Help! - Metropolitan Police Ukash Virus
1 - 20 of 40 Posts
Joined
·
3,055 Posts
Ive seen 9 different versions of this now! The earlier versions are dead simple and you can boot into safe mode (F8 before windows starts) and remove it from the startup.
Some of them are really nasty and cause safe mode to lock up. They remove icons from your desktop and make it look like all of your documents and photo's are missing. They hide as a Wireless LAN client manager which you would not suspect as it looks like part of a harware driver.
These things normally hide in C:\Users\'Account Name'\Local Settings\Application Data\Temp
Usually an exe with a random number filename. You can just delete the whole temp folder contents although ive had a printer driver moan about doing this once.
If you cant get into safe mode, make a cd of ubuntu or I use parted magic which pxe boots over the network and you can see that all your documents do exist and you can try and delete the nasty file.
If its a later version its probably best reinstalling windows as it really does mess it up.
Sent on the back of an AA truck Using Tapatalk
Some of them are really nasty and cause safe mode to lock up. They remove icons from your desktop and make it look like all of your documents and photo's are missing. They hide as a Wireless LAN client manager which you would not suspect as it looks like part of a harware driver.
These things normally hide in C:\Users\'Account Name'\Local Settings\Application Data\Temp
Usually an exe with a random number filename. You can just delete the whole temp folder contents although ive had a printer driver moan about doing this once.
If you cant get into safe mode, make a cd of ubuntu or I use parted magic which pxe boots over the network and you can see that all your documents do exist and you can try and delete the nasty file.
If its a later version its probably best reinstalling windows as it really does mess it up.
Sent on the back of an AA truck Using Tapatalk
Joined
·
77,396 Posts
So is it working?
Joined
·
33,643 Posts
Only in safe mode. When I restart normally the virus returns.
Joined
·
3,055 Posts
If you can get into safe mode you should be able to clear it.
In safe mode click Start>Run and type msconfig
Run that and the end tab is 'startup' which lists all the startup items
Lower down the list you should see some random number .exe trying to start up ie 1736372.exe. Or could be called wlan_mgr or something. Uncheck the check box click save and restart.
When your back in you could also locate the file and delete it for good although it wont do any harm now :-D
Sent on the back of an AA truck Using Tapatalk
In safe mode click Start>Run and type msconfig
Run that and the end tab is 'startup' which lists all the startup items
Lower down the list you should see some random number .exe trying to start up ie 1736372.exe. Or could be called wlan_mgr or something. Uncheck the check box click save and restart.
When your back in you could also locate the file and delete it for good although it wont do any harm now :-D
Sent on the back of an AA truck Using Tapatalk
Joined
·
3,055 Posts
Oh yeah if your running Vista or Win7 youll have to type msconfig into the search thing on the start menu
Sent on the back of an AA truck Using Tapatalk
Sent on the back of an AA truck Using Tapatalk
Joined
·
15,172 Posts
Once you've removed the offending .exe from the startup items and rebooted the machine back into safe mode, you will need to change the folder options so that you can see hidden files & folders and hidden system files.
Organize>Folder & Search Options then the 'View' tab and change the setting for 'Hidden files & folders' to 'Show' and also uncheck 'Hide protected Operating System files'.
You might be better off downloading a version of Ubuntu onto a USB stick and running from that to delete the files because a lot of the time in the same folder as the nasty .exe file are a load of other fake shortcuts and .dll and .ini files and an autorun file which as soon as you open the folder reinstalls the virus. By booting onto the USB stick with Ubuntu running you can get access to the folder without triggering the autorun file.
Organize>Folder & Search Options then the 'View' tab and change the setting for 'Hidden files & folders' to 'Show' and also uncheck 'Hide protected Operating System files'.
You might be better off downloading a version of Ubuntu onto a USB stick and running from that to delete the files because a lot of the time in the same folder as the nasty .exe file are a load of other fake shortcuts and .dll and .ini files and an autorun file which as soon as you open the folder reinstalls the virus. By booting onto the USB stick with Ubuntu running you can get access to the folder without triggering the autorun file.
L
lisknik
·Guest
Joined
·
0 Posts
Home | Ubuntu
Daft question but i am using the latest ubuntu version, which i am still a relative novice with, does this virus affect that user system aswell??
Daft question but i am using the latest ubuntu version, which i am still a relative novice with, does this virus affect that user system aswell??
Joined
·
25,673 Posts
Geoff,
Boot in safe mode,
Create a new user account and make it an admin with a password.
Demote the wifes user account to a standard user.
Reboot
Login with admin account and use that to cleanse the machine, most of these viruses only affect the user account you are loggin on when yu contract it, so other ccounts shuld work as normal, however without looking into it i cant say what the specific attack vectors for this malware are and im about to go out.
If you can do the above and login as an admin without seeing the virus pop up Then its a start.
Sean
Boot in safe mode,
Create a new user account and make it an admin with a password.
Demote the wifes user account to a standard user.
Reboot
Login with admin account and use that to cleanse the machine, most of these viruses only affect the user account you are loggin on when yu contract it, so other ccounts shuld work as normal, however without looking into it i cant say what the specific attack vectors for this malware are and im about to go out.
If you can do the above and login as an admin without seeing the virus pop up Then its a start.
Sean
Joined
·
926 Posts
As above but then install malwarebytes
Malwarebytes : Free anti-malware download
and run that, we have had good results here with that:thumbs:
Joined
·
77,396 Posts
I can also vouch for malwarebytes
and Gersty
and Gersty
Joined
·
6,363 Posts
CADGE MASTER strikes again. :lol:What I need is someone local, who's good with computers to fix it for me, for free!
Joined
·
926 Posts
If you drop it round mine can have a look but got a busy weekendWhat I need is someone local, who's good with computers to fix it for me, for free!
planned so probably wouldn't get it sorted it Monday
If that's okay feel free
Joined
·
33,643 Posts
Thanks mate but just spoke to my mate next door, he got the same virus last night and managed to get rid of it. We're on with it now.
Joined
·
77,396 Posts
so what websites were your missus and he frequenting?
1 - 20 of 40 Posts
Join the discussion
Join now to ask and comment!