| cris07x |  |
|
2010-05-30 04:19 - Respuestas: 2 - Tema nº: 2689544
Windows XP SP3, INTEL 3.0Ghz
hola a todos, bueno el problema que tengo recien me acaba de pasar hoy.
Cuando encendi mi pc al entrar a un programa donde uso las teclas ^ ´ ¨ note que se repiten, si presiono ^ me sale ^^ repetido (aparece^ ya que lo borro manualmente) y eso me pasa con estas cuatro teclas ^^``¨¨´´ y hasta el momento no encuentro el porque, ya que no puedo sacar ni acento como "Canci´´on" y elevar al cuadrado una expresion en un programa "x.^^2", y realmente es molestoso y hasta ahora no encuentro una solucion.
Agradeceria desde ya su apoyo.
NOTA: He intentado usar el teclado en pantalla del windows y curiosamente las mismas teclas producen el mismo error y creo que no es de teclado fisico. Tambien he intentado reiniciar, desconectar hasta incluso reemplazar el teclado pero nada.
GRACIAS¡¡¡
| |
|
|
| cris07x | |
|
Re: Problema con teclado doble - 2010-05-30 05:13 - Respuesta 2
Hola todos, porfín encontré la solución, lei un post de este blog acerca de eliminar el doble acento '':
http://www.configurarequipos.com/doc1241.html
Usando el Hijackthis y encontre en la lista negra este archivo sdra64.exe con lo que aplique lo métodos poer no funcionó, el trojano es bien dificil de eliminar, y navegando encontre este post acerca de como eliminar el trojano (lo intenté 5 veces y funcionó) esta en inglés:
Recently I’ve encountered a relatively new and crafty Trojan called Infostealer.Banker.C (Symantec’s codename), it’s a general data stealer Trojan that sends your information in packets the original programmers, however it has a few nasty tricks up it’s sleeve, like it’s ability to block your antivirus and antispyware applications from launching. It also shuts down your PC if any AV software tries to meddle in its affairs and the piece de resistance, it hides itself, I don’t mean hides as in just utilising hidden folders, on some PCs it’s hidden even further and won’t appear regardless of your view settings, even using Windows search will yield no results for the sdra64.exe file. So all around it’s a pretty nasty piece of work.
However it’s defensive nature it’s also it’s undoing, thanks to it’s own shutdown failsafe you can easily disable the Trojan so the next time you start up it won't run, thus enabling your AV software to kick in and get rid of the little troublemaker.
So first things first, how do you know you’ve got this Trojan on your PC?
* Try running your regular Antivirus software, if it fails or just never seems to start up, that’s a sign that you may be infected.
* Does installing a further piece of antivurus software or running a scan cause Windows to throw up an “error” that will restart your PC in 60 seconds? If so then it’s very likely you’ve got it.
* Finally can you see sdra64.exe running in the task manager? You might not see this process as it does hide itself very well. (In Vista you'll need to check the Show system process' box)
Getting rid of the monster
So you’re pretty sure you’ve got sdra64 reaping havoc on your system, it’s time to take advantage of it’s personal downfall that I mentioned earlier. What we need to do is edit a registry key that launches sdra64.exe from your system32 directory, however we need to make this edit just before the system shuts down – thank you Infostealer, you’re auto shutdown defense mechanism will be suffice.
So first open the registry editor: Start > Run, then type regedit and hit return. Now browse the tree view to: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon – you should now find a key called userinit, this is a standard Windows registry key and is essential to your system, it should only launch C:\Windows\System32\Userinit.exe, however the trojan will have changed it to the following:
C:\Windows\System32\Userinit.exe,C:\Windows\System32\sdra64.exe
This second file is the sdra32.exe file that’s causing all the trouble, you need to stop this from launching, and to do that you need to remove this path from the userinit key. However it’s not that simple, I mentioned that sdra64 was tricky, well it’s REALLY tricky, the moment you change this key and return to it again, the sdra64.exe reference will return as long as the trojan is running in the background. So change the key to the following but DO NOT press ok to change the key just yet:
C:\Windows\System32\Userinit.exe
What we need to do is set the computer shutting down and complete the edit at the last available moment so that the Trojan cannot re add itself. So open Task Manager and look for the svchost.exe process’, these are essential windows process’, but amongst them is a sneaky hidden sdra64 process under that name, so start ending the tasks of the process’ that are using the most memory until an “error” appears stating the PC will restart in a handy 60 seconds. Now wait for the countdown to reach 1 or the last available moment and press ok on your registry edit.
Congratulations, when you restart you should find your AV is running and the sdra64.exe reference is gone from the Windows registry (repeat this process waiting till the last possible moment if it still persists). Your AV should pick up the slack now or alternatively you can go into C:\Windows\System32 and (rename first, then) manually delete sdra64.exe – you should also delete a folder called lowsec (inside the same folder), this is to do with sdra64.
And with that you’re PC should be safe again.
Saluds y gracias de todas maneras | |
|
|
|
