Remote Fix for a Busted Keyboard

When I lived in New York, I was a volunteer for Big Brothers Big Sisters. One of the ways I helped out my little brother was by helping him keep his computer running – a Windows 7 PC that I put together for him. This has gotten harder now that I live on the west coast, but I still want to help him if I can. Typically when he has a problem I remote in with TeamViewer and fix it.

A week ago he wrote to me telling me his keyboard was broken. I figured he’d spilled something on it so I advised him to try another keyboard – I knew he had a spare. He told me that one was the same, and went into more detail – neither keyboard was completely broken, the windows key and media keys worked, but he couldn’t type any letters or numbers.

After several long sessions of debugging via TeamViewer I had the following symptoms:

  • Unable to type letters or numbers, but the keyboard otherwise worked.
  • Drivers were fine, devices appeared correct in Device Manager.
  • Switching to a PS/2 keyboard didn’t help.
  • The problem persisted in Safe Mode.
  • The visual keyboard worked and I could type when connected through TeamViewer.

I was about ready to give up when I thought to press him a little about what he was doing when the keyboard stopped working. Turns out he was trying to hack an online game – he hadn’t told me out of embarrassment I imagine. Now I had a pretty good idea what had probably happened – he’d run a downloaded hack that contained malicious code. I ran a few malware scanners and they didn’t find anything.

I did, however, have the hack itself, so out of complete desperation I opened it up in Emacs hexl-mode to take a look. It was a compiled Windows binary but there it was, hidden in among the compiled code:

System\CurrentControlSet\Control\Keyboard Layout

That looked like a registry key and sure enough it was! I loaded up regedit, found that key and deleted it, rebooted and he was typing again!

I’m writing this blog post for a couple reasons – 1) I’m super proud of figuring this out and 2) when someone else has a similar problem maybe Google will serve up this post and they’ll be saved a lot of trouble. I searched a lot and never saw any mention of this registry key!

Continue Reading