ukash virus help

draftiebrah · #1 09-21-12, 01:14

Hi guys just recently I was hit with the ukash virus and now I cannot access anything at all. I can't seem to get into system restore to roll back, my computer is pretty much locked. How do I go about fixing this issue??
Thanks.

thisisu · #2 09-21-12, 16:47

Hello draftiebrah,

Which operating system are you using?

thisisu · #3 09-21-12, 17:35

If you are on Windows Vista or 7, try this:

Please download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Choose your language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

To enter System Recovery Options by using Windows installation disc:

Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Choose your language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

On the System Recovery Options menu you will get the following options:

Quote:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

Select Command Prompt
In the command window type in notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please attach this log to your next reply. (How to attach)

draftiebrah · #4 09-21-12, 18:23

Im running Vista SP2

thisisu · #5 09-21-12, 18:46

Quote:

Originally Posted by draftiebrah

Im running Vista SP2

Great! Then try running the above set of instructions.
Let me know if you need help.

draftiebrah · #6 09-21-12, 19:02

Here is my FRST log.

thisisu · #7 09-21-12, 19:13

So you are able to boot into Safe Mode?
Which mode did you run FRST from?

draftiebrah · #8 09-21-12, 19:17

Quote:

Originally Posted by thisisu

So you are able to boot into Safe Mode?
Which mode did you run FRST from?

safe mode with command prompt. Any other way the white screen pops up and everything is locked again. If i go into system recovery the laptop just hangs.

thisisu · #9 09-21-12, 19:24

Quote:

Originally Posted by draftiebrah

If i go into system recovery the laptop just hangs.

how many times have you tried entering system recovery options?

Quote:

Originally Posted by draftiebrah

safe mode with command prompt

What happens if you type in explorer
in the command prompt window, and then press ENTER?

Are you able to see your desktop?

draftiebrah · #10 09-21-12, 19:31

Quote:

Originally Posted by thisisu

how many times have you tried entering system recovery options?

What happens if you type in explorer
in the command prompt window, and then press ENTER?

Are you able to see your desktop?

As for system restore even when i press F8 and it still bypasses it and boots up normally. But ive done it 3 times so far.*

Yes i do get to see the desktop

thisisu · #11 09-21-12, 19:34

Quote:

Originally Posted by draftiebrah

Yes i do get to see the desktop

In that case, complete as much of this as possible from Safe Mode with Command Prompt: Read and Run Me First - Malware Removal Guide.

If something doesn't run, just go to the next steps until you reach the very end.

draftiebrah · #12 09-21-12, 20:42

Also when the time comes how do i save a log of RogueKiller??

thisisu · #13 09-21-12, 21:28

Quote:

Originally Posted by draftiebrah

Also when the time comes how do i save a log of RogueKiller??

As soon as you press the Scan button, there will be a log on your desktop

draftiebrah · #14 09-21-12, 23:51

Ok so here goes all logs required attached.
Many thanks again for the help provided. Really do appreciate it.

thisisu · #15 09-22-12, 00:25

Open RogueKiller again.
Press Scan.
When the scan is finished, press the Delete button.
Attach the latest RogueKiller log to your next message.

thisisu · #16 09-22-12, 00:28

Fix items using OTL by OldTimer

Double-click OTL.exe to run. (Vista/7 right-click and select Run as Administrator)
Shut down your protection software now (antivirus, antispyware...etc) to avoid possible conflicts.
Copy the text in the code box below and paste it into the

text-field.

Code:

:files
C:\Users\George\AppData\Roaming\msconfig.dat
C:\Windows\Installer\{b47899fd-dd8f-4aa9-60cf-c3e77067d3ab} /d
C:\Users\George\AppData\Local\{b47899fd-dd8f-4aa9-60cf-c3e77067d3ab} /d
C:\Windows\Assembly\GAC\Desktop.ini /d
:commands
[emptyjava]
[emptyflash]
[reboot]

Now click the

button.
If the fix needed a reboot please do it.
Click the OK button (upon reboot).
When OTL is finished, Notepad will open. Close Notepad.
A log file will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
Attach this log to your next message. (How to attach)

__

Now download the latest MGtools.exe to the root of your c: drive.

Replace your existing MGtools.exe with this one.
Now run this new MGtools.exe by double-clicking it. (Vista/7 right-click and select Run as Administrator)
When it is finished, attach c:\MGlogs.zip to your next message. (How to attach)

draftiebrah · #17 09-22-12, 01:07

that MGtools i downloaded seems to be the latest version. Im on a completely seperate laptop right now atm.

EDIT: just tried getting in again from safe mode with networking and issue still there

thisisu · #18 09-22-12, 01:30

Quote:

Originally Posted by draftiebrah

that MGtools i downloaded seems to be the latest version. Im on a completely seperate laptop right now atm.

EDIT: just tried getting in again from safe mode with networking and issue still there

What happened with the previous steps? RogueKiller, OTL? Those should have removed the ransom.

Worry about MGtools last.

draftiebrah · #19 09-22-12, 02:13

Quote:

Originally Posted by thisisu

What happened with the previous steps? RogueKiller, OTL? Those should have removed the ransom.

Worry about MGtools last.

Thank You had some issues with the infected computer but as i did the OTL text fix, its worked. Now im going to run RK properly from the infected comp now.

draftiebrah · #20 09-22-12, 02:57

latest roguekiller log.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
ukash virus	adamc	Malware Removal	13	09-25-12 05:10
Damn UKASH virus	Fence_	Malware Removal	11	08-10-12 11:19
It all started with Ukash!	leelee77	Malware Removal	4	07-08-12 14:53
help with ukash virus	newts	Malware Removal	3	06-03-12 18:34
Bundespolizei Ukash virus Problem	herbz100	Malware Removal	6	11-26-11 14:59

The Following User Says Thank You to thisisu For This Useful Post:
draftiebrah (09-22-12)