Need assistance with removal Ukash virus or malware

kuttus

Level 2
Verified
Oct 5, 2012
2,697
Stage -1
  • Download Norton Bootable Recovery Tool from this link.
  • Save the Norton Bootable Recovery Tool on your computer Desktop.
  • After completing the Download Open the File that you saved on the Desktop. It will start the Norton Download Manager as shown below.

    http://123pcworld.com/MalwareTips/DownloadManager.PNG
  • When the download finishes, the Norton Bootable Recovery Tool Wizard starts automatically.
  • In the Norton Bootable Recovery Tool Wizard, click Agree & Install to accept the User License Agreement.

    If you want to change the default install location, click Install Options, and then click Browse to locate the new install location.
  • Follow the on-screen instructions to create the Norton Bootable Recovery Tool on a CD/DVD media or USB key.

    http://123pcworld.com/MalwareTips/NBRT.PNG
  • It will by Default Select your CD/DVD Writer , if it is not select your CD/DVD Writer and click on Next...

    http://123pcworld.com/MalwareTips/NBRT-2.PNG
  • Now you have to Insert a Blank CD/DVD into your CD/DVD Writer and press on Ok. It will take some time to complete the Bootable Recovery Drive Creation.

    http://123pcworld.com/MalwareTips/NBRT-3.PNG


Stage -2
  • Insert the recovery media in the infected computer and start your computer from the recovery media. The recovery media can be a Norton Bootable Recovery Tool CD, DVD, USB key.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • Read the License Agreement, type your product key, and then click I Agree. (I will send you product key in PM )
  • In the Norton Bootable Recovery Tool window, click Norton Advanced Recovery Scan.
  • Click Start Scan.
  • When the scan finishes, remove the recovery media from the drive or USB port, and restart your computer.

<hr />
 

chris

New Member
Thread author
Verified
May 15, 2013
21
hi Kuttus,
When I ran the Norton recovery Boot disk, I get a 0 Total items scanned and 0 Total risks detected. I rescan again and I get an error box ¨NBRT.EXE - Application Error - The instruction at 0x73f5f5d9 referenced memory at 0x00000000. The memory could not be read.¨
 

kuttus

Level 2
Verified
Oct 5, 2012
2,697
Chris, this BSOD issue may be something related with your computer hardware also... Lets see what we can do on this case...
 

chris

New Member
Thread author
Verified
May 15, 2013
21
The BSOD was what I got after I ran the Kaspersky recovery boot disk and after it had quarantined some virus. I rebooted my computer a couple of times because it would not bring up my login screen. And that is when I got the bsod.
 

chris

New Member
Thread author
Verified
May 15, 2013
21
I have a screenshot from the Kaspersky Rescue Disk scan:
 

Attachments

  • 2013-05-21_23.08.25.jpg
    2013-05-21_23.08.25.jpg
    136.2 KB · Views: 108

chris

New Member
Thread author
Verified
May 15, 2013
21
I cannot boot up and I cannot remove with Kaspersky so how l do I remove the java files?
 

kuttus

Level 2
Verified
Oct 5, 2012
2,697
  1. Turn on or restart the computer.
  2. Press and tap the F8 key about every second until you see the Advanced Boot Options.
  3. Select Repair your computer and press Enter.
  4. Select your keyboard language preferences and click on Next.
  5. Select your user name and type in the password, and then click on OK.
  6. Select the option “Command promt and press enter.
  7. You will get a command prompt window. Type the following command the command prompt
1)      X:\Sources> Bcdedit /export C:\BCD_Backup 
2)      X:\Sources> C:                            { Change the drive to c: } 
3)      C:\ cd boot                                  { Access boot directory } 
4)      C:\ boot\ attrib bcd -s -h –r         
5)      C:\ boot\ ren bcd  bcd.old   
6)      C:\boot\Bootrec /rebuildbcd       { You will get a prompt  “  To add the entry to the BCD store ”, type  Yes.   Just type “ Y “ and press ENTER } 
7)      Restart the computer. 
 

chris

New Member
Thread author
Verified
May 15, 2013
21
No luck. After the restart, it seems promising because it load the ¨Starting Windows logo¨ but then it goes back to the bsod.
 

chris

New Member
Thread author
Verified
May 15, 2013
21
I am afraid that is not available. And what are we going to do with it? Will my HP Restore Plus not help?
 

kuttus

Level 2
Verified
Oct 5, 2012
2,697
Now please download this file and save it to your Flash Drive.

[attachment=4581]

Then, boot to system recovery, plug in your flash drive, open FRST and click fix. Post the generated log. Then attempt to boot to normal mode.


If you are still not able to boot the computer send me a Fresh FRST log file also.....
 

Attachments

  • fixlist.txt
    77 bytes · Views: 96

chris

New Member
Thread author
Verified
May 15, 2013
21
hi Kuttus,
here is the fixlog and the new FRST log.
 

Attachments

  • Fixlog.txt
    478 bytes · Views: 90
  • FRST.txt
    12.7 KB · Views: 90

kuttus

Level 2
Verified
Oct 5, 2012
2,697
Now please download this file and save it to your Flash Drive.


[attachment=4603]

Then, boot to system recovery, plug in your flash drive, open FRST and click fix. Post the generated log. Then attempt to boot to normal mode.
 

Attachments

  • fixlist.txt
    431 bytes · Views: 97

chris

New Member
Thread author
Verified
May 15, 2013
21
Hi Kuttus,
Here is the new fixlist log and FRST log. When I run FRST tool, I noticed that there are 3 unchecked options at the bottom of the tool window. There are List.BCD, Drivers MD5 and Addition.txt. Is that normal?
 

Attachments

  • Fixlog.txt
    667 bytes · Views: 89
  • FRST.txt
    12.4 KB · Views: 113

chris

New Member
Thread author
Verified
May 15, 2013
21
hi Kuttus,

do we have anymore options? if not, then I´ll just go ahead reformat if possible.
thank you for all the help. wish it was a better outcome.
Thank you again.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top