Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

i've got a doozie of a virus


  • Please log in to reply
7 replies to this topic

#1 jazzermonty

jazzermonty

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:22 PM

Posted 16 February 2012 - 05:56 PM

Ok,so im posting from my phone as it's the only working device I have left. I have two infected machines, but will deal with them one at a time. ok problem one:
I have a netbook that runs xp home edition. Can't say which service pack for the following reasons:
The virus takes over the whole os.
I can't boot in safe mode.
When I try safe mode I get the blue screen of death.

The machine then boots in normal mode.u
I can't get task manager to stay loaded for more than 10 seconds.
The whole compter then locks with screen that demands payment of £50 to unlock.
It claims illegal use of os (pornograpghy, illegal software etc)
This ransom virus has disabled the whole system.

Help!

Edited by hamluis, 16 February 2012 - 06:17 PM.
Moved from XP to Am I Infected.


BC AdBot (Login to Remove)

 


#2 jazzermonty

jazzermonty
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:22 PM

Posted 16 February 2012 - 05:57 PM

Please excuse typo's. My phone isn't as good as a keyboard.

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:22 PM

Posted 17 February 2012 - 01:21 AM

Can you get to do a System Restore to a daye before this started?


How to start the System Restore tool by using the safe mode option with the
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 jazzermonty

jazzermonty
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:22 PM

Posted 20 February 2012 - 08:43 AM

Can you get to do a System Restore to a daye before this started?


How to start the System Restore tool by using the safe mode option with the

Hi boopme

I'm using a work computer to reply to this so my interactions may be out of sync a little. To answer your qustion above the answer is no. I can't get the machine to boot in safe mode at all. It always starts in full windows mode. I can't do REGEDIT, can'd do Alt, Crl, Delete nor get DOS to run. As soon as it boots the ransom window appears then after a few seconds windows reports a problem. At this point the pc is completely unresponsive and I can't even click on the windows button to close the browser down. I will try and post an image of this later.

#5 jazzermonty

jazzermonty
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:22 PM

Posted 20 February 2012 - 10:39 AM

Hello again

After a bit more digging it appears that I have a version of the UKash virus. It doesn't associate itself with the police or boarder patrols like the other examples I've seen but the impact is the same and the UKash logo is appearing in the window.

Thanks

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:22 PM

Posted 20 February 2012 - 02:53 PM

Let's get a deeper look. Please go here....Preparation Guide ,do steps 6-9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If GMER won't run skip it and move on.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 jazzermonty

jazzermonty
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:22 PM

Posted 20 February 2012 - 04:12 PM

Let's get a deeper look. Please go here....Preparation Guide ,do steps 6-9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If GMER won't run skip it and move on.

Let me know if that went well.

Hi boopme

Will do. Have managed to do a system restore and ran combofix and everything seems clear. Will take your advice and do what you say above to ensure everything is fine. If not I'll repost in the correct area.

Thanks for your help.

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:22 PM

Posted 20 February 2012 - 04:31 PM

Include the ComboFix log then also...
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users