Hit by UKASH Virus - Completely Locked Down
Hello, I am running Windows 7 (64bit) on a Dell XPS. It has been hit by the UKASH Virus. This virus is so advanced that even when I boot in Safety Mode (with networking) the virus is still active. I have even booted from my OEM Windows 7 (64bit) cd and tried to recover the system files from the OEM CD. The recovery fails :-( Somehow the Virus prevents the Microsoft Recovery from writing operating system files back. It think it changes permissions on files so that they can't be overwritten. I my personal opinion the team that wrote this virus had access to MS Windows 7 source code. I am thinking former Microsoft employees. I will get back on Track now. Here is exactly what I see. 1. If I boot normally everything looks normal and the Windows 7 login screen comes up. After I login my desktop is replaced with a banner telling me that they are repoting me to the RCMP and have locked down the pc .... It will be unlocked if I pay them ransom money. Can we call this "ransomware"??? :0 Sounds like a form of extorsion and definately fraud. Go ahead and repot. Nothing illegal here. This virus is just a fund raising virus and is just trying to scare people into donating. Even if you pay the money you are still left with a locked out pc. So don't pay it! ... for the record ..I did not pay a cent. 2. I now boot into Safemode with Networking. After I login my desktop comes up with the same banner. Uggggg .. Safe mode is no longer safe. When I try to bring up the task manager (so that I can terminate the virus process so that I can get to work on removing the thing) on 1 or 2, an error comes up telling me that I do not have access. The virus removed my access. I have seen this with other viruses before so I will give this virus a -1 for copying from others. At this point I don't want to reformat the disk and re-install from scratch so I wanted to ask MicroSoft if they have a solution. I hear that this virus is going viral in Canada. BTW my system was patched with all the most recent MS Security Patches .. Even on the day it happened (May 16). I suspect that I am going to have to attack the thing from a dos prompt which is a pain. I am hoping to video the solution and put it up on YouTube for others. Note: the current solutions on YouTube are booting into safe mode .. but that does not work anymore .. virus modified. Thank You, Rob
May 18th, 2012 11:27am

Bob Use a working machine to download Windows Defender Offline. Download the appropriate 32-bit or 64-bit version here http://windows.microsoft.com/en-US/windows/what-is-windows-defender-offline?SignedIn=1&SignedIn=1 and burn a CD. Boot from the CD and run a full scan.
Free Windows Admin Tool Kit Click here and download it now
May 19th, 2012 3:41am

Hi, Please refer to the advice suggested by BurrWalnut. For information about Security updates, visit the Microsoft Virus Solution and Security Center for resources and tools to keep your PC safe and healthy. If you are having issues with installing the update itself, visit Support for Microsoft Update for resources and tools to keep your PC updated with the latest updates. Juke Chou TechNet Community Support
May 22nd, 2012 4:57am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics