MajorGeeks Support Forums

Go Back   MajorGeeks Support Forums > ----------= PC, Desktop and Laptop Support =---------- > Malware Removal
Register FAQ Members List Calendar Casino Mark Forums Read

Malware Removal Malware removal forum. Please see the READ ME FIRST thread before you post. Forum is staffed by a small number of volunteers, please be patient.


Reply
 
Thread Tools Display Modes
  #1  
Old 09-24-12, 05:36
pamul pamul is offline
Private E-2
 
Join Date: Sep 2008
Posts: 13
Thanks: 0
Thanked 0 Times in 0 Posts
Default ukash virus

Hi,

I have the ukash virus on my laptop. I was infected about a week ago with it and used malwarebytes anti-malware to remove it.
Now ukash is back and malwarebytes anti-malware will not remove it. I can start laptop in safe mode. The os is vista sp2.

I have carried out the READ & RUN ME FIRST Malware Removal Guide and also the FRST software, and I have attached the reports.

I tried to start in normal start up using msconfig. I get as far as the log on screen for the accounts but cannot log into my account or the Administrator account.

I dont know if i have attached the report from malware but I do remember that it did not find any problems.
Attached Files
File Type: txt FRST.txt (24.9 KB, 8 views)
File Type: txt RKreport[1].txt (2.3 KB, 3 views)
File Type: log HitmanPro_20120921_2242.log (5.1 KB, 3 views)
File Type: txt Rkill.txt (3.8 KB, 3 views)
File Type: txt procdll.txt (68.6 KB, 1 views)
Reply With Quote
Sponsored links
  #2  
Old 09-24-12, 06:09
pamul pamul is offline
Private E-2
 
Join Date: Sep 2008
Posts: 13
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: ukash virus

I have attached 2 other files that I forgot from TDSS and MGlogs
Attached Files
File Type: zip MGlogs.zip (282.3 KB, 3 views)
File Type: txt TDSSKiller.2.8.10.0_21.09.2012_22.28.44_log.txt (128.6 KB, 2 views)

Last edited by pamul; 09-24-12 at 06:09.. Reason: to attach files
Reply With Quote
  #3  
Old 09-24-12, 07:16
pamul pamul is offline
Private E-2
 
Join Date: Sep 2008
Posts: 13
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: ukash virus

just after running malwarebytes anti-malware again and it caught something. Please see attached log. Hope this helps.
Attached Files
File Type: txt mbam-log-2012-09-24 (13-12-47).txt (2.2 KB, 3 views)
Reply With Quote
  #4  
Old 09-24-12, 07:33
pamul pamul is offline
Private E-2
 
Join Date: Sep 2008
Posts: 13
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: ukash virus

done the restart for malwarebytes and tried to log on as normal. Get to the screen with my account and the Administrator account. I have control of the screen pointer but no control of the left or right button and also the double tap is not working. Still able to get in using safe mode.
Reply With Quote
  #5  
Old 09-24-12, 14:42
thisisu's Avatar
thisisu thisisu is offline
Malware Consultant
 
Join Date: Apr 2006
Location: Houston, TX
Posts: 8,162
Thanks: 269
Thanked 1,433 Times in 1,355 Posts
Default Re: ukash virus

Hello pamul,

From Safe Mode, please find and delete this file:
  • C:\Users\paraic\Contacts\0.6910909410311864.exe

__

Will post further instructions as I continue reviewing your logs.
__________________
Facebook . Twitter . Blog . VirusTotal
Reply With Quote
Sponsored links
  #6  
Old 09-24-12, 14:51
thisisu's Avatar
thisisu thisisu is offline
Malware Consultant
 
Join Date: Apr 2006
Location: Houston, TX
Posts: 8,162
Thanks: 269
Thanked 1,433 Times in 1,355 Posts
Default Re: ukash virus

Whether or not you were successful with the above deletion, continue with the following instructions (this should delete that file too):

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Attached is fixlist.txt
  • Save fixlist.txt to your flash drive.
  • You should now have both fixlist.txt and FRST.exe on your flash drive.

Now re-enter System Recovery Options.
Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt).
Please attach this to your next message. (How to attach)

Now attempt to boot normally.
Attached Files
File Type: txt fixlist.txt (1.9 KB, 10 views)
__________________
Facebook . Twitter . Blog . VirusTotal
Reply With Quote
  #7  
Old 09-24-12, 17:11
pamul pamul is offline
Private E-2
 
Join Date: Sep 2008
Posts: 13
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: ukash virus

file was deleted as per post. Frst then ran as per other post. I had to run this twice as the file fixlist.txt was not saved to my flash drive when I ran it the first time this evening. I also hit the Fix button when I ran Frst without the fix file.
When I noticed what I had done, I saved fixlist correctly and ran Frst.
Log is attached. Hope I have not messed up the test.
Laptop still has the problem. Able to get in through safe mode, but when I try to get in as normal I can now select the account by right clicking but the laptop hangs on the welcome screen.
(My first run of this test may have been done correctly. When I went to my flash drive after the first run of the test this evening to upload the log I did not see the fixlist.txt file in my flash drive, so I thought it had not been saved in the correct place. Therfore I saved it again and ran the test again. Hope you understand)
Attached Files
File Type: txt Fixlog.txt (1.9 KB, 2 views)
Reply With Quote
  #8  
Old 09-24-12, 17:23
thisisu's Avatar
thisisu thisisu is offline
Malware Consultant
 
Join Date: Apr 2006
Location: Houston, TX
Posts: 8,162
Thanks: 269
Thanked 1,433 Times in 1,355 Posts
Default Re: ukash virus

According to your logs, whenever you went into MSconfig, you also went into the Services tab and pressed Disable All without putting a checkmark into "Hide All Microsoft Services". Is this correct or not?

Either way, these Microsoft Services are currently stopped and that's why you're experiencing those issues in Normal Mode.

Let's try this:

Go back into MSconfig while you're in Safe Mode and go back to the Services tab. Now press Enable All while the "Hide All Microsoft Services" checkbox is UNCHECKED.. Then press OK to save the changes and reboot normally (into Normal Mode). That should help, let me know if you encounter issues along the way.
__________________
Facebook . Twitter . Blog . VirusTotal
Reply With Quote
  #9  
Old 09-25-12, 04:01
pamul pamul is offline
Private E-2
 
Join Date: Sep 2008
Posts: 13
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: ukash virus

I checked msconfig and all the boxes were checked and enable all was greyed out. I pressed enable all and the boxes unchecked. Going to try restart in normal mode.
Reply With Quote
  #10  
Old 09-25-12, 06:33
pamul pamul is offline
Private E-2
 
Join Date: Sep 2008
Posts: 13
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: ukash virus

After making the changes to system configuration as per my last post a restart was requested. Restart was completed. Got to the desktop but did not have much control and laptop was very slow. I looked in security center and swithched on UAC and carried out another restart.

Was able to log in as normal. Seemed to have more control over laptop but still slow.Only problem that i found is that the double tap on the touchpad is not working but left and right buttons are working. Guess the touchpad just needs to be configured which I will be able to do later.

I do not remember changing anything in the services tab of System Configuration earlier in the week, although I may have done it by mistake. It was not my intention to do this. I only remember selecting diagonistic start up and then normal start up in the General tab in order to be able to apply the normal start up.
I just checked the services tab in System Configuration(ie not in safe mode) and all the boxes were checked and enable all was greyed out and the hide microsoft box was not checked. This is how I found the services tab when I went into check it in safe mode as per my last post. The changes I made in safe mode have not been kept.

Is it possiible that there is an issue with the system configuration and did something else change the settings tab origionally.

Do I need to run anymore tests on the laptop?

Thanks for all your help its been a life saver. I am going to go through your posts about malware and protection when this is finished.
Reply With Quote
Sponsored links
  #11  
Old 09-25-12, 07:13
pamul pamul is offline
Private E-2
 
Join Date: Sep 2008
Posts: 13
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: ukash virus

double tap fixed by going to sys tray and selecting tap to click
Reply With Quote
  #12  
Old 09-25-12, 13:07
thisisu's Avatar
thisisu thisisu is offline
Malware Consultant
 
Join Date: Apr 2006
Location: Houston, TX
Posts: 8,162
Thanks: 269
Thanked 1,433 Times in 1,355 Posts
Default Re: ukash virus

Do as many steps as you can from now while in Normal Mode.

Now run C:\MGtools\GetLogs.bat by right-mouse clicking it and then selecting Run as Administrator
This updates all of the logs inside MGlogs.zip.
When it is finished, attach C:\MGlogs.zip to your next message. (How to attach)
__________________
Facebook . Twitter . Blog . VirusTotal
Reply With Quote
  #13  
Old 09-26-12, 04:48
pamul pamul is offline
Private E-2
 
Join Date: Sep 2008
Posts: 13
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: ukash virus

I have carried out the steps from READ & RUN ME FIRST Malware Removal Guide in normal mode. logs attached.
Attached Files
File Type: txt RKreport[4].txt (2.4 KB, 2 views)
File Type: txt mbam-log-2012-09-25 (23-10-23).txt (1.8 KB, 1 views)
File Type: log HitmanPro_20120925_2335.log (3.3 KB, 1 views)
Reply With Quote
  #14  
Old 09-26-12, 05:09
pamul pamul is offline
Private E-2
 
Join Date: Sep 2008
Posts: 13
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: ukash virus

here are the file for tdss
Attached Files
File Type: txt TDSSKiller.2.8.10.0_26.09.2012_11.01.00_log.txt (128.8 KB, 1 views)
Reply With Quote
  #15  
Old 09-26-12, 08:36
pamul pamul is offline
Private E-2
 
Join Date: Sep 2008
Posts: 13
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: ukash virus

log from MGtools
Attached Files
File Type: zip MGlogs.zip (329.5 KB, 2 views)
Reply With Quote
Sponsored links
  #16  
Old 09-26-12, 13:49
thisisu's Avatar
thisisu thisisu is offline
Malware Consultant
 
Join Date: Apr 2006
Location: Houston, TX
Posts: 8,162
Thanks: 269
Thanked 1,433 Times in 1,355 Posts
Default Re: ukash virus

From Programs and Features (via Control Panel), please uninstall the below:
  • Java(TM) 6 Update 35 (outdated)

__

Delete items using RogueKiller.

Double-click RogueKiller.exe to run. (Vista/7 right-click and select Run as Administrator)
When it opens, press the Scan button
Once the scan is complete, go to the Registry tab and checkmark everything except the below item:
  • [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
Now press the Delete button.
When it is finished, attach the very latest log of RogueKiller that is on your desktop. (How to attach)


__

Now install the current version of Sun Java from: here

__

Let me know what problems you are experiencing after you have completed these steps.
__________________
Facebook . Twitter . Blog . VirusTotal

Last edited by thisisu; 09-26-12 at 13:55..
Reply With Quote
  #17  
Old 09-27-12, 04:46
pamul pamul is offline
Private E-2
 
Join Date: Sep 2008
Posts: 13
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: ukash virus

Java deleted, Rougekiller run and all registery enteries except the one in your post deleted. Log of Rougekiller attached . Java downloaded
Attached Files
File Type: txt RKreport[6].txt (2.5 KB, 2 views)
Reply With Quote
  #18  
Old 09-27-12, 13:52
thisisu's Avatar
thisisu thisisu is offline
Malware Consultant
 
Join Date: Apr 2006
Location: Houston, TX
Posts: 8,162
Thanks: 269
Thanked 1,433 Times in 1,355 Posts
Default Re: ukash virus

What problems remain?
__________________
Facebook . Twitter . Blog . VirusTotal
Reply With Quote
  #19  
Old 09-28-12, 04:29
pamul pamul is offline
Private E-2
 
Join Date: Sep 2008
Posts: 13
Thanks: 0
Thanked 0 Times in 0 Posts
Thumbs up Re: ukash virus

No other problems remain. Thanks for all your help, this is a magnificent site.
Reply With Quote
  #20  
Old 09-28-12, 05:42
thisisu's Avatar
thisisu thisisu is offline
Malware Consultant
 
Join Date: Apr 2006
Location: Houston, TX
Posts: 8,162
Thanks: 269
Thanked 1,433 Times in 1,355 Posts
Default Re: ukash virus

You're welcome, pamul

If you are not having any other malware related problems, it is time to do our final steps:
  • Any programs we had you download and/or install can be removed at this time.
  • If we had you download and run ComboFix, here is how to uninstall it:
    • Press and hold the Windows key and then press the letter R on your keyboard.
    • This opens the Run dialog box.
    • Copy and paste the below text inside the text-field:
      • "%userprofile%\desktop\ComboFix" /uninstall
    • Now press ENTER
    • ComboFix will extract its files one last time and you should receive a notification that ComboFix has been uninstalled shortly after.
  • You can re-enable your Disk Emulation software at this time via DeFogger.
  • If we had you create or download a registry patch or "fix" script, these can be deleted at this time.
  • Go into the C:\MGtools folder and run the MGclean.bat file to remove additional traces of our tools.
  • Now we will toggle System Restore to remove any infected system restore points.
  • Lastly, here is a guide to protect you from future infections: How to Protect yourself from malware!
  • Be safe
__________________
Facebook . Twitter . Blog . VirusTotal
Reply With Quote
Sponsored links
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
ukash virus adamc Malware Removal 13 09-25-12 05:10
ukash virus help draftiebrah Malware Removal 42 09-25-12 00:28
Damn UKASH virus Fence_ Malware Removal 11 08-10-12 11:19
help with ukash virus newts Malware Removal 3 06-03-12 18:34
Bundespolizei Ukash virus Problem herbz100 Malware Removal 6 11-26-11 14:59


All times are GMT -5. The time now is 08:58.

MajorGeeks.Com Menu

MajorGeeks.Com \ All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ NEW! PC Games \ System Tools \ Macintosh \ Demonews.Com \ Top Downloads

MajorGeeks.Com \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds


Powered by vBulletin® Version 3.8.4
Copyright © 2009 vBulletin Solutions, Inc. All rights reserved.
Ad Management by RedTyger