ntuser.dat virus picked up in scan

I ended up doing system restore. It fixed the temporary profile issue… but now my keyboard won’t work. Wired Microsoft 400. It tried reinstalling the driver when logged in but it failed. Mouse works fine. Tried looking up the driver but it only leads me to the Microsoft Mouse and Keyboard Center. Any ideas? Using on screen keyboard now.

so you found the oldest…

quote Bruce Harrison Vice President of Research

The quick scan does memory , load points , all heuristic scans that the full scan does and all common malware locations .

I have never needed the full scan to remove the malware I am researching and have not even run one on any of my research machines this year .

quote Ron Lewis Forum Community Manager

Every known location where Malware can run and continue to infect you is scanned in a Quick Scan. Having non active Malware in a folder or zip file is of no threat unless you launch it and it's an actual installer for the Malware. Even being Malware but not an installer would still probably be of minimal risk in most cases.

Should you run a Full Scan. Well probably at least once at some point if for nothing else than to give you an added feeling of safety but again, this is typically what an Anti-Virus product is designed to do. They locate orphaned or non active Malware and remove them as part of their system scans.
Ron Lewis

quote Ron Lewis Forum Community Manager

There's nothing wrong with running the Full Scan as it does no harm, it just takes longer. I do recall this being addressed once by one of MBAM's developers where they said something to the effect that the Full Scan is there because some users would demand it, based on the idea that MBAM is like every other file scanner out there, which clearly it is not.

In my opinion, the Full Scan option should be removed. If you notice post #9 is from Bruce Harrison, one of MBAM’s primary malware researchers and one of the creators of Malwarebytes’ detection database. The .01% would be dormant traces, such as those that might be contained within a System Restore point, which should not be disinfected by any scanner as it would likely render the restore point useless. A better method for that type of cleanup would be to disable System Restore, reboot, turn System Restore back on then create a clean restore point. But again, anything in SR would be dormant, not active.

so, full scan is not necessary for cleaning the comp for activly running malware …full scan can be run when you have time (can take a looooong time) and want to find those inert files
https://helpdesk.malwarebytes.org/entries/20883848-What-is-the-difference-between-the-three-scan-types-in-Malwarebytes-Anti-Malware-

Try going to Device Manager, click on Action in the toobar, and select Scan for hardware changes.

Doesn’t do anything.

I’m not interested in getting into a flame war about Malwarebytes Quick Scan vs. Full Scan…

I would never recommend a Quick Scan to a client when there has been visible evidence of a possible infection.

If there is an entry in Device Manager for the keyboard, try uninstalling it, then reboot and see if Windows will re-detect it.

I assume that you do not have a full disk image backup of your system you can restore?

Didnt do it. Keyboard is on right till the OS starts. I dont believe i have a saved image.

Try it after booting into Safe Mode.

:confused: Still not working even in safe mode

You didn’t mention what version of Windows you are using, but this may be helpful…

http://windows.microsoft.com/en-us/windows/help/mouse-touchpad-keyboard-problems-in-windows#v1h=tab03

http://postimg.org/image/3zpxi49jp/56f5a087/

Something is wrong but windows cant figure it out. windows 7 home 64 bit

If you have another System Restore point that is recent, you can try that.

Do you have the original Windows 7 install CD, or a vendor supplied recovery disk?

Yes I have the cd. Also just blue screened:http://postimg.org/image/krd9s3buf/

Fred Langa’s article on how to do a no-reformat non-destructive re-install of Windows is linked below…

http://windowssecrets.com/top-story/win7s-no-reformat-nondestructive-reinstall/

This will do a fresh install of Windows 7, without destroying your personal files.

It is important to confirm that the CD you have is not a computer vendor supplied rescue disk. Those will not work for this procedure.

If it is a vendor rescue disk, you might try downloading and running Windows Repair (All In One).

http://www.bleepingcomputer.com/download/windows-repair-all-in-one/

Hi,
There is no malware here.

Even though with no posted logs I can’t say with certainty you are clean but MBAM has detect just an PUP software.

Detection for ntuser.dat is FP.

Thank you. And I solved the keyboard issue with a series of system restores - no signs of anything working improperly.

You might want to strongly consider doing frequent full disk image backups of your system, now that everything is working.

There are 1 TB removable hard drives now that sell for less than $100 US. There are many good disk imaging programs to choose from, some of them are free.

Good insurance to have in situations like this. As you know, things can and eventually will go wrong.

I have a WD 1TB external HD actually, paid around $89 for it. Which program would you recommend? Preferably free.

jwoods,

Did you block me? I can’t PM you. And I don’t remember ever speaking to you before.

Techsupportalert.com is a very good resource for freeware.

This is their list for disk imaging software…

http://www.techsupportalert.com/best-free-drive-imaging-program.htm

Note on Techsupportalert for Seagate and WD users:

Owners of Seagate hard drives are eligible to download and use the Seagate Disk Wizard tools. Disk Wizard is essentially a slimmed down version of Acronis True Image that is available for free.

Owners of Western Digital hard drives also have a great option for disk imaging. Western Digital offers the Acronis True Image WD Edition which is much the same as what Seagate offers to its users.

I personally prefer the paid “Image for Windows” from Terabyte…$39 US and has never failed me.

http://www.terabyteunlimited.com/image-for-windows.htm