Bredolab blues [Archive] - Safer-Networking Forums

Bentley

2010-07-05, 08:06

Hi all,
I updated and ran Sybot and it found a bug called Bredolab.fb.

Spybot deleted the following items:
Library
C:WINDOWS\system32\htql.ano
Settings
HKEY_LOCAL_MACHINE\Software\Classes\idid
Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\WinLogon\Shell
Library
C:\Documents and Settings\Owner\Local Settings\Temp\26.tmp

All well and good but now my logitech g15 keyboard keys don't work. The lights and lcd are fine and I have updated the drivers, but none of the keys work at all.
An old non-usb keyboard works fine.
I restored to a previous day and the keyboard still didn't work.
Has anyone come across a similar problem or have any idea as to why a trojan and its removal would cause a problem like this?

Thanks

tsargeant

2010-07-09, 01:37

Hi Bentley,

I had an interesting issue with Bredolab on the same day. After scanning and manual removal of files and registry entries, the system still had issues.

The trojan had latched on to:

C:\Windows\System32\svchost.exe (reported infect by AVG in Safe mode)
C:\windows\system32\svchost.exe.exp.log

C:\windows\system32\htql.ano
C:\Documents and Settings\NetworkService\Local Settings\Application Data\(random letters foldername)

Registry:

HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run
reference to the random folder mentioned

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Shell=Explorer.exe rundll32.exe htql.ano hvnqx Shell = Explorer.exe rundll32.exe htql.ano hvnqx

I'd run several scans in safe mode after the removal and all were showing the system was clean. However once I'd rebooted into Windows - it was clear there were still issues.
In the end I had to do an XP recovery install and that has done the trick.

The first thing I would do with your problem - plug the keyboard into another machine, if available. Just to check it works as it should.

If it does - then I would remove all trace of the keyboard from your machine - uninstall all software and drivers. Manually check that all files and directories relating to the keyboard have been deleted. Then reinstall from the media that came with the keyboard and see how that goes.

I know it's not much - but I hope it helps.