Issue: User keyboard blocked after removing WIN32.trojan.agent spyware

Version 2

    Verified Product Versions

    Endpoint Manager 9.5Endpoint Manager 9.6Endpoint Manager 2016.x



    The LANDESK has detected the WIN32.trojan.agent spyware on a client computer and managed to remove it.


    However since removal of the spyware occurred, the user's keyboard doesn't work any more.





    This was a remediation issue that has been corrected by LANDESK.


    Ensure that Patch Manager has downloaded the latest spyware definitions and that client computers are up-to-date.




    If you are already experiencing the keyboard issue, please follow these steps to make it work again:

    Step 1: On a healthy computer of the same model, locate the following entries in the Windows registry and export them to the affected computer before rebooting:


    Step 2: On an healthy computer, browse into the ProgramData\Vulscan folder and locate the CEAPI.DAT that contains the spyware definitions.


    Then log into the infected computer and replace the existing CEAPI.DAT with the one from the healthy computer.