UKASH Virus .....again :(

[darrenj1471]

Hi

Report attached (sorry was away). I haven't deleted the results though.....ie I did scan and closed app. Should I delete?

 

[VistaKing]

darrenj1471

Lets see what cottonball says . I don't see any virus files

 

[cottonball]

As far as malware goes, do not see any on the RogueKiller report.

The following entries are, to my understanding, some type of AVG request to provide additional protection:
[TASK][SUSP PATH] ROC_REG_JAN_DELETE.job : C:\ProgramData\AVG January 2013 Campaign\ROC.exe /DELETE_FROM_SYSTEM=1 [7] -> FOUND
[TASK][SUSP PATH] ROC_REG_JAN_DELETE : C:\ProgramData\AVG January 2013 Campaign\ROC.exe /DELETE_FROM_SYSTEM=1 [7] -> FOUND

Looks as if you may have accepted it.

 

[darrenj1471]

So....Im done? I shouldn't delete those 4 registry results found by RogueKiller? How on earth am I getting this over and over?

I will now use that tool to uninstall AVG and install MSE but Im paranoid about my internet banking etc so presume there is nothing lingering around on this machine which could be bad ??

 

[cottonball]

The following program may show areas in which there are vulnerabilities.

Let’s check the Security status with the following: Security Check
http://screen317.spywareinfoforum.org/
Save to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside the black box.

When done, a Notepad report opens automatically, called: checkup.txt

Please post the checkup.txt in your reply.

Note:
Please do not take any corrective actions!!

 

[cottonball]

Still need to look at the results of Security Check, however, in any event, you may want to change all passwords, in particular to bank accounts and credit cards. Also include passwords used to access websites on the Internet.
Use a different and clean computer to do so, and use passwords that are difficult to figure out.

Download and install an AntiVirus program and an anti-malware program like Malwarebytes-AntiMalware, before connecting to the Internet again.

Use the Windows Firewall, or download a free one:

ZoneAlarm Free Firewall
Best Free Firewall

Outpost Firewall Free
Best Free Firewall

Online Armor Free
Best Free Firewall

A Firewall monitors your system's communication between your network and the Internet and helps stop intrusions and attacks.

If you do a Google search, there may be other free Firewalls available. Also, someone here might suggest one.

 

[darrenj1471]

Cottonball are you still here?

 

[DustSailor]

Mate, now may be a good time to consider a clean install of the system, if you are able and willing: Installing and reinstalling Windows 7

Don't feel pressured, but it is a very good option to ensure that everything is ship-shape. back up important files first, and before putting them back on the computer, make sure you have an adaquat antivirus installed before-hand. I wouldn't use an extra firewall, because far too many times more problems are created by them, unless you are an advanced user. Besides, windows firewall does an adequate job itself, including the smartscreen filter.

EDIT: [If you prefer to keep the system, let me know, and I'll try to help you out in addition to anyone else.] Reading back, you've been helped by an excellent team.

Forgive me if I mentioned something already covered, as I have not yet read through this topic. Cheers!

 

[darrenj1471]

please see my latest post where I mention I have the virus again for 3 rd time and this time its worse. I would happily reinstall windows once I can get access to back up some files

 

[DustSailor]

You are in good hands mate, give Cotton and friends some time to respond. He is still around

 

[Britton30]

In post #68 Cottonball was still waiting for some results from Security Check.
I would advise you to avoid the Sports Event streaming site.

 

[cottonball]

darrenj1471,

If this infection has returned again, it is because all it takes to get infected is to visit a malicious website, click on a malicious advertisement/link, open a malicious attachment, or download a file which contains malware code. Security vulnerabilities on your computer's Operating System, or in a program like your web browser, can also be exploited.

This is the first time ever that I've had a third-timer!!


Regardless of what you plan to do, see if you can do what follows. You ran this program before, but it is continuously updated, so you need a new copy.

:info: Please go to the Farbar Recovery Scan Tool Download
Select the version that applies to your system.

Save it to your Desktop.http://www.sevenforums.com/
Double-click the downloaded file to run it.

When the tool opens click Yes to the disclaimer.
Press the Scan button.

FRST64 makes a log (FRST.txt) in the same directory from which the tool is run (Desktop).

Please provide the FRST.txt in your reply. <<---

The first time the tool is run, it also makes another log: Addition.txt
Also post the: Addition.txtin your reply.<<---

 

[cottonball]

Just read your last post mentioning you have no access. The above will nor work...

:info: One option..go back to Post #2, and use HitmanPro.KickStart again. It should get you in.


:info: Other options:

1. Do you have an installation CD/DVD for Windows 7?

2. If not, when you start the computer, tap the F8 key. Does the Advanced Boot Options menu appear? Do you have access to the Repair your computer menu item?

3. If none of the above are options, do you have access to a computer with a Windows 7 64-bit system, to create a System Repair Disk?

:ar: What is the exact name of the ransomware this time?

 

[darrenj1471]

Hi please could you review my other current thread where I have posted pics. I cannot get hitman to run as im now also having issues rendering things on screen ie the software loads up but all the buttons fail to show. get similar issue when trying to do rstrui through command prompt

 

[Britton30]

Best to have one thread for the same issue.

 

[darrenj1471]

I agree but this time the issue is worse as blue screen is displayed shortly after UKASH takes over ie when it throws the white lock screen. Also PC is exhibiting strange things when hitman or system restore is attempted.

The thread is here: http://www.sevenforums.com/system-security/306023-ukash-3rd-time.html

I dont have the jpgs with me to replicate in this thread but could do later when at home.

Currently the only PC I have access to is a laptop running Vista so I cannot get 64 bit version of HitmanPro but it seems the 32 bit has a x64 file in it?

 

[cottonball]

Posting in new thread:
http://www.sevenforums.com/system-security/306023-ukash-3rd-time.html#post2543072

Please reply there.