Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't remove RCMP Ukash virus


  • Please log in to reply
2 replies to this topic

#1 Twinbird

Twinbird

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:05:43 PM

Posted 10 April 2013 - 02:05 PM

I've been trying to remove this virus with no avail.

The problem: RCMP Ukash virus. When XP (32bit) attempts to start up, the desktop background appears and nothing else except this fake page telling me to send money to have my PC unlocked (looks like this http://tinyurl.com/cdyb567). There is a short period in which the taskbar and icons do load (during this time I can open up task manager, my computer, etc.). I am not able to start safe mode.

What I've tried: I've ran the bootable Windows Defender Offline which found a lot of things and apparently removed them. I've removed the HDD and scanned it with Malwarebytes and Avast which didn't help either. I used the Kaspersky Rescue Disc 10 (bootable) to run a scan (still didn't fix the problem). Used the AVG rescue disc, didn't remove the problem.


Any help would be appreciated!


Edited by Twinbird, 10 April 2013 - 05:46 PM.


BC AdBot (Login to Remove)

 


#2 zzz7

zzz7

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:43 PM

Posted 10 April 2013 - 04:22 PM

http://www.dslreports.com/forum/r28137887-RCMP-ransomware Running MBAM in safemode should catch it.

#3 Twinbird

Twinbird
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:05:43 PM

Posted 10 April 2013 - 05:54 PM

Thanks for the response.

 

I am still unable to start up in safe mode. I've tried running a scan using Malwarebytes with the HDD hooked up to a working PC, but this did not fix the problem. I plan to run Malwarebytes again on the infected PC if I am able to start in normal mode or safe mode. I am currently running a scan using the program specified in option 2 of this link: http://forums.anvisoft.com/viewtopic-45-3817-0.html (fingers crossed that this finally works).

 

Edit: I've removed the virus from help with a member from geekstogo, see: http://www.geekstogo.com/forum/topic/329177-cant-remove-rcmp-ukash-virus/page__gopid__2283746#entry2283746.


Edited by Twinbird, 10 April 2013 - 10:09 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users