TechSpot

Toshiba M30 Shift Key Locked

By Screek
Mar 27, 2009
Topic Status:
Not open for further replies.
  1. Toshiba M30 Shift Key Locked - can it be due to virus?

    Re: UPDATED 8-step Viruses/Spyware/Malware Preliminary Removal Instructions

    I have a Toshiba M30 laptop which recently had an issue with the shift key locked in place.

    It has Windows XP

    When I start Windows, it gives a message that the shift keys were depressed for more than 8 secs.....
    After logging in, typing in Notepad has all the alphabets in capitals, the number keys when typed only show the symbols on them e.g. 1 will show !

    I use Mcafee Virus protection software. When I open it, it starts but it does not give me the option to go to the advanced menu and change the configuration

    It may be software related as the keyboard works (some) after I perform the following routine:

    1> Start On-screen Keyboard via Control Panel/Accessibility options

    2> Start Notepad and type in it. At this stage, the 2 shift keys will be black, all the alphabets will be in capital. When the "Caps Lock" key is pressed, all the alphabets on the "On-Screen Keyboard" will show as small letters and the the number keys when typed only show the symbols on them e.g. 1 will show !

    3> Close the On-Screen keyboard

    4> Close Control Panel/Accessibility options

    5> Open the On-Screen Keyboard again from Control Panel/Accessibility options

    6> The shift keys will now be gray (from the former black)

    7> Open Notepad and type in and everything is normal except
    - Beeps when I have the the Shift key pressed and try to type A,B,N However, with the Capslock pressed, it types the three letters okay

    I started investigating the log files in Mcafee and noticed from the Internet/Network log, "Inbound Events" that an IP address - 209.73.166.147 linked to host name "stun2b.voice.scd.yahoo.com" had attempted to connect to my laptop, but I think it was blocked by Mcafee (screen shot attached)
    I googled 209.73.166.147 and the host name and saw that the ip address may be an "attacker"

    I traced it and got the following information:
    • IP address: 209.73.166.147
    • IP country: United States
    • IP Address state: California
    • IP Address city: Sunnyvale
    • IP postcode: 94089
    • IP latitude: 37.424900
    • IP longitude: -122.007401
    • ISP: AltaVista Company
    • Organization: AltaVista Company
    • Host: stun2b.voice.scd.yahoo.com


    I also noticed that the ip addresses 68.87.85.98 - cns.cmc.co.denver.comcast.net, 68.87.69.146 - cns.beaverton.or.bverton.comcast.net and 68.87.78.130 - cns.caltlakecity.ut.utah.comcast.net also had some inbound events.

    Incidentally, the ip addresses 68.87.85.98, 68.87.69.146 and 68.87.78.130 are the 3 DNS servers provided by my ISP, which incidentally is Comcast in U.S.A

    I called Comcast and they informed me that they do not make attempts to log on to people's computers.

    I changed the SSID of my wireless router, changed the ip address, set a new encypted access but still had the same attempted access by the same ip addresses

    The logs with ip address 192.168.2.26 - HPE0C3FC are for my wireless printer and were recorded when I sent files to the printer

    192.168.2.11 is the address of my wireless router

    I stumbled on the 8 steps and implemented them. It discovered a lot of files and did a good job in cleaning up my laptop - Thanks for making this available

    However, at the end of everything, I still have the locked "shift key" issues. The only difference is that I do not receive the message on the Windows log on screen that "Holdi shift key for 8 secs....."

    I have attached all the files and hope someone can help me with this

    Additionally, I noticed that the file wuauclt.exe, wuaclt.exe are in my system32 folder. I am not sure if these files are dangerous. I removed wuaclt.exe but wuauclt.exe keep coming back i.e. I cannot get rid of it. From the websites, it is supposed to be a Windows automatic update utility

    Thanks
  2. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    I'm just answering this part
    OrgName: AltaVista Company

    NetRange: 209.73.160.0[whois][trace][reverse ip] - 209.73.191.255

    Looks to be a Yahoo Voice Server: stun2b.voice.scd.yahoo.com

    Just uninstall your Yahoo chat and re-install it

    Oh and continue the Malware removal, ie update the programs defs again, and do another scan
  3. Screek

    Screek TS Rookie Topic Starter

    Shift key locked probably due to virus

    Thanks. I am not receiving anymore the inbound event from the 8.scd.yahoo...after un-installing Yahoo chat. That's comforting

    I am still having the challenges with the keyboard and hope someone will be able to give some suggestions
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.