0

#3
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
What make keyboard is it ?
  • 0

#4
MWD

MWD

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts

Hi MWD,

Welcome to GeeksToGo!

My best advice to you would be to boot to safemode, and select the admin account. From there, you should be able to uninstall the program. Please let us know how that works out, there are many other options if it doesn't work. :)

-Silenced Message


Hello All,

I tried the safe-mode approach but, unfortunately I had given the Administrator account a password. I tried running a program call Winternals ERD Commander; which would let me change passwords but, would not allow passwords to be blank; in other words all accounts must have a password.

I did figure out the file I deleted that UnHackMe identifed as a RootKit was associated with a program I was running called THREATFIRE by PCTOOLS. With this info in hand I ran ERD again to see if I could re-install THREATFIRE but, no luck. So, my next bet was to un-install THREATFIRE; which I did. Re-booted and still no keyboard. So, I tried booting with my Windows CD and doing a REPAIR; did the repair booted up and still no keyboard. I then decided to just re-install Windows, guess what IT detects a version already loaded on my system instead of letting me "write over" the current installtion, wants to add another XP Oprating system to my hard drive. Now I'm at wits end!

Did a shutdown, removed the Windows CD and insert the ERD cd and rebooted my system again. Deleted the C:\Windows directory and all sub-directories. Re-booted the system using my original Windows XP cd; this way I don't have to format and lose all my files. This solved my keyboard problem! The draw back is you have to re-install most software and drivers but, you still have all your files. I don't know if I will re-install both UnHackMe or THREATFIRE, most likely only one. This was a hard learned lesson; make sure you know what you are deleting before hitting the DELETE key. You can bet I'll do my research next time. That's what so wonderful about the internet, the wealth of info out there. All I had to do was a search on the file that UnHackMe identifed and I would have seen it was used by THREATFIRE and I would not have hit the DELETE KEY! Lesson Learned!

Thanks to all for your support & suggestions!

MWD

Edited by MWD, 20 October 2007 - 03:48 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP