Ukash Woes! how to remove this annoying virus!

MaX_PoWah

MaX_PoWah

MaX_PoWah

Associate
Joined
18 Oct 2002
Posts
1,946
Location
Sheffield
Help!

I seem to have been infected by the Ukash virus! i have started a new thread as its obviously a newer variant!

I don't know where it has come from but it appears to be a pretty recent variant!

What can i do ? there must be a way to get rid of it ?

If i boot normally i logon and if i am really quick i can get task manager up but after a few seconds i cant do anything and the white screen comes up..

If i boot in any version of safe mode it shuts the computer down once you log in

I can get into windows repair and start cmd from there but not been in the actual windows environment there doesn't appear to be much i can do ? i tried finding the registry entries but there not anywhere they normally are from other reports on the Internet.

I have made a Kaspersky rescue disk 10 but it wont pick up my raid 0 drives where windows is located and i am having difficulty mapping them from the kaspersky cmd prompt!

I am concerned this is a variant that encrypts all your files??? how can i get rid of it.. there must be a way

Please help!
 
can u go in as admin in normal or safe mode?ctl+alt+del twice at login.
i had this once but cant renember exactky what i did, but it was very easy to do,google is where i got my answer.its actually a very simple virus,just seems a bad one(and im pretty sure it wont/cant encrypt ur files)
u can restore ur system if u can start safe mode with cmd prompt
 
Last edited:
You could try a Hirens disk and boot into mini xp. Hirens also has Malware bytes for installation so this could be run within Mini XP Environment.
 
personally, I'd get a copy of ubuntu live, burn to cd and boot to that.

then mount the windows partition and see if you can locate the .exe thats running at start up.

remove it so you can use windows safe mode, then run whatever tools you need in the windows env to remove the virus completely.

(in an ideal world, you'd access the registry to be able to see whats in the run and runonce hives. quite how to open the registry when NOT in windows I'm not sure....)

Failing that, use the windows reg backup (when you first install windows it saves a copy of the reg to c:\windows\repair\)

backup the files in c:\windows\system32\config\ and replace with the ones listed in the repair folder)

then boot back to windows and you 'should' be able to get into the system without it running (all pinned on the fact it's hiding in the reg to auto start) then you can run AV tools to remove the other bits.

However be very careful. messing with the registry files can mean the end of your windows installation if you get it wrong!

hope that helps.
 
Well i have run a full scan using an updated version of windows defender offline...

It picked up a few things on a normal scan but i set it doing a full scan last night and it wasnt finished this morning.

Hopefully that will kill it and i can get back into windows and sort it out...

Time to get some more licenses for kaspersky i think...
 
I still cant get rid of this :( windows defender seemed to hurt it but within seconds it was back again!

Tried hitman pro kickstart but it doesnt seem to be working, something i read says it doesnt support multiboot / multi disk systems and i have raid 0 boot drives :(

I cant believe there isnt a way to get rid of this
 
Rabtech said:
Did you try this? This a System Restore started from command prompt, the malware shouldn't be running so you should be able to do this successfully.
Click to expand...

The OP already tried to get into safe mode (read the first post fully), and the newer versions of this virus can block access to safe mode.
 
demonix said:
The OP already tried to get into safe mode (read the first post fully), and the newer versions of this virus can block access to safe mode.
Click to expand...

Most people only try safe mode and safe mode with networking, ignoring the safe mode with command prompt. Thank you for your post, it helps the OP no end.

OP I'd suggest installing Windows on a different physical drive (if you have one), that way once the RAID drivers are installed, it'll pick up your RAID 0 array. Then from the 'clean' drive run all the usual antivirus/malware scans on the RAID 0 drives. Power down, change boot order or remove the 'clean' drive and retest.
 
Well i finally got rid of it...

Windows offline defender seemed to wound it enough on the 3rd attempt with it to give me chance to start a task manager which i then used to start explorer, and then downloaded malware bytes which seemed to stop it.

Hitman pro was useless

Kaspersky rescue disk 10 was useless

I have paid for a new copy of kaspersky antivirus 2013 and just installed and updating that.

Got very close to having to reinstall then...

Something still seems to be trying to start up when i login but it looks like enough has now been deleted of it that it cant do anything..
 
You should still format. It's impossible to clean a machine 100% after it has been compromised.

No amount of AV will help. You were probably infected because you had an out of date piece of software on your machine. Keep everything up to date using Secunia PSI.
 
Well the plan is to be reformatting soon anyway, just didnt intend on been forced into it..

Since installing kaspersky its been quietly killing stuff via scans, all the random spurious reboots have stopped too that i thought was down to a memory problem i couldn't get to the bottom of it
 
You must log in or register to reply here.
Back
Top Bottom