Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

UKash removal and file repair


  • Please log in to reply
3 replies to this topic

#1 John D W

John D W

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 28 February 2013 - 10:07 AM

Windows 7 ( 64 Byte)

 

I recently got attacked by the Ukash virus. I re-started in safe mode and used a restore point to get things running again. I have noticed that PDF,JPEG,WORD files no longer open. Also IE favourites doesn't open.. These files do not open when I transfer them (via USB stick) to another computer. I've received advice from various forums which I've tried. I've downloaded and ran allsorts of software. Either no problems were found or 100's were found which require a payment to fix. My computer is loaded with downloads which include, root cleaner,antispyware,malware,registry cleaners,windows defender,CClean,rkill,BD removal,mbam,tdskiller, etc etc. I've tried them all and to be honest lost track of which one I should be using.

 

Is there a recommended approach to

 

a) Checking for an infected computer

B) Fixing Problems

C) Restoring Damaged Files

 

What sequence should registry fix,root cleaners,malware,spyware etc be used ?

 

The AVG protection I have installed did not detect anything.

 

I also understand that restore points themselves can be infected. Any help would be appreciated


Edited by hamluis, 28 February 2013 - 10:31 AM.
No logs, moved from Malware Removal Logs to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,113 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:01 AM

Posted 28 February 2013 - 11:13 AM

Hello,

First of all, did you see BC's removal guides for the different ransomware variants?

 

 

http://www.bleepingcomputer.com/virus-removal/remove-urausy-fbi-ransomware

http://www.bleepingcomputer.com/virus-removal/remove-fbi-anti-piracy-warning-ransomware

http://www.bleepingcomputer.com/virus-removal/remove-fbi-online-agent-ransomware

http://www.bleepingcomputer.com/virus-removal/remove-complete-an-offer-infection

http://www.bleepingcomputer.com/virus-removal/remove-police-central-e-crime-unit-reveton-ransomware

http://www.bleepingcomputer.com/virus-removal/remove-fbi-monkeypak-ransomware

 

Ransomware can sometimes be different to remove and in my experience identification is an important step. After that you can often clean up a lot manually and use automated tools to do the rest.

 

Please let me know if you have at this point still need of malware removal help and/or if you have any further question. :)


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 John D W

John D W
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 01 March 2013 - 09:34 AM

Hi Elise

 

Thanks for the advice. I downloaded the Emisisoft Emergency Kit and ran it, It detected various medium risk problems and a high risk one which was WIN32,Scramble Wrapper. I moved all to quarantitne. Why not delete them ?

 

However, the PDF,WORD.EXCEL.JPEG files still do not open and neither do IE Favourites so even though I've pushed to one side a bad threat I'm still with the same problem of not being able to open files. FILE NOT RECOGNISED BY ADOBE READER (PDF). PHOTO VIEWER CANNOT OPEN THIS FILE (Jpeg).etc

 

Any more ideas would be appreciated in getting these files to open. Oddly enough Ukash wasn't detected so perhaps I got rid of it when I previously ran RKILL which at the same time didn't detect WIN32 Scramble Wrapper.

 

Many Thanks



#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,113 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:01 AM

Posted 01 March 2013 - 10:01 AM

 Why not delete them ?

If you quarantine files, you have always a chance to restore them in case a file is falsely detected.

The scramble wrapper detection is nothing harmful.

 

As for the files, it is possible you were hit by a variant that encrypted actual files. Chances of recovery in that case aren't that good, but you can try to right click the file and select "restore previous version".


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users