Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ukash Virus on Work laptop running Windows XP


  • Please log in to reply
6 replies to this topic

#1 Irishman_27

Irishman_27

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:48 AM

Posted 08 February 2013 - 11:31 AM

Hi,
 
The laptop I use for work appears to have contracted the UKash Virus (Canadian Version).  It is running Windows XP SP3 and can no longer seemingly access the internet.
 
I have done some reading on the topic and have tried a few things by downloading programs to a USB stick on another PC and trying to run those programs from Safe Mode Networking on the infected PC.
 
1) Attempted to install MalwareBytes on the infected laptop.  However I ran into a problem on the install saying Run Time Error 372 - failed to load control vbalGrid from vbalgrid6.ocx - I then uninstalled the software
 
2) Attempted to install HitmanProKickstart on a USB stick and then boot the infected laptop from the USB stick.  However it gave me an error "SA not found" which I think it a result of PointSec running on the PC.
 
I have done some more reading on the topic and am looking at Combofix but I'm concerned about screwing something else up without being supervised.
 
As I mentioned it's a work laptop and probably a result of me installing something like BitTorrent or something else our IT people would not be happy about so I am trying to solve the problem without their involvement.
 
Any advice?  Thanks in advance.

Edit: Moved topic from XP to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:48 AM

Posted 08 February 2013 - 12:20 PM

Welcome aboard

 

Please follow the instructions in ==>This Guide<== starting at Step 6.  If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<==  Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 Irishman_27

Irishman_27
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:48 AM

Posted 08 February 2013 - 01:27 PM

Thanks - the latest problem is actually posting the logs to this forum.  I have no way to get the log from the infected laptop back to the internet.  Can't connect and the work laptop won't allow me to write external media.  I suppose I could do screenshots with a camera and then convert the picture back to text somehow.  Wow.



#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:48 AM

Posted 08 February 2013 - 01:29 PM

Can't you use USB Flash drive and the computer you're posting from?


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:48 AM

Posted 08 February 2013 - 01:52 PM

I strongly suggest you contact your IT people.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#6 caperjac

caperjac

  • Members
  • 1,649 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NS. CAN
  • Local time:08:48 AM

Posted 09 February 2013 - 08:00 AM

hi, you could try a antivirus boot cd .many found i nthis link ,i  suggest AVG or Sophos ,good luck

http://www.sophos.com/en-us/support/knowledgebase/52011.aspx

 

http://www.avg.com/ca-en/avg-rescue-cd


Edited by caperjac, 09 February 2013 - 08:02 AM.

My answers are my opinion only,usually


#7 Irishman_27

Irishman_27
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:48 AM

Posted 09 February 2013 - 09:04 AM

Thanks everybody for your help - this morning I am trying to run Emsisoft Emergency Kit on the machine to detect the Malware.  It found and quarantined 42 issues but is now having trouble cleaning the remaining Rootkit.  However this is by far the most progress I have made to date. I tried a boot cd yesterday from Kaspersky but it didn't seem to do the trick.  So now I am on the Emsisoft site looking at recommendations to remove the rootkit.

 

This is the last kick at the can.  Taking it to my I.T. department on Monday if this doesn't work :(  Broni is probably right.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users