A.BORD said:
Hi Jon,
I don't quite understand what you mean by : «copy over an 'osk.exe' from
a working version». Could you explain?
Hi André
Sure. The idea there being that if you have a parallel installation of
Vista eg either another machine or a dual-boot system on the same machine,
then you could use that other installation to replace any suspect files by
copying over them etc. Osk.exe for example should be at
C:\Windows\System32\osk.exe
If you don't then it isn't an option.
In the olden days of XP, this command was helpful in ensuring that
operating system files were legit, which would be run from an 'elevated'
(Run as administrator) cmd.exe prompt in Vista
sfc /scannow
Not sure how effective it is now as a repair tool in Vista, but may be
worth a try eg for flagging up suspect files.
As far as a suspect program, the only one I can think of is the
installation of Trusteer Rapport, which is supposed to be a financial
malware prevention tool. After the installation of that program, my
Kaspersky reported in its journal some actions similar to a keylogger
[C:\PROGRAM FILES\TRUSTEER\RAPPORT\BIN\RAPPORTKE.SYS]. Some french
accents ( grave, circumflex, cedilla and umlauts) of my PS/2 keyboard
became inoperable. Trusteer Support suggested to remove the installed
version and to replace it with a new version. I followed the
instructions given by Trusteer to completely remove the program. My
Kaspersky kept reporting actions similar to a keylogger, but from a
different source: \DRIVER\RAPPORTKE. I could not locate that file or
that source, so I decided to do a system restore prior to the original
installation date of Trusteer Rapport. The french accents of my keyboard
came back normal and Kaspersky stopped reporting the keylogger. Needless
to say that I wasn't inclined to install the suggested new version of
Trusteer Rapport.
It was about those days of troubleshooting my PS/2 keyboard problems that
I noticed the Microsoft Visual Keyboard would not start, giving the
message: « A referral was returned from the server.»
Any relation between those two incidents?
If so, why did the Microsoft Visual Keyboard not come back after that
system restore?
Thanks for your help,
André
It would sound like this Trusteer Rapport installed a keyboard driver
itself, which isn't a particularly healthy sign. Kaspersky is an
established reputable brand, so I would trust their judgement over and
above Trusteer Rapport, although I suppose (being generous here) it could
just be a case of 2 anti-malware systems not sitting well with each other.
Anyhow, System Restore should normally fix things, especially with
operating system files in the system32 directory, so to me that suggests
that this on-screen keyboard issue preceded even that first installation
of Trusteer Rapport. If you have an even further back Restore point you
could perhaps try that.
If not then the installation sounds fairly compromised, so I would be
tempted to backup your important files, scrap it and then start again ie
reinstall.
[Alternatively get hold of a good hex editor, a decent disassembler, a
resource editor, and explore the mystery further....... ]
