Help! - Metropolitan Police Ukash Virus - Alfa Romeo Forum
You are currently unregistered, register for more features.    
The Technology Section A place to discuss technology & gadgets.

Reply
 
Thread Tools
(Post Link) post #1 of 40 Old 16-08-12 Thread Starter
Status: -
AO Platinum Member
 
Roswell's Avatar
 
Join Date: Mar 2004
Location: United Kingdom
County: Durham
Posts: 33,640
Help! - Metropolitan Police Ukash Virus

Ms R (DP) has the Metropolitan Police Ukash Virus on her netbook. I'm struggling to get rid of it. Help me please! :headbang:
Roswell is offline  
Sponsored Links
Advertisement
 
Status: pothole avoidance score - 9 out of 10
AO Silver Member
 
Laptop_Matt's Avatar
 
Join Date: Dec 2006
Location: United Kingdom
County: Derbyshire
Posts: 3,047
Garage
Ive seen 9 different versions of this now! The earlier versions are dead simple and you can boot into safe mode (F8 before windows starts) and remove it from the startup.

Some of them are really nasty and cause safe mode to lock up. They remove icons from your desktop and make it look like all of your documents and photo's are missing. They hide as a Wireless LAN client manager which you would not suspect as it looks like part of a harware driver.

These things normally hide in C:\Users\'Account Name'\Local Settings\Application Data\Temp

Usually an exe with a random number filename. You can just delete the whole temp folder contents although ive had a printer driver moan about doing this once.

If you cant get into safe mode, make a cd of ubuntu or I use parted magic which pxe boots over the network and you can see that all your documents do exist and you can try and delete the nasty file.

If its a later version its probably best reinstalling windows as it really does mess it up.

Sent on the back of an AA truck Using Tapatalk

2002 156 Selespeed Sportwagon|Koni FSD Dampers|Eibach Pro Springs|Fully Powerflexed Front & Rear|Eibach Sports Stabiliser ARB's|Lightweight Flywheel|Lighweight Crank Pulley|Colombo & Bariani Cams|Ported by Peak Alfa|Custom Remap by Gus|Wiechers Aluminium Strut Brace|GTA Uprights & Brembo 330mm Conversion|276mm GTA Rear's|GTA Steering Rack |Custom K&N Intake Pipe & Induction|Brand new Gearbox/Actuator|Quaife LSD|CF2 Decat Manifolds|Supersprint Centre Section|CSC Duplex Exhaust|GTA Interior
Laptop_Matt is offline  
(Post Link) post #3 of 40 Old 17-08-12 Thread Starter
Status: -
AO Platinum Member
 
Roswell's Avatar
 
Join Date: Mar 2004
Location: United Kingdom
County: Durham
Posts: 33,640
That's sounds quite complicated and above my ability level.

I managed to start the computer in safe mode and install Avast. I did a full scan and it detected nothing.
Roswell is offline  
Status: I'm not really here
Club Member
Membro Premio
 
Club Member Number: 59
Join Date: Aug 2006
Posts: 76,958
Garage
So is it working?
steveisfrowning is offline  
(Post Link) post #5 of 40 Old 17-08-12 Thread Starter
Status: -
AO Platinum Member
 
Roswell's Avatar
 
Join Date: Mar 2004
Location: United Kingdom
County: Durham
Posts: 33,640
Quote:
Originally Posted by steveisfrowning View Post
So is it working?
Only in safe mode. When I restart normally the virus returns.
Roswell is offline  
Status: pothole avoidance score - 9 out of 10
AO Silver Member
 
Laptop_Matt's Avatar
 
Join Date: Dec 2006
Location: United Kingdom
County: Derbyshire
Posts: 3,047
Garage
If you can get into safe mode you should be able to clear it.

In safe mode click Start>Run and type msconfig

Run that and the end tab is 'startup' which lists all the startup items

Lower down the list you should see some random number .exe trying to start up ie 1736372.exe. Or could be called wlan_mgr or something. Uncheck the check box click save and restart.

When your back in you could also locate the file and delete it for good although it wont do any harm now :-D

Sent on the back of an AA truck Using Tapatalk
Laptop_Matt is offline  
Status: pothole avoidance score - 9 out of 10
AO Silver Member
 
Laptop_Matt's Avatar
 
Join Date: Dec 2006
Location: United Kingdom
County: Derbyshire
Posts: 3,047
Garage
Oh yeah if your running Vista or Win7 youll have to type msconfig into the search thing on the start menu

Sent on the back of an AA truck Using Tapatalk
Laptop_Matt is offline  
(Post Link) post #8 of 40 Old 17-08-12 Thread Starter
Status: -
AO Platinum Member
 
Roswell's Avatar
 
Join Date: Mar 2004
Location: United Kingdom
County: Durham
Posts: 33,640
The netbook is running Windows 7 Starter.

How would I go about locating the file?
Roswell is offline  
Status: Bavarian
Admin Team
 
bobda's Avatar
 
Join Date: Jul 2002
County: -
Posts: 15,172

Member car:

Not a GT

Once you've removed the offending .exe from the startup items and rebooted the machine back into safe mode, you will need to change the folder options so that you can see hidden files & folders and hidden system files.
Organize>Folder & Search Options then the 'View' tab and change the setting for 'Hidden files & folders' to 'Show' and also uncheck 'Hide protected Operating System files'.

You might be better off downloading a version of Ubuntu onto a USB stick and running from that to delete the files because a lot of the time in the same folder as the nasty .exe file are a load of other fake shortcuts and .dll and .ini files and an autorun file which as soon as you open the folder reinstalls the virus. By booting onto the USB stick with Ubuntu running you can get access to the folder without triggering the autorun file.

Seen an offensive/spam post? Report it! Click the or button next to the post.
bobda is offline  
(Post Link) post #10 of 40 Old 17-08-12 Thread Starter
Status: -
AO Platinum Member
 
Roswell's Avatar
 
Join Date: Mar 2004
Location: United Kingdom
County: Durham
Posts: 33,640
What's Ubuntu?
Roswell is offline  
lisknik
Status: - Update
Guest
 
Posts: n/a
Home | Ubuntu

Daft question but i am using the latest ubuntu version, which i am still a relative novice with, does this virus affect that user system aswell??
 
Status: Bavarian
Admin Team
 
bobda's Avatar
 
Join Date: Jul 2002
County: -
Posts: 15,172

Member car:

Not a GT

It's a free operating system which you can either install instead of (or as well as) Windows or can just run from a USB stick and it'll give you access to your hard drives and the files on it.
bobda is offline  
Status: Broken again...
AO Platinum Member
 
GhostyDog's Avatar
 
Join Date: Sep 2005
Location: Right Side O The Pennines
County: West Yorkshire
Posts: 25,672
Geoff,

Boot in safe mode,

Create a new user account and make it an admin with a password.

Demote the wifes user account to a standard user.

Reboot

Login with admin account and use that to cleanse the machine, most of these viruses only affect the user account you are loggin on when yu contract it, so other ccounts shuld work as normal, however without looking into it i cant say what the specific attack vectors for this malware are and im about to go out.

If you can do the above and login as an admin without seeing the virus pop up Then its a start.



Sean

Nero Fuoco 147 Lusso - Bianco Nuvola 147 GTA - Carbonio Brera SV - Azzurro Le Mans GT 1600 Junior
GhostyDog is offline  
Status: -
AO Member
 
Sooty159's Avatar
 
Join Date: Jan 2011
Location: United Kingdom
County: Durham
Posts: 926

Member car:

159 Ti 2.4

Quote:
Originally Posted by GhostyDog View Post
Geoff,

Boot in safe mode,

Create a new user account and make it an admin with a password.

Demote the wifes user account to a standard user.

Reboot

Login with admin account and use that to cleanse the machine, most of these viruses only affect the user account you are loggin on when yu contract it, so other ccounts shuld work as normal, however without looking into it i cant say what the specific attack vectors for this malware are and im about to go out.

If you can do the above and login as an admin without seeing the virus pop up Then its a start.Sean
As above but then install malwarebytes

Malwarebytes : Free anti-malware download

and run that, we have had good results here with that
Sooty159 is offline  
(Post Link) post #15 of 40 Old 17-08-12 Thread Starter
Status: -
AO Platinum Member
 
Roswell's Avatar
 
Join Date: Mar 2004
Location: United Kingdom
County: Durham
Posts: 33,640
What I need is someone local, who's good with computers to fix it for me, for free!
Roswell is offline  
Status: I'm not really here
Club Member
Membro Premio
 
Club Member Number: 59
Join Date: Aug 2006
Posts: 76,958
Garage
I can also vouch for malwarebytes

and Gersty
steveisfrowning is offline  
Status: off down the shed.
AO Gold Member
 
alfacool's Avatar
 
Join Date: Mar 2007
Location: England.
County: Durham
Posts: 6,324
Quote:
Originally Posted by Doyle Police View Post
What I need is someone local, who's good with computers to fix it for me, for free!
CADGE MASTER strikes again.
alfacool is offline  
Status: -
AO Member
 
Sooty159's Avatar
 
Join Date: Jan 2011
Location: United Kingdom
County: Durham
Posts: 926

Member car:

159 Ti 2.4

Quote:
Originally Posted by Doyle Police View Post
What I need is someone local, who's good with computers to fix it for me, for free!
If you drop it round mine can have a look but got a busy weekend
planned so probably wouldn't get it sorted it Monday

If that's okay feel free
Sooty159 is offline  
(Post Link) post #19 of 40 Old 17-08-12 Thread Starter
Status: -
AO Platinum Member
 
Roswell's Avatar
 
Join Date: Mar 2004
Location: United Kingdom
County: Durham
Posts: 33,640
Quote:
Originally Posted by Sooty156 View Post
If you drop it round mine can have a look but got a busy weekend
planned so probably wouldn't get it sorted it Monday

If that's okay feel free
Thanks mate but just spoke to my mate next door, he got the same virus last night and managed to get rid of it. We're on with it now.
Roswell is offline  
Status: I'm not really here
Club Member
Membro Premio
 
Club Member Number: 59
Join Date: Aug 2006
Posts: 76,958
Garage
so what websites were your missus and he frequenting?
steveisfrowning is offline  
Status: -
AO Member
 
Sooty159's Avatar
 
Join Date: Jan 2011
Location: United Kingdom
County: Durham
Posts: 926

Member car:

159 Ti 2.4

Cool as really couldn't be chewed anyways

Let me know if you need owt
Sooty159 is offline  
(Post Link) post #22 of 40 Old 17-08-12 Thread Starter
Status: -
AO Platinum Member
 
Roswell's Avatar
 
Join Date: Mar 2004
Location: United Kingdom
County: Durham
Posts: 33,640
Quote:
Originally Posted by steveisfrowning View Post
so what websites were your missus and he frequenting?
Facetube and Youbook.

Quote:
Originally Posted by Sooty156 View Post
Cool as really couldn't be chewed anyways

Let me know if you need owt
No worries mate.

We're up to the running Malwarebytes stage... Fingers crossed.
Roswell is offline  
Status: -
AO Member
 
Sooty159's Avatar
 
Join Date: Jan 2011
Location: United Kingdom
County: Durham
Posts: 926

Member car:

159 Ti 2.4

It's a good bit of kit. You should be okay
Sooty159 is offline  
Status: pothole avoidance score - 9 out of 10
AO Silver Member
 
Laptop_Matt's Avatar
 
Join Date: Dec 2006
Location: United Kingdom
County: Derbyshire
Posts: 3,047
Garage
Had someone banging on the shop door this morning with this virus before I was even open!

There is a link with people getting the virus using Internet Explorer (complete junk). If the virus is removed without too much damage to windows i'd install google chrome.

Sent on the back of an AA truck Using Tapatalk
Laptop_Matt is offline  
(Post Link) post #25 of 40 Old 17-08-12 Thread Starter
Status: -
AO Platinum Member
 
Roswell's Avatar
 
Join Date: Mar 2004
Location: United Kingdom
County: Durham
Posts: 33,640
Will Firefox be okay?
Roswell is offline  
Reply

Go Back   Alfa Romeo Forum > Misc Lounges > Community Discussions > The Technology Section

Tags
metropolitan , police , ukash , virus

Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page



Similar Threads
Thread Thread Starter Forum Replies Last Post
Police driving Toronto Spider Way Off Topic 6 20-02-07 15:52

Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off

 
For the best viewing experience please update your browser to Google Chrome