Alfa Romeo Forum banner

1 - 20 of 40 Posts

·
Registered
Joined
·
33,643 Posts
Discussion Starter #1
Ms R (DP) has the Metropolitan Police Ukash Virus on her netbook. I'm struggling to get rid of it. Help me please! :headbang:
 

·
Registered
Joined
·
3,055 Posts
Ive seen 9 different versions of this now! The earlier versions are dead simple and you can boot into safe mode (F8 before windows starts) and remove it from the startup.

Some of them are really nasty and cause safe mode to lock up. They remove icons from your desktop and make it look like all of your documents and photo's are missing. They hide as a Wireless LAN client manager which you would not suspect as it looks like part of a harware driver.

These things normally hide in C:\Users\'Account Name'\Local Settings\Application Data\Temp

Usually an exe with a random number filename. You can just delete the whole temp folder contents although ive had a printer driver moan about doing this once.

If you cant get into safe mode, make a cd of ubuntu or I use parted magic which pxe boots over the network and you can see that all your documents do exist and you can try and delete the nasty file.

If its a later version its probably best reinstalling windows as it really does mess it up.

Sent on the back of an AA truck Using Tapatalk
 

·
Registered
Joined
·
33,643 Posts
Discussion Starter #3
That's sounds quite complicated and above my ability level.

I managed to start the computer in safe mode and install Avast. I did a full scan and it detected nothing.
 

·
Registered
Joined
·
3,055 Posts
If you can get into safe mode you should be able to clear it.

In safe mode click Start>Run and type msconfig

Run that and the end tab is 'startup' which lists all the startup items

Lower down the list you should see some random number .exe trying to start up ie 1736372.exe. Or could be called wlan_mgr or something. Uncheck the check box click save and restart.

When your back in you could also locate the file and delete it for good although it wont do any harm now :-D

Sent on the back of an AA truck Using Tapatalk
 

·
Registered
Joined
·
3,055 Posts
Oh yeah if your running Vista or Win7 youll have to type msconfig into the search thing on the start menu

Sent on the back of an AA truck Using Tapatalk
 

·
Registered
Joined
·
33,643 Posts
Discussion Starter #8
The netbook is running Windows 7 Starter.

How would I go about locating the file?
 

·
Registered
Joined
·
15,172 Posts
Once you've removed the offending .exe from the startup items and rebooted the machine back into safe mode, you will need to change the folder options so that you can see hidden files & folders and hidden system files.
Organize>Folder & Search Options then the 'View' tab and change the setting for 'Hidden files & folders' to 'Show' and also uncheck 'Hide protected Operating System files'.

You might be better off downloading a version of Ubuntu onto a USB stick and running from that to delete the files because a lot of the time in the same folder as the nasty .exe file are a load of other fake shortcuts and .dll and .ini files and an autorun file which as soon as you open the folder reinstalls the virus. By booting onto the USB stick with Ubuntu running you can get access to the folder without triggering the autorun file.
 

·
Registered
Joined
·
33,643 Posts
Discussion Starter #10
What's Ubuntu?
 
L

·
Guest
Joined
·
0 Posts
Home | Ubuntu

Daft question but i am using the latest ubuntu version, which i am still a relative novice with, does this virus affect that user system aswell??
 

·
Registered
Joined
·
25,673 Posts
Geoff,

Boot in safe mode,

Create a new user account and make it an admin with a password.

Demote the wifes user account to a standard user.

Reboot

Login with admin account and use that to cleanse the machine, most of these viruses only affect the user account you are loggin on when yu contract it, so other ccounts shuld work as normal, however without looking into it i cant say what the specific attack vectors for this malware are and im about to go out.

If you can do the above and login as an admin without seeing the virus pop up Then its a start.

;)

Sean
 

·
Registered
Joined
·
926 Posts
Geoff,

Boot in safe mode,

Create a new user account and make it an admin with a password.

Demote the wifes user account to a standard user.

Reboot

Login with admin account and use that to cleanse the machine, most of these viruses only affect the user account you are loggin on when yu contract it, so other ccounts shuld work as normal, however without looking into it i cant say what the specific attack vectors for this malware are and im about to go out.

If you can do the above and login as an admin without seeing the virus pop up Then its a start.Sean
As above but then install malwarebytes

Malwarebytes : Free anti-malware download

and run that, we have had good results here with that:thumbs:
 

·
Registered
Joined
·
33,643 Posts
Discussion Starter #15
What I need is someone local, who's good with computers to fix it for me, for free! :D
 

·
Registered
Joined
·
926 Posts
What I need is someone local, who's good with computers to fix it for me, for free! :D
If you drop it round mine can have a look but got a busy weekend
planned so probably wouldn't get it sorted it Monday

If that's okay feel free
 

·
Registered
Joined
·
33,643 Posts
Discussion Starter #19
If you drop it round mine can have a look but got a busy weekend
planned so probably wouldn't get it sorted it Monday

If that's okay feel free
Thanks mate but just spoke to my mate next door, he got the same virus last night and managed to get rid of it. We're on with it now.
 
1 - 20 of 40 Posts
Top