UKASH Virus .....again :(

Darren,

sorry to hear of your problems, I hope you can get it sorted.

Would you mind telling me how you picked up this virus, it's just to satisfy my curiosity.

Andy

Not to be a pest or pain, but I too would like to know any information as to how you picked this one up? o.O

Try this suggestion from Jacee:
ADWcleaner

AdwCleaner is a good program, and is used to remove malware remnants if the system is not locked by the ransomware. I am sure our Jacee's (whom I have known and worked with for years) recommendation was in this type of scenario.

In darrenj1471's predicament, with the computer locked by the ransomware, it is another story.

There are some bootable CDs used to remove the locked ransomware.
Some that come to mind are:

HitmanPro.Kickstart
Kaspersky WindowsUnlocker
Dr.Web® LiveCD

Have personally experienced success with HitmanPro.Kickstart, however, have not tried the Kaspersky's bootable CD above. HitmanPro.Kickstart marketing has focused on ransomware removal.

There are also other methods such as going into Safe Mode with Networking, and launching MSConfig, but sometimes the ransomware takes over in Safe Mode also.

These infections are sometimes a bear to get rid of.


From Wiki-Security: Method of Infection

There are many ways your computer could get infected with Ukash Virus. Ukash Virus can come bundled with shareware or other downloadable software.

Another method of distributing Ukash Virus involves tricking you by displaying deceptive pop-up ads that may appear as regular Windows notifications with links which look like buttons reading Yes and No. No matter which "button" that you click on, a download starts, installing Ukash Virus on your system.

Ukash Virus installs on your computer through a trojan and may infect your system without your knowledge or consent.

Have also seen reported where an email with certain content has gotten some Users infected.

We could go through the registry if you would like

If the computer is locked, it won't be thru Start > Run, type in: regedit

Yes I kno it will be from the installation DVD

What AntiVirus program are you using? Is it not picking up this infection when you go to its source?

Three times infected with the same thing is not good.


Please go to the Farbar Recovery Scan Tool Download page.
Select the 64-bit download.
Save the program to a USB pendrive, or an external hard drive.

Next, plug the drive into the problem computer.



>>>Restart

• As soon as the BIOS is loaded begin tapping the F8 key until the Advanced Boot Options menu appears.
• Use the arrow keys to select the Repair your computer menu item.
• Select your language settings, and click: Next
• Select your User account and click: OK (If you did not set a password, leave blank.)

On the System Recovery Options menu you get the following options:

• Startup Repair
• System Restore
• Windows Complete PC Restore
• Windows Memory Diagnostic Tool
• Scan your computer's memory for errors.
• Command Prompt

Select Command Prompt

• In the Command window, at the bliking cursor type notepad and press: Enter
• In Notepad, under the File menu select: Open
• Double-click Computer, find the flash drive letter, remember what letter it is, click on it, and press: Open
• Close out of Notepad.
• Click the Command Prompt window
• Type g:\frst64.exe, and press: Enter
  Note: Replace the drive letter g with the drive letter of your flash drive!
• The tool starts and prepares to run. Follow the prompts.
• Click Yes to the disclaimer.
• Press: Scan

When done scanning, the program saves a FRST.txt report on the flash drive.


Close Notepad, then, click the Command prompt window, and type exit, and press: Enter
Remove the USB drive.
Back at the System Recovery Options, press: Shutdown


Please provide the FRST.txt in your reply.
It is located in the USB drive.

Note: If you have any older copy of FRST on the external drive, please remove it, as this program is updated very frequently. You need the newest version.