"SIGH"...UKash virus help

So I have the UKash virus on my computer. Had the same initial garbage as everyone else. FBI..we want your money...blah blah blah.

Did a safe mode start and got back online to seek some help. Loaded MBAM and ran it and it "seemed" to catch it but I am sure it does not have it all. MBAM scans take almost 3 hours so something is wrong.

For the first day after I had continuous pop ups from MBAM warning me that it had caught and quarantined the virus. These have since stopped and MBAM scans find nothing.

Went to MajorGeeks ( I know...I should have done this FIRST...My Bad) and followed the Read Me First instructions. Not much went as described in the Read Me but I did my best. I will attach the logs as requested.

As a test this morning I have run MBAM again, found nothing. I ran AVG, found nothing. Downloaded and attempted to run Ad-Aware, will not run. Red flag!
I had Spybot Search and Destroy on my computer when this all began. UKash disabled it and it was never able to run so I removed it from my computer to avoid the TeaTimer conflict in the Read Me First instructions.

My eyeballs are bleeding, my patience is worn out and my frustration level is high. I am about ready to scram my hard drives (I am running RAID 1) and contribute to an international fund to take out a hit on russian virus programmers. (oh if only that were legal.................)

Attached please find my logs.
And sorry for whining.....
Regards,
Dave.

Oh man...I went to load my logs and TDSSKiller is gone completely from my computer as well as the log file. I stayed up until 0100 hrs last night getting all this done and just couldn't stay up anymore so shut down and decided to send this info today. Evidently that was a mistake. I also cannot find any evidence that MGtools was ever installed or run on my computer. Attached what files I had left on my Desktop.​

 

Of course it is and if my brain was not Jello I would have known that. I am over-tired and unfortunately have worked myself into such a state that I have lost my normal ability to reason and logic things through.

Did I mention how much I dislike Russian virus writers right now???....lol

Thank you for taking the time to reply and your patience.

Attached please find the logs from TDSS Killer and MGtools.
Regards,
Dave.

 

I ran RogueKiller as requested.

RK located and I deleted the two detections as you described.
Did a re-boot as requested.

I was unable to see C:\Users\Valued~1\wgsdgsdgdsgsd.dll so could not delete it.

One issue was I could not seem to expand the RK window enough to read the complete Key file path anyways.

Please find RKreport[2].txt attached

Disabled protection software as requested.

I then downloaded and ran Junkware Removal Tool as requested. Please find JRT.txt attached.

I then downloaded OTL to my desktop. I was unable to choose to run as administrator because the program ran on its own as soon as it finished downloading.

Followed directions to change to Minimal Output and check LOP Check and Purity Check boxes.

Watching program run I noticed a check box to allow "Scan All Users" and was wondering if I should have checked that box as well? (I did not) 6 users on this computer.

Program generated two reports as mentioned. Please find attached to this post.

I know you likely hear it frequently, and it may sound trite, but a great big heartfelt THANK YOU for your assistance anyways!
Best regards,
Dave

When attaching reports I found an RKreport[3] on my desktop as well? I was not sure if you needed it but thought it couldn't do any harm to send it anyways.

I am also finding a txt in all kinds of strange places (ie. my pictures files, on my desktop, in my documents) called desktop.ini
I can attach it to another message if you require a look at it.
Dave​

 

Here is the next scan of RK.

I test drove my puter for a bit. IE is working as well as IE ever does work. Pictures load quickly, re-boots are good. No suspicious "busy" light when things are sitting idle.

I attempted a Quick Scan with MalwareBytes but ended up killing it at 2 hours and 40 minutes. The program appears to bounce back and forth between functioning and Not Responding. Has to be killed with Task Manager.
Much the same happens with a Full Scan.

I deleted Ad-Aware from my computer because any attempt to use it failed and generally ended up with me having to kill it with Task Manager. I used Lavasofts Un-Install and yet the short cut icon for Ad-Aware remained on my desktop??

Updated and ran AVG with no problems. It didn't find anything, but it ran with no problems....lol. Isn't that a definition of success?

Thanks,
Dave. ​

 

I un-installed MBAM then did a re-install. Tried to run a Quick Scan. Same result. Killed the scan AFTER 1 1/2 hours with Task Manager because MBAM reports as Not Responding. MBAM appears to go back and forth from working briefly to Not Responding so it does make progress but at a snails pace.

Then I went to a different computer and downloaded a copy of MBAM onto a flash drive then tried to run a Quick Scan from that. Same result. Then I disabled AVG and tried a Quick Scan. Same result.

The rest of the systems seem to be running normally but it appears I cannot run any anti-spyware. AVG runs but does not find anything.

Would there be any value in un-installing AVG and installing a different A/V ?
Regards,
Dave. ​

 

First of all my apologies for not replying sooner as I was called away to work.

I uninstalled both AVG and MBAM with Revo Uninstaller. (Cool program, dead simple to run and I was amazed at how much "junk" is left after using conventional UnInstall.)

After Revo Uninstaller ran the AVG Uninstall program I received the following pop up warning:

AVG Warning 1910.SA_Error 1910:
StandardAction (0xC0070776):
Could not remove shortcut AVG 2013.Ink
Verify that the shortcut exists and that you can access it.
OK
I clicked okay and Revo finished running. Had no further issues but thought I would include this just for your info.

Installed Avast and ran. Ran fine and did not find anything. Took 1 hour 15 mins to scan 278 K files=105 GB, with 0 infections.

Installed MBAM and ran. Took 7 minutes and found nothing.

Attempted to run MGtools as requested. Program starts and DOS window opens and the following runs:

C:\Windows\system\cmd.exe
Windows OS is
Microsoft Windows [version 6.0.6002]
GetUnKeys.Bat - 12/26/2012 Version 0.24

32 bit Windows OS found
zipping GetUnKey.txt
zip I/O error: Invalid argument
zip error: Could not create output file (C:/MGlogs.zip)
Finished zipping GetUnKey.txt
All finished getting UnInstall List. The log is in C:MGtools\GetUnKey.txt
GetRunKeys.bat - 12/16/2012 Version 2.72

NOTE: Ignore any error messages about not finding registry keys! Just wait for the program to finish running!!

A Pop Up window shows on top of this reading:

16-Bit MS-DOS SUBSYSTEM
C:\windows\system32\cmd.exe
SYSTEM\CURRENTCONTROLSET\CONTROL\VIRTUALDEVICE DRIVER
format in the registry is invalid. Choose CLOSE to terminate the application.
CLOSE

I left the program run as it was for over 5 minutes with nothing happening. Hitting close creates an endless loop of the same windows. Had to click the X in the window to stop.

Went back to MGtools.exe and tried running with Open instead of Run as Admin. Same result after waiting 10 minutes for progress.

I was going to Uninstall MGtools and re-install but thought I should run this past you first.

Added note: I do not see the C:\MGtools\ GetLogs.bat file on my Desktop (only the exe file) but I can find it within the MGtools folder on C:

I can attempt to run it from there if you wish.

As I mentioned in a previous message I am seeing a file called Desktop.ini everywhere in my computer - my documents, my pictures, recycle bin etc etc. Is this a concern?
Thanks,
Dave. ​

 

Yes, I am ready for final steps. Computer is running good at this point.
Programs are loading and running well, booting as quickly as it ever did, not seeing any more glitches than usual with Vista.

At this point I would say all systems are go.
Regards,
Dave. ​

 

Followed the steps for Final Steps.

1. Kept Mbam, had it before as well.

2. Was never requested to add ComboFix

3. Reenabled Disk Emulation software. Odd but I could not find Defogger.exe anywhere on my computer? Yes...this time I checked my C:...lol
I re-installed Defogger then re-enabled my Disk Emulation software.

4. Could not find HiJackThis on Add/Remove programs or with Revo. Not on my desktop or on C: Moved to next step

5. Ran C:\MGtools\enableUAC.reg and allowed to be added to registry

6. Ran MGclean. After I ran MGclean HitmanPro showed up on my desktop. I re-checked ADD/Remove programs and Revo and neither one show HitmanPro?? Left until input from you.

7. Did not download fixme.reg or fixWLK

8. I would like to keep CCleaner and Revo. I still have the logs from RK, TDSKiller, OTL, Extras and Defogger on my desk top. Can these be removed?

9. Toggled System Restore as requested and then created a new restore point.

10. Read the How to Protect Yourself from Malware again.
I had paid version of Mbam, Spybot Search and Destroy and AVG. Changed to Avast and kept Mbam but deleted Spybot during repairs. Have decided to download Microsoft Security Essentials to try it out. Had CCleaner in the past and will keep it this time again.

I do not run a firewall because I am behind an enabled password protected router.

Thanks again.
Regards,
Dave. ​

 

From previous post.

"I had paid version of Mbam, Spybot Search and Destroy and AVG. Changed to Avast and kept Mbam but deleted Spybot during repairs. Have decided to download Microsoft Security Essentials to try it out. Had CCleaner in the past and will keep it this time again."

Or not.......Microsoft Security Essentials wants me to un-install Mbam and Avast to run Microsoft S.E. so I guess I will pass on that one.
Regards,
Dave. ​

 

Done and Done!

So far system appears back to normal. My wife reported one "blue screen of death" incident but computer started back up normally. This is a first for this computer but....it is a 7 year old Core 2 Quad running Win Vista so perhaps not to be unexpected.

Thanks to Major Geeks and Kestrel13 for all your help! I will be headed over to add to my T-shirt collection and will continue to recommend Major Geeks to anyone that asks me for computer advice/help.
Best regards,
Dave. ​