Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Metropolitan Police Central e-Crime Unit


  • This topic is locked This topic is locked
6 replies to this topic

#1 joedurham

joedurham

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 08 November 2012 - 12:13 PM

I'm running XP

First of all, I apologise that I haven't followed the steps advised before posting. This is because I can't do anything useful at all on the PC in question. As soon as Windows starts, there is a Ransomeware demand for u-kash, which prevents me from doing anything at all.

I know that there are various tools to remove stuff like this, so I first of all tried to restart my PC in safe mode. However, when I hit F8 and choose 'Start Windows in Safe mode", the PC runs some scripts, then shuts down and restarts. This happens repeatedly. I've also tried to boot off a USB stick, but that didn't work. I haven't got an XP boot disk, so I'm not sure what to try next.

BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,967 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:54 AM

Posted 11 November 2012 - 09:26 AM

Greetings joedurham and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:


===================================================


Ground Rules:

  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me about it.
  • When you post your reply, do not use the Posted Image button but use the Posted Image button instead.
  • In the upper right hand corner of the topic you will see the Posted Image button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:

===================================================


Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Let's start with this.


===================================================


Kaspersky WindowsUnlocker

--------------

To complete this process you will need a USB device with at least 256 MB of free space.

  • On a clean computer download Kaspersky WindowsUnlocker and save it to your desktop
  • Now Download rescue2usb.exe and save it to your desktop
  • Double click rescue2usb.exe
  • Select Run, then Install
  • On the Kaspersky USB Rescue Disk Maker window, click Browse, then then click Desktop on the left
  • Double click kav_rescue_10.iso
  • Select the required USB device from the drop-down menu if not already listed
  • Click START


    Posted Image

  • Wait until the process is complete
  • Click OK
  • Remove the USB device from your clean computer and insert it into the infected computer
  • Boot your infected computer
  • As the computer boots up gently tap F12 and choose to boot from Removable or USB Devices (or something similar)
  • When the Kaspersky Rescue Disk screen appears press any key within 10 seconds


    Posted Image

  • Press Enter on English which should be highlighted by default
  • Press 1 to accept the agreement
  • Press Enter on Kaspersky Rescue Disk. Graphic Mode which should be highlighted by default
  • Once the program loads click Exit on the Scan your computer screen, then click Yes on the warning pop up window
  • Click the Posted Image button in the bottom left hand corner of the screen
  • Select Terminal
  • At the command prompt type windowsunlocker and press Enter


    Posted Image

  • On the root: windowsunlocker screen press 1 (Unlock Windows) and press Enter


    Posted Image

  • The program will clean the registry and display the results in the window


    Posted Image

  • Now press 2 (Save boot sector copies) and press Enter


    Posted Image

  • Type 0 then press Enter
  • If the window does not close type Exit and press Enter
  • On the desktop double click File manager
  • Click on Custom Path located just above the C: folder
  • Double click the Var folder
  • Double click the kl folder
  • Make sure the WUnlocker 1.0 file is present


    Posted Image

  • Close the window
  • Click the Posted Image button in the bottom left hand corner of the screen
  • Select Shutdown then click Yes
  • Remove the USB device and attempt to boot your computer into Normal Mode

===================================================


Things I would like to see in your next reply. :thumbsup2:

  • Did your computer successfully boot?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 joedurham

joedurham
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 11 November 2012 - 12:48 PM

Hi Gary

Thank you so much for your reply. I realise that you guys are busy, so I took some steps to recover my PC (I had data that was needed urgently).

1) I downloaded a Boot CD (Hiren's)and ran Mini-XP. This allowed me to access my USB ports.
2) I downloaded Emsisoft Emergency Kit and ran a scan from a USB-stick.

When I restarted my PC, I was able to use it as normal (the Metropolitan Police e-Crime screen didn't appear) but there was no sound/audio from the PC. Safe mode was also still inoperative. I therefore

3) used system restore to go back prior to the infection.

My PC is now apparently OK, though I do not know if any other 'features' are 'lurking'.

Sorry for jumping the gun - do you recommend that I take any additional action?

Edited by joedurham, 11 November 2012 - 12:49 PM.


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,967 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:54 AM

Posted 11 November 2012 - 02:37 PM

Hi joedurham,

Sorry for jumping the gun - do you recommend that I take any additional action?

No problem at all, I understand. It is hard to say whether or not additional steps are necessary. If you want to pursue further steps just let me know and I will provide additional tasks for you. It is completely up to you.

BTW, thank you for your understanding. We do get busy at times and try to get to things as fast as we can. Sometimes not fast enough.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 joedurham

joedurham
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 11 November 2012 - 03:50 PM

Hi Gary

Thank you for your advice. My PC seems to be working perfectly normally now, and I don't want to delay you helping someone who really needs it. Your time is valuable, so I won't waste any more of it. Please treat this case as 'closed'.


Joe

#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,967 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:54 AM

Posted 11 November 2012 - 03:55 PM

Hi joedurham,

Thank you for your consideration of others. I will provide you with some information about keeping your computer clean and I will leave the topic open for a couple of days just in case something pops up.


Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read:

In addition, here are some more links you might find of interest:


I will leave this topic open for just a couple of days in case you have any further issues then it will be closed shortly thereafter.

Thank you for placing your trust in BleepingComputer. It was a pleasure serving you. Posted Image
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,967 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:54 AM

Posted 13 November 2012 - 10:08 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users