I have a customer that says his IT department says there is a new threat and can be checked by pressing the shift key 5 times, it pulls up a command prompt instead of the sticky keys. I told him I have not read any information about this, but he is persistent.
I would start by searching virus myths vmyths.com or google but too me it has the whiff of myth/hoax/practical joke about it regardless of what your customers IT department said.
If they knew so much about it, being able to test for it (pressing the shift key 5 times) you would have thought they would have known the name of this virus ???
My personal feeling would be to get back to your customer and ask him for the virus name this iffy shift key check is supposed to detect. That would be much more usefull, you would be able to get information on the supposed virus to be able to protect and or remove, etc.
I have already done that and he said it has something to do with replacing the sethc.exe file to gain domain access to the machine. I have been reading up on this exploit and will chack back later.