Actually, I didn’t delete keyboard.exe.

The file was sandboxed by Comodo at 11:11 AM. Since this occured at a reboot, I didn’t get any alerts which was a bit strange. I didn’t see the activity in my Comodo log until early in the afternoon. By that time I had rebooted a couple of times. All I can figure is Comodo deleted it from the sandbox when it found it, scanned it in its cloud, and found it malicious.

I am still trying to figure out how keyboard.exe got placed in my download folder. Since there are versions of this file that are not malicous, appears someone has figured out a way to piggyback it on another download and get away with it.

This is the first case I can say I miss NIS 2011 that I have installed on my XP SP3 installation. Norton’s File Insight would have alerted me at least that the file had downloaded.