Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Metropolitan Police UKASH Virus - Please Help!


  • This topic is locked This topic is locked
6 replies to this topic

#1 Vinster81

Vinster81

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:33 AM

Posted 04 October 2012 - 05:08 AM

Hi there,

Apology if this may have been repeated in other threads.

I have a virus which is completely taking over my laptop. I'm running Windows XP and it all seems to start up fine, though after 10-15seconds I receive the dreaded Metropolitan Police Ukash ransom screen, which i have no way of by passing.

Safe Mode unfortunately does not seem to work due to the virus so I am really unsure what I can do!!!

I am desperately trying to download some of my holiday pics which I stupidly did not back up so I'm trying my best not to panic hoping there is a solution to remove the virus.

PLEASE HELP!!!,

Thank You and Much Appreciated
Vinster

BC AdBot (Login to Remove)

 


#2 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:33 PM

Posted 06 October 2012 - 11:51 AM

Hello Vinster81 and welcome to BleepingComputer forums.

What is your version of Windows ?
What is your antivirus program?
Does this sys have any other security applications?

IF the system is Windows 7 or Vista, then do this:

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
    • Startup Repair
    • System Restore
    • Windows Complete PC Restore
    • Windows Memory Diagnostic Tool
    • Command Prompt Posted Image
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#3 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:33 PM

Posted 18 October 2012 - 08:19 AM

Closed due to lack of response.
~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#4 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:33 PM

Posted 23 October 2012 - 10:43 AM

@Vinster81
I have re-opened the topic. Please make sure you make timely responses. I close threads if there is no reply in 4 days.

Do this right away, if possible.

See Grinler's article here
http://www.bleepingcomputer.com/virus-removal/remove-fbi-monkeypak-ransomware

See the section titled Automated Removal Instructions
Follow his instructions to get into Safe Mode with Networking
and do the rest of the steps listed after that (including the tool from from Emsisoft

Report back with the results.

~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#5 Vinster81

Vinster81
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:33 AM

Posted 25 October 2012 - 03:56 AM

Hi,

Thanks for your help but unfortunately the solution did not work. When I try to boot up in safe mode, it attempts to start up windows for a few seconds but returns back to the BIOS.

It attempts to load the registry files but after a few seconds I'm sent back to the BIOS.

Any ideas?

Thanks
Vinster81

#6 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:33 PM

Posted 25 October 2012 - 03:23 PM

Unfortunatly, there is not much hope without your being able to get into Safe Mode or Safe Mode with Networking.
I would suggest you carefully & slowly try to get into each mode again, one at a time.

Otherwise, IF you have a mirror-image backup of your system from before the disaster, you could try putting that back.

Other than that, The MS Knowledge Base article noted below, may help in restoring a "prior XP System Restore point", in the case where you are unable to do this from a Windows session. This article describes how to start the System Restore tool when you are unable to start your Windows XP-based computer normally or in Safe mode.
You may be able to do it from a "special command prompt"..."Safe Mode with Command Prompt".


It would seem the requirements would be:
1. You had restore point(s) from before. (Which also means System Restore is active on your XP.)
2. You have to be able to "selectively" bootup your pc into "Safe mode with command prompt".
3. Follow the directions to use "rstrui.exe" the XP System Restore program.


HOW TO: Start the System Restore Tool from a Command Prompt (KB 304449)
http://support.microsoft.com/kb/304449



BTW, if you have the Windows XP operating system that came with this pc, speak up.
~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#7 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:33 PM

Posted 08 November 2012 - 10:55 AM

Closed due to lack of response.
~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users