uKash removal on W98 laptop - Help!
- Thread starter scuba_pup
- Start date
- Status
- Oct 5, 2012
- 2,697
Hi and welcome to the malwaretips.com forums!
I'm Kuttus and I am going to try to assist you with your problem. Please take note of the below:
Before we start:
Please be aware that removing malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.
Because of this, I advise you to backup any personal files and folders before you start.
<hr />
Stage -1
Stage -2
<hr />
What is the Operating system you are using?
After completing the scan start the computer in normal mode. Let me know the status after completing the scan...
I'm Kuttus and I am going to try to assist you with your problem. Please take note of the below:
- I will start working on your malware issues, this may or may not, solve other issues you have with your machine.
- The fixes are specific to your problem and should only be used for this issue on this machine!
- The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
- If you don't know, stop and ask! Don't keep going on.
- Please reply to this thread. Do not start a new topic.
- Refrain from running self fixes as this will hinder the malware removal process.
- It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
Before we start:
Please be aware that removing malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.
Because of this, I advise you to backup any personal files and folders before you start.
<hr />
Stage -1
- Download Norton Bootable Recovery Tool from this link.
- Save the Norton Bootable Recovery Tool on your computer Desktop.
- After completing the Download Open the File that you saved on the Desktop. It will start the Norton Download Manager as shown below.
http://123pcworld.com/MalwareTips/DownloadManager.PNG
- When the download finishes, the Norton Bootable Recovery Tool Wizard starts automatically.
- In the Norton Bootable Recovery Tool Wizard, click Agree & Install to accept the User License Agreement.
If you want to change the default install location, click Install Options, and then click Browse to locate the new install location.
- Follow the on-screen instructions to create the Norton Bootable Recovery Tool on a CD/DVD media or USB key.
http://123pcworld.com/MalwareTips/NBRT.PNG
- It will by Default Select your CD/DVD Writer , if it is not select your CD/DVD Writer and click on Next...
http://123pcworld.com/MalwareTips/NBRT-2.PNG
- Now you have to Insert a Blank CD/DVD into your CD/DVD Writer and press on Ok. It will take some time to complete the Bootable Recovery Drive Creation.
http://123pcworld.com/MalwareTips/NBRT-3.PNG
Stage -2
- Insert the recovery media in the infected computer and start your computer from the recovery media. The recovery media can be a Norton Bootable Recovery Tool CD, DVD, USB key.
Note : If you do not know how to set your computer to boot from CD follow the steps here - Read the License Agreement, type your product key, and then click I Agree. (I will send you product key in PM )
- In the Norton Bootable Recovery Tool window, click Norton Advanced Recovery Scan.
- Click Start Scan.
- When the scan finishes, remove the recovery media from the drive or USB port, and restart your computer.
<hr />
What is the Operating system you are using?
After completing the scan start the computer in normal mode. Let me know the status after completing the scan...
scuba_pup said:
Thanks for the directions. OS is XP SP3. Have no CD on this PC - so will need to burn ISO onto a disk at a friends.
kuttus said:
Klittus - am getting there! Have created the CD and burnt the ISO to it. Changed bios to boot from Disc and it has loaded the tool. Does it need to have internet access - as had disconnected from the router when the virus hit? Have other iDevices and PC on the home network.
Just starting the NARS.....
scuba_pup said:
Have run the scan - and left the it going. Came back and the computer was off. Booted to remove the CD, and left it to continue - will not boot past a few instructions on the start up. Reboot and press F2 and the computer turns off..
Sorry - being a complete dummy - battery had run out (forgot I disconnected from docking station). Will reboot onto CD and run scan.scuba_pup said:
kuttus said:Hmmm..
Plug the power cable and Run the scan anyway...Let me know the status at the end of the scan......
Scan has run - detected 4 torjan threats, fixed them all. Removed media and rebooted normally - still goes to the Screen Lock uKash.
- Oct 5, 2012
- 2,697
Please print these instruction out so that you know what you are doing
- Download OTLPENet.exe to your desktop
- Download Farbar Recovery Scan Tool and save it to a flash drive.
- Download List Parts and save it to the flash drive also.
- Ensure that you have a blank CD in the drive
- Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
- Reboot your system using the boot CD you just created.
Note If you do not know how to set your computer to boot from CD follow the steps here - Wait for the CD to detect your hardware and load the operating system
- Your system should now display a Reatogo desktop
Note as you are running from CD it is not exactly speedy - Insert the USB with FRST
- Locate the flash drive with FRST and double click
- The tool will start to run.
- When the tool opens click Yes to disclaimer.
- Press Scan button.
- It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
[]Next click List Parts and then click Scan
It will make a log Results.txt on the flash drive. Please copy and paste it to your reply.
kuttus said:
Thanks. Just a query - as the Norton Tool has given me access to the Drives in the PC - I can now see the USB drive. I already have a USB with Kickstarter and Hitman Pro on it. Not sure about the Kickstarter but the Hitmanpro should run from here. Is this a valid tool to try (as I will need to visit a friend again to build another boot disk)?
kuttus said:
Just run it and scan completed in 29 seconds with nothing found. Will continue with your instructions - have downloaded files ready - just to access to a CD burner now.
[attachment=3314][attachment=3315]
Kuttus, Please find attached the results of the scans: The CD ran on boot - I did not have to prompt it to boot from CD as I did previously.
I used RUN to get to the USB and ran FRST. and then ListParts (without BCD checked).
files are attached
kuttus said:
Kuttus, Please find attached the results of the scans: The CD ran on boot - I did not have to prompt it to boot from CD as I did previously.
I used RUN to get to the USB and ran FRST. and then ListParts (without BCD checked).
files are attached
- Oct 5, 2012
- 2,697
Okay Thank you...
On a clean PC, open notepad and copy & paste the following:
and save it as fixlist.txt onto your flash drive.
Then, boot to OTLPE, plug in your flash drive, open FRST and click fix. Post the generated log.
<hr>
While in OTLPE, double click the OTLPE icon.
On a clean PC, open notepad and copy & paste the following:
and save it as fixlist.txt onto your flash drive.
Then, boot to OTLPE, plug in your flash drive, open FRST and click fix. Post the generated log.
<hr>
While in OTLPE, double click the OTLPE icon.
- Select the Windows folder of the infected drive if it asks for a location.
- When asked Do you wish to load the remote registry, select Yes.
- When asked Do you wish to load remote user profile(s) for scanning, select Yes.
- Ensure the box Automatically Load All Remaining Users is checked and press OK.
- OTL should now start
- Click the Scan All Users checkbox.
- Change Standard Registry to All
- Check the boxes beside LOP Check and Purity Check
- Click on Run Scan at the top left hand corner.
- When done, two Notepad files will open.
- OTListIt.txt <-- Will be opened
- Extra.txt <-- Will be minimized
- Please post the contents of these 2 Notepad files in your next reply.
kuttus said:Okay Thank you...
On a clean PC, open notepad and copy & paste the following:
and save it as fixlist.txt onto your flash drive.
Then, boot to OTLPE, plug in your flash drive, open FRST and click fix. Post the generated log.
<hr>
While in OTLPE, double click the OTLPE icon.
- Select the Windows folder of the infected drive if it asks for a location.
- When asked Do you wish to load the remote registry, select Yes.
- When asked Do you wish to load remote user profile(s) for scanning, select Yes.
- Ensure the box Automatically Load All Remaining Users is checked and press OK.
- OTL should now start
- Click the Scan All Users checkbox.
- Change Standard Registry to All
- Check the boxes beside LOP Check and Purity Check
- Click on Run Scan at the top left hand corner.
- When done, two Notepad files will open.
- OTListIt.txt <-- Will be opened
- Extra.txt <-- Will be minimized
- Please post the contents of these 2 Notepad files in your next reply.
First log file
scuba_pup said:kuttus said:Okay Thank you...
On a clean PC, open notepad and copy & paste the following:
and save it as fixlist.txt onto your flash drive.
Then, boot to OTLPE, plug in your flash drive, open FRST and click fix. Post the generated log.
<hr>
While in OTLPE, double click the OTLPE icon.
- Select the Windows folder of the infected drive if it asks for a location.
- When asked Do you wish to load the remote registry, select Yes.
- When asked Do you wish to load remote user profile(s) for scanning, select Yes.
- Ensure the box Automatically Load All Remaining Users is checked and press OK.
- OTL should now start
- Click the Scan All Users checkbox.
- Change Standard Registry to All
- Check the boxes beside LOP Check and Purity Check
- Click on Run Scan at the top left hand corner.
- When done, two Notepad files will open.
- OTListIt.txt <-- Will be opened
- Extra.txt <-- Will be minimized
- Please post the contents of these 2 Notepad files in your next reply.
First log file
Opened OTLPE ver 3.1.48.0 and it does not have a Scan All Users checkbox.
Have Services (safelist), Drivers (safelist), Std Registry (safelist - will change to all), Extra Registry (None). have LOP and Purity checked. Only other options are Output (Std Output), File Age (30 days), USe Company Name Whitelist (unchecked), Skip MS files (unchecked) Use No Company Name Whitelist (checked), Files Created within (File Age), Files Mod within (File Age). Then of course the four options top left Run Scan being the most top left.:huh:
- Status
Similar threads
- Locked
- Locked