PC locked by Ukash malware

[esK`]

I get clients call me with this issue a lot, What I do is boot into safemode with command prompt, when you have the command prompt open simply put in explorer press enter and it'll load explorer with no virus then manually remove it.

 

[londonbairn]

Had this on a laptop, managed to get out of it by going to shutdown, it would come up with the cancel / shut down confirmation, quickly click cancel, then remove the offending exe from startup/

 

[Addicted]

There are plenty more ways for malware to run than just being an extra "process" in msconfig startup.

I'd suggest doing full virus scans etc at minimum, but personally I'd do a full reinstall - it's actually very easy to "attach" extra code to existing processes.

 

[KIA]

AVG wont catch it or get rid of it later, only malwarebites, but your best bet is to delete it manually.... because you have to pay for Malwarebites.

i had widows firewall, plus firewall defender/ AVG and Spybot, it got straight through instantly and according to the PC shop nothing can stop it, it can only be removed in Safe mode later on

There is a free version of MBAM. The paid version of MBAM offers real-time protection, but this doesn't mean it will eliminate 100% of threats.

The solution is to remove Java if you don't know how to manage it, and keep everything else up-to-date. Secunia PSI is able assist with this.

 

[#Chri5#]

There are plenty more ways for malware to run than just being an extra "process" in msconfig startup.

I'd suggest doing full virus scans etc at minimum, but personally I'd do a full reinstall - it's actually very easy to "attach" extra code to existing processes.

AutoRuns by SysInternals (now part of MS) is handy for spotting start-up nasties.

Process Explorer is also good for suspending malware processes so you can then scan with MWB to nuke it. If you kill the process, there's normally a watchguard running to bring it straight back, so suspending works a treat.

 

[Addicted]

AutoRuns by SysInternals (now part of MS) is handy for spotting start-up nasties.

Process Explorer is also good for suspending malware processes so you can then scan with MWB to nuke it. If you kill the process, there's normally a watchguard running to bring it straight back, so suspending works a treat.

Yep - but that doesn't cover what I've said.

It's easy to attach code into existing processes (whether it be the process in memory or embedded within the file) - such as explorer.exe or some other core Windows process (and of course explorer.exe isnt "core" as such, but 99% of people will need it), meaning that you will have no idea that it's there and it won't be obvious.

 

[PistolPete]

Parents old laptop got this a couple of weekends ago and they brought it down to me this weekend.

Finally got to the bottom of it, and it came from a rather convincing looking "Flash Player upgrade" that had could have fooled me too. Not sure where it came from, they had Spybot-SD running, alongside McAfee Anti-Virus and they are usually pretty good at not going to dodgy websites and downloading stuff willy nilly yet it didn't get flagged.

 

[demonix]

AVG wont catch it or get rid of it later, only malwarebites, but your best bet is to delete it manually.... because you have to pay for Malwarebites.

i had widows firewall, plus firewall defender/ AVG and Spybot, it got straight through instantly and according to the PC shop nothing can stop it, it can only be removed in Safe mode later on

Considering that placebo posing as an anti-virus program can't even catch a cold, it would be unlikely that it would catch this.