Hello, I am running Windows 7 (64bit) on a Dell XPS. It has been hit by the UKASH Virus. This virus is so advanced that even when I boot in Safety Mode (with networking) the virus is still active. I have even booted from my OEM Windows 7 (64bit) cd and tried to recover the system files from the OEM CD. The recovery fails :-( Somehow the Virus prevents the Microsoft Recovery from writing operating system files back. It think it changes permissions on files so that they can't be overwritten. Here is exactly what I see. 1. If I boot normally everything looks normal and the Windows 7 login screen comes up. After I login my desktop is replaced with a banner telling me that they are repoting me to the RCMP and have locked down the pc .... It will be unlocked if I pay them ransom money. Can we call this "ransomware"??? :0 2. I now boot into Safemode with Networking. After I login my desktop comes up with the same banner. Uggggg .. Safe mode is no longer safe. When I try to bring up the task manager (so that I can terminate the virus process so that I can get to work on removing the thing) on 1 or 2, an error comes up telling me that I do not have access. The virus removed my access. I have seen this with other viruses before so I will give this virus a -1 for copying from others. At this point I don't want to reformat the disk and re-install from scratch so I wanted to ask MicroSoft if they have a solution. I hear that this virus is going viral in Canada. BTW my system was patched with all the most recent MS Security Patches .. Even on the day it happened (May 16). I suspect that I am going to have to attack the thing from a dos prompt which is a pain. I am hoping to video the solution and put it up on YouTube for others. Note: the current solutions on YouTube are booting into safe mode .. but that does not work anymore .. virus modified. Thank You, Rob

Bob Use a working machine to download Windows Defender Offline. Download the appropriate 32-bit or 64-bit version here http://windows.microsoft.com/en-US/windows/what-is-windows-defender-offline?SignedIn=1&SignedIn=1 and burn a CD. Boot from the CD and run a full scan.

Download and run the technician version of superantispyware (http://www.superantispyware.com/portablescannertech.html), run it in safe mode (NO networking) and let us know the results.www.pc-support.uk.com

Download and run the technician version of superantispyware (http://www.superantispyware.com/portablescannertech.html), run it in safe mode (NO networking) and let us know the results.www.pc-support.uk.com

Download and run the technician version of superantispyware (http://www.superantispyware.com/portablescannertech.html), run it in safe mode (NO networking) and let us know the results.www.pc-support.uk.com

Download and run the technician version of superantispyware (http://www.superantispyware.com/portablescannertech.html), run it in safe mode (NO networking) and let us know the results.www.pc-support.uk.com

Hello, I would like to thank everyone for responding!!! It is very appreciated. I followed BurrWalnut's advice and created a bootable USB with Defender on it. Kudos here . This was very easy to do. I booted from the USB. After booting the Defender menu came up and I think it already started the scan on its own. Very nice. It did find the UKash virus and removed what it could. I then thought I would give it a try and I booted the system up into full windows mode. The system came up and I was now able to log in to windows without my desktop being locked to the Ransomware screen. However, I was still unable to access TAsk Manager as admin. I then rebooted in "Safe Mode With Networking" and ran the regedit. I then removed all traces of the virus that I could find. I may have removed more than I should have as it was not always obvious to me what was virus and what was not. I then rebooted the entire system and logged in. I now seem to have all of my admin privilages again and everything seems fine. All my files are there. Then my system ran about 40 microsoft patches (probably because I tried to recover to an earlier instance at some point in time). I still don't completely trust the system and will go over it again just to make sure. I will make another post when I do this. Thank You, Robert

Hello, I would like to thank everyone for responding!!! It is very appreciated. I followed BurrWalnut's advice and created a bootable USB with Defender on it. Kudos here . This was very easy to do. I booted from the USB. After booting the Defender menu came up and I think it already started the scan on its own. Very nice. It did find the UKash virus and removed what it could. I then thought I would give it a try and I booted the system up into full windows mode. The system came up and I was now able to log in to windows without my desktop being locked to the Ransomware screen. However, I was still unable to access TAsk Manager as admin. I then rebooted in "Safe Mode With Networking" and ran the regedit. I then removed all traces of the virus that I could find. I may have removed more than I should have as it was not always obvious to me what was virus and what was not. I then rebooted the entire system and logged in. I now seem to have all of my admin privilages again and everything seems fine. All my files are there. Then my system ran about 40 microsoft patches (probably because I tried to recover to an earlier instance at some point in time). I still don't completely trust the system and will go over it again just to make sure. I will make another post when I do this. Thank You, Robert

Hello, I would like to thank everyone for responding!!! It is very appreciated. I followed BurrWalnut's advice and created a bootable USB with Defender on it. Kudos here . This was very easy to do. I booted from the USB. After booting the Defender menu came up and I think it already started the scan on its own. Very nice. It did find the UKash virus and removed what it could. I then thought I would give it a try and I booted the system up into full windows mode. The system came up and I was now able to log in to windows without my desktop being locked to the Ransomware screen. However, I was still unable to access TAsk Manager as admin. I then rebooted in "Safe Mode With Networking" and ran the regedit. I then removed all traces of the virus that I could find. I may have removed more than I should have as it was not always obvious to me what was virus and what was not. I then rebooted the entire system and logged in. I now seem to have all of my admin privilages again and everything seems fine. All my files are there. Then my system ran about 40 microsoft patches (probably because I tried to recover to an earlier instance at some point in time). I still don't completely trust the system and will go over it again just to make sure. I will make another post when I do this. Thank You, Robert

Hello, I would like to thank everyone for responding!!! It is very appreciated. I followed BurrWalnut's advice and created a bootable USB with Defender on it. Kudos here . This was very easy to do. I booted from the USB. After booting the Defender menu came up and I think it already started the scan on its own. Very nice. It did find the UKash virus and removed what it could. I then thought I would give it a try and I booted the system up into full windows mode. The system came up and I was now able to log in to windows without my desktop being locked to the Ransomware screen. However, I was still unable to access TAsk Manager as admin. I then rebooted in "Safe Mode With Networking" and ran the regedit. I then removed all traces of the virus that I could find. I may have removed more than I should have as it was not always obvious to me what was virus and what was not. I then rebooted the entire system and logged in. I now seem to have all of my admin privilages again and everything seems fine. All my files are there. Then my system ran about 40 microsoft patches (probably because I tried to recover to an earlier instance at some point in time). I still don't completely trust the system and will go over it again just to make sure. I will make another post when I do this. Thank You, Robert

Ukash is a well known company that is used for swift payments but many hackers are using this legitimate name to scare users or prompting them into sharing their funds with fraudsters. May be this is the way by which you get infected with this rouge application. The Ukash Virus is a ransomware Trojan that is composed of a Winlocker component, whose main goal is to block the accessing of infected system.This badware will send scary messages that you are involved in some illegal activities and you have to pay the fine. It seem that the messages are provided by government but this is the tactics of the fraudsters to rip of money from the users. But there is no need to worry more about this malware because they can be easily removed. Since there is also a manual removal way that ensures the removal of this badware but this one is a complete technical process and doesn't ensure in complete removal of the badware from the system. The best, advanced way to remove Ukash Virus from system is by using the advanced Ukash Virus Removal Tool. The software is the most advanced and powerful removal tool that ensures the complete removal of the badware from the system. I am also threatened by this virus and used the manual removal process that neither results in the removal and also damaged my system after that i used the removal tool that ensures the complete removal and also improves the system's speed. If need more information on how to remove Ukash Virus then you can visit : spywareremovalguide.org

Ukash is a well known company that is used for swift payments but many hackers are using this legitimate name to scare users or prompting them into sharing their funds with fraudsters. May be this is the way by which you get infected with this rouge application. The Ukash Virus is a ransomware Trojan that is composed of a Winlocker component, whose main goal is to block the accessing of infected system.This badware will send scary messages that you are involved in some illegal activities and you have to pay the fine. It seem that the messages are provided by government but this is the tactics of the fraudsters to rip of money from the users. But there is no need to worry more about this malware because they can be easily removed. Since there is also a manual removal way that ensures the removal of this badware but this one is a complete technical process and doesn't ensure in complete removal of the badware from the system. The best, advanced way to remove Ukash Virus from system is by using the advanced Ukash Virus Removal Tool. The software is the most advanced and powerful removal tool that ensures the complete removal of the badware from the system. I am also threatened by this virus and used the manual removal process that neither results in the removal and also damaged my system after that i used the removal tool that ensures the complete removal and also improves the system's speed. If need more information on how to remove Ukash Virus then you can visit : spywareremovalguide.org

Ukash is a well known company that is used for swift payments but many hackers are using this legitimate name to scare users or prompting them into sharing their funds with fraudsters. May be this is the way by which you get infected with this rouge application. The Ukash Virus is a ransomware Trojan that is composed of a Winlocker component, whose main goal is to block the accessing of infected system.This badware will send scary messages that you are involved in some illegal activities and you have to pay the fine. It seem that the messages are provided by government but this is the tactics of the fraudsters to rip of money from the users. But there is no need to worry more about this malware because they can be easily removed. Since there is also a manual removal way that ensures the removal of this badware but this one is a complete technical process and doesn't ensure in complete removal of the badware from the system. The best, advanced way to remove Ukash Virus from system is by using the advanced Ukash Virus Removal Tool. The software is the most advanced and powerful removal tool that ensures the complete removal of the badware from the system. I am also threatened by this virus and used the manual removal process that neither results in the removal and also damaged my system after that i used the removal tool that ensures the complete removal and also improves the system's speed. If need more information on how to remove Ukash Virus then you can visit : spywareremovalguide.org

Don't bother with all the geeky stuff, start computer in safe mode with networking (keep hitting F8 when you switch on) screen looks odd with big icons but carry on, down load Malwarebytes the freeware version and do a full scan, this could take a couple of hours. It got rid of this horrible virus off my machine and cost nothing. :-) Happy cleaning Cumpygrunt

Don't bother with all the geeky stuff, start computer in safe mode with networking (keep hitting F8 when you switch on) screen looks odd with big icons but carry on, down load Malwarebytes the freeware version and do a full scan, this could take a couple of hours. It got rid of this horrible virus off my machine and cost nothing. :-) Happy cleaning Cumpygrunt

Don't bother with all the geeky stuff, start computer in safe mode with networking (keep hitting F8 when you switch on) screen looks odd with big icons but carry on, down load Malwarebytes the freeware version and do a full scan, this could take a couple of hours. It got rid of this horrible virus off my machine and cost nothing. :-) Happy cleaning Cumpygrunt

just using the malwarebytes resolution now.... seems to be working. Bit concerned that my anti-virus package didn't stop it if its a well known bug

just using the malwarebytes resolution now.... seems to be working. Bit concerned that my anti-virus package didn't stop it if its a well known bug

just using the malwarebytes resolution now.... seems to be working. Bit concerned that my anti-virus package didn't stop it if its a well known bug

yep, the malwarebytes solution worked :)

yep, the malwarebytes solution worked :)

yep, the malwarebytes solution worked :)

Don't bother with all the geeky stuff, start computer in safe mode (keep hitting F8 when you switch on) screen looks odd with big icons but carry on, go to computer repair and just do a system restore !!! worked for me :-)

Don't bother with all the geeky stuff, start computer in safe mode (keep hitting F8 when you switch on) screen looks odd with big icons but carry on, go to computer repair and just do a system restore !!! worked for me :-)

Don't bother with all the geeky stuff, start computer in safe mode (keep hitting F8 when you switch on) screen looks odd with big icons but carry on, go to computer repair and just do a system restore !!! worked for me :-)

My problem is I can not even get to safe mode. I am totally locked out of my laptop. I tried to boot with a bootable disk with avg it ran and said it cleaned up my system but it did not. At the moment I have the hard drive out and have connected it as an external drive to my pc and using pc's malware bytes to clean it up. Hopefully it will work.

My problem is I can not even get to safe mode. I am totally locked out of my laptop. I tried to boot with a bootable disk with avg it ran and said it cleaned up my system but it did not. At the moment I have the hard drive out and have connected it as an external drive to my pc and using pc's malware bytes to clean it up. Hopefully it will work.

My problem is I can not even get to safe mode. I am totally locked out of my laptop. I tried to boot with a bootable disk with avg it ran and said it cleaned up my system but it did not. At the moment I have the hard drive out and have connected it as an external drive to my pc and using pc's malware bytes to clean it up. Hopefully it will work.

I am in the middle of trying to remove this virus right now. At first I couldn't get past the warning screen (safe mode didn't work for me either), I couldn't even get task manager up & running. But I found that if you hit ctrl+alt+delete immediately after logging in you can get task manager up.

I am in the middle of trying to remove this virus right now. At first I couldn't get past the warning screen (safe mode didn't work for me either), I couldn't even get task manager up & running. But I found that if you hit ctrl+alt+delete immediately after logging in you can get task manager up.

I am in the middle of trying to remove this virus right now. At first I couldn't get past the warning screen (safe mode didn't work for me either), I couldn't even get task manager up & running. But I found that if you hit ctrl+alt+delete immediately after logging in you can get task manager up.

Hello Rob, These type of malware attacks are difficult to keep up with because they trick you into letting them install. They usually come from an infected web site, and usually through an advertisement. You get a pop-up from the infection and you click it to close the pop-up - which allows the infection to install. They can also be delivered in a "drive-by" fashion with no action needed by the user due to the system being unpatched, no matter what security software is running. When you encounter one of these fake virus pop-ups while browsing, immediately do the following: -Do not touch any browser window to close it or browse further. -Use the key combination <ALT>+<F4> to close all running programs, especially the web browser --or-- -Immediately press Ctrl-Alt-Del and bring up Task Manager and forcibly end all instances of iexplore.exe, if using Internet Explorer, or the executable for your browser for any other web browser. --or-- -Go to Start/Shut Down and restart the PC without touching any browser windows. -If you used task manager to close browser instances, reboot the machine. -Then go to Control Panel/Internet Options and delete all temporary Internet Files and cookies. If you are using an alternate web browser, open the browser settings to do the same - delete the local cached files and cookies. -Perform a full scan with MSE. The above steps should prevent the infection from taking hold. Start here - https://support.microsoftsecurityessentials.com/ and select the link that says - I think my computer is infected. Options will vary by region, but phone support leads you to Microsoft Answer Desk (http://www.answerdesk.com/) in the US at this time. After an initial free consultation, a fee will be charged for assistance, based on the details of the case. This web site - http://www.2-remove-virus.com - contains details for many of these common infections, often immediately after they began to appear in the wild, and instructions are provided for how to remove the infections using their malware removal guides. You may wish to download (on an uninfected PC) one or more of the following rescue scanners to create bootable media to scan the infected PC (list courtesy of forum member, GreginMich,Stephen Boots): http://windows.microsoft.com/en-US/windows/what-is-windows-defender-offline http://support.kaspersky.com/viruses/rescuedisk?level=2 http://www.f-secure.com/en_EMEA-Labs/security-threats/tools/rescue-cd/ http://www.bitdefender.com/support/How-to-create-a-BitDefender-Rescue-CD-627.html http://www.avira.com/en/support-download-avira-antivir-rescue-system http://www.avg.com/us-en/avg-rescue-cd-download http://www.freedrweb.com/livecd/ http://www.superantispyware.com/portablescanner.html http://support.kaspersky.com/faq/?qid=208283363

Hello Rob, These type of malware attacks are difficult to keep up with because they trick you into letting them install. They usually come from an infected web site, and usually through an advertisement. You get a pop-up from the infection and you click it to close the pop-up - which allows the infection to install. They can also be delivered in a "drive-by" fashion with no action needed by the user due to the system being unpatched, no matter what security software is running. When you encounter one of these fake virus pop-ups while browsing, immediately do the following: -Do not touch any browser window to close it or browse further. -Use the key combination <ALT>+<F4> to close all running programs, especially the web browser --or-- -Immediately press Ctrl-Alt-Del and bring up Task Manager and forcibly end all instances of iexplore.exe, if using Internet Explorer, or the executable for your browser for any other web browser. --or-- -Go to Start/Shut Down and restart the PC without touching any browser windows. -If you used task manager to close browser instances, reboot the machine. -Then go to Control Panel/Internet Options and delete all temporary Internet Files and cookies. If you are using an alternate web browser, open the browser settings to do the same - delete the local cached files and cookies. -Perform a full scan with MSE. The above steps should prevent the infection from taking hold. Start here - https://support.microsoftsecurityessentials.com/ and select the link that says - I think my computer is infected. Options will vary by region, but phone support leads you to Microsoft Answer Desk (http://www.answerdesk.com/) in the US at this time. After an initial free consultation, a fee will be charged for assistance, based on the details of the case. This web site - http://www.2-remove-virus.com - contains details for many of these common infections, often immediately after they began to appear in the wild, and instructions are provided for how to remove the infections using their malware removal guides. You may wish to download (on an uninfected PC) one or more of the following rescue scanners to create bootable media to scan the infected PC (list courtesy of forum member, GreginMich,Stephen Boots): http://windows.microsoft.com/en-US/windows/what-is-windows-defender-offline http://support.kaspersky.com/viruses/rescuedisk?level=2 http://www.f-secure.com/en_EMEA-Labs/security-threats/tools/rescue-cd/ http://www.bitdefender.com/support/How-to-create-a-BitDefender-Rescue-CD-627.html http://www.avira.com/en/support-download-avira-antivir-rescue-system http://www.avg.com/us-en/avg-rescue-cd-download http://www.freedrweb.com/livecd/ http://www.superantispyware.com/portablescanner.html http://support.kaspersky.com/faq/?qid=208283363

Hey guys, I've been hit by the Ukash virus and im completely locked out. I tried using the windows defender but no luck. It detects 14 bugs but when i try to delete them the program cannot find them. Any advice?

i don't know if this will work for you but it worked for me. I kept hitting the windows key on the keyboard, bringing up the taskbar for a very short time, and launching programs (a ton of them) via the quick launcher, or the start menu (open automatically with the windows key) Then, when i have a LOT of windows open, i do ctrl+alt+suppr and i chose "close session" Because it should take some time before closing everything, Windows 7 will ask you if you want to close all the remaining programs or cancel closing the session. Wait till the ukash window in background is closed, and then rush to press "cancel". Now you should have the session open without ukash, and you can download spyhunter/malwarebytes to remove ukash permanently...

Hello there I hit the F8 before pc started. When I had the main screen witk all my icons, I went to programs, + Accessories + System tools + System retore and restored to an earlier date. To my surprise, solved the problem.