Windows Error Recovery after Ukash Virus

[Edwin]

Today I got the Ukash Virus - trojan ransom on my laptop. I shut the computer down and started in safe mode. However, now all i get is Windows Error Recovery.

I tried to start with HitmanPro Kickstart from USB. When I start computer I pres F12 to get to Boot Menu. I get USB Boot Options from HitmanPro on screen but after I select 1 and also 2 I get back to the message ' Windows Error Recovery'

What else to do?

 

[Fiery]

Hi and welcome to MalwareTips!

My name is Fiery and I would gladly assist you in removing the malware on your computer.

Before we start:

• Note that the removal process is not immediate. Depending on the severity of your infection, it could take a long time.
• Malware removal can be dangerous. I cannot guarantee the safety of your system as malware can be unpredictable. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system. Therefore, I would advise you to backup all your important files before we start.
• Please be patient and stay with me until I give you the green lights and inform you that your PC is clean.
• The absence of symptoms does not mean your PC is fully disinfected.
• If you are unclear about the instructions, please stop and ask. Following the steps in the order that I post them in is vital.
• Lastly, if you have requested help on other sites, that will delay and hinder the removal process. Please only stick to one site.

---

Download Farbar Recovery Scan Tool from the below link:
<ul><li>For x32 (x86) bit systems download <a title="External link" href="http://download.bleepingcomputer.com/farbar/FRST.exe" rel="nofollow external"><>Farbar Recovery Scan Tool</></a> and save it to a flash drive.
For x64 bit systems download <a title="External link" href="http://download.bleepingcomputer.com/farbar/FRST64.exe" rel="nofollow external"><>Farbar Recovery Scan Tool x64</></a> and save it to a flash drive.</li>

<li>Plug the flashdrive into the infected PC.</li>

<li>Enter <>System Recovery Options</>.</li>

<>To enter System Recovery Options from the Advanced Boot Options:</>
<ul>
<li>Restart the computer.</li>
<li>As soon as the BIOS is loaded begin tapping the<> F8</> key until Advanced Boot Options appears.</li>
<li>Use the arrow keys to select the <>Repair your computer</> menu item.</li>
<li>Select <>US</> as the keyboard language settings, and then click <>Next</>.</li>
<li>Select the operating system you want to repair, and then click <>Next</>.</li>
<li>Select your user account an click <>Next</>.</li>
</ul>
<>To enter System Recovery Options by using Windows installation disc:</>
<ul>
<li>Insert the installation disc.</li>
<li>Restart your computer.</li>
<li>If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.</li>
<li>Click <>Repair your computer</>.</li>
<li>Select <>US</> as the keyboard language settings, and then click <>Next</>.</li>
<li>Select the operating system you want to repair, and then click <>Next</>.</li>
<li>Select your user account and click <>Next</>.</li>
</ul>
<li>On the System Recovery Options menu you will get the following options:</span>
<pre>Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt</pre>
<ol>
<li>Select <>Command Prompt</></li>
<li>In the command window type in <>notepad</> and press <>Enter</>.</li>
<li>The notepad opens. Under File menu select <>Open</>.</li>
<li>Select "Computer" and find your flash drive letter and close the notepad.</li>
<li>In the command window type <><span style="color: #ff0000;">e</span>:\frst.exe</> (for x64 bit version type <><span style="color: #ff0000;">e</span>:\frst64</>) and press <>Enter</>
<>Note:</><span style="color: #ff0000;"> Replace letter <>e</> with the drive letter of your flash drive.</span></li>
<li>The tool will start to run.</li>
<li>When the tool opens click <>Yes</> to disclaimer.</li>
<li>Press <>Scan</> button.</li>
<li><>FRST</> will let you know when the scan is complete and has written the <>FRST.txt</> to file, close out this message, then type the following into the search box:
<>services.exe</></li>
<li>Now press the <>Search</> button</li>
<li>When the search is complete, search.txt will also be written to your USB</li>
<li>Type <>exit</> and reboot the computer normally</li>
<li>Please copy and paste both logs in your reply.(FRST.txt and Search.txt)</li></li>
</ol>
</ul>

 

[Edwin]

Thank for the response.
The Advanced Boots Options does not work - get message again ' windows error recover'
However, I do not have an installation disc. Just been reading on it and yep I should created when I got the laptop. The blessings of hindsight. Assume I can still create a installation disc but have not figured out yet without have access to my pc. Any suggestions?

 

[Fiery]

Hi, lets try this:

Please print these instruction out so that you know what you are doing

• Download OTLPENet.exe to your desktop
• Download Farbar Recovery Scan Tool and save it to a flash drive.
• Download List Parts and save it to the flash drive also.
• Ensure that you have a blank CD in the drive
• Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
• Reboot your system using the boot CD you just created.
  Note : If you do not know how to set your computer to boot from CD follow the steps here
• Wait for the CD to detect your hardware and load the operating system
• Your system should now display a Reatogo desktop
  Note : as you are running from CD it is not exactly speedy
• Insert the USB with FRST
• Locate the flash drive with FRST and double click
• The tool will start to run.
• When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
• Next click List Parts and then click Scan
  It will make a log Results.txt on the flash drive. Please copy and paste it to your reply.

 

[Edwin]

I can not copy the screen of the laptop but when I run the CD i se that Reatogo is starting. However, after a while a blue screen with white letters with the message:

" A problem has been detected and window has been shut down to prevent damage to your computer
If this ......

Technical Information
STOP: 0x0000007B (oxF78DA528, 0xc0000034, 0x00000000, 0x00000000)


After this message there is nothing I can do to make this message go away. If it helps I can type out the full text

 

[Fiery]

Yikes, that is bad news. Let see if you able to do this. Follow the instructions below to create a Kaspersky rescue disk.

http://malwaretips.com/Announcement-Computer-won-t-boot-up-Hard-to-remove-malware-Learn-how-to-create-and-use-a-Kaspersky-Rescue-Disk

Also, just to clarify, you aren't able to start in any safe mode?

 

[Edwin]

That is correct. Can not start in any safe mode

 

[Fiery]

Try the kasperky CD first, if not we will try a different method. Is your operating system windows 7 home premium? or ultimate?

 

[Edwin]

Home premium

 

[Edwin]

I got Kasperky running. When I go to My Update Center and Start Update I get message - Malfunction - the update source cannot be found

 

[Fiery]

Ok, Kaspersky disk can be buggy :/

Download Windows 7 home premium 64 bit from:

Then download: http://www.microsoftstore.com/store/msstore/html/pbPage.Help_Win7_usbdvd_dwnTool

NOTE: The steps below will erase everything on your USB so make sure you don't have any important files on it.

Install it the Windows 7 USB/DVD download tool. Open the program and it will prompt you to select a source file. Select the Windows 7 home premium 64 bit .iso file you just downloaded.

Select the correct USB device and click begin copying. Once it saids "USB device has been created successfully" download <a title="External link" href="http://download.bleepingcomputer.com/farbar/FRST64.exe" rel="nofollow external"><>Farbar Recovery Scan Tool x64</></a> and Download List Parts and save it to the flash drive also. save it to the flash drive with the window 7 .iso file.

Plug in your USB to your PC and select boot from USB. You will get to a screen like:

Click next and follow the prompts. When you get to:

Click Repair Your Computer. See if you are able to start Command Prompt from there. If so, run Farbar Recovery Scan Tool with the instructions above.

 

[Edwin]

think I solved that. connected to internet via wire and is now updating

 

[Fiery]

perfect, let me know how that goes

 

[Edwin]

I am running the Objects Scan now in Kapersky. Laptop is indicating that it takes 1 day to scan so it will take some time before I know if it is succesful or not.
I assume that I should wait with Downloading Window 7 as per earlier post until I have the results from Kapersky.

 

[Fiery]

Let it finish the scan if possible. Running from a CD isn't the fastest way to operate but we don't have many options. After the kaspersky scan, try booting to normal mode/ safe mode or system recovery. Let me know which you can boot to and which you can't.

If you can't boot to any of those, following the steps above about downloading windows 7

 

[Fiery]

Any progress?

 

[Edwin]

It took some time. After the computer scanned for 20 hours my 2 year old decided to unplug the power cord when I was not there. So had to start again ... Grrrrr

Anyway I completed the scan. Deleted 5 events. Now have green light again in Kapersky. However, the computer still does not start normally. Still same situation.

When I start the computer normally again it ofens with 'wndows error recovery'. When I press F8 the following options all lead back to start screen of 'window error recovery'. I get that when I select:
repair your computer
safe mode
safe mod with networking
safe mode with command prompt

So looks like the virus has corrupted the operating system.

Will now see if I can make a copy of my files using Kapersky and then follow the steps downloading windows 7

 

[Fiery]

Ah ok. Yes, backup your files then attempt the window 7 download.

Looks like this virus destroyed almost your entire operating system

 

[Edwin]

I wanted to start the instruction but realized it is not clear to me. See question marks in CAPITAL LETTERS.

Download Windows 7 home premium 64 bit from: http://msft.digitalrivercontent.net/win/X17-58997.iso
Then download: http://www.microsoftstore.com/store/msst...vd_dwnTool

DOWNLOAD ON INFECTED/CORRUPTED LAPTOP OR ANOTHER PC?

NOTE: The steps below will erase everything on your USB so make sure you don't have any important files on it.

Install it the Windows 7 USB/DVD download tool. Open the program and it will prompt you to select a source file. Select the Windows 7 home premium 64 bit .iso file you just downloaded.

Select the correct USB device and click begin copying. Once it saids "USB device has been created successfully" download Farbar Recovery Scan Tool x64 and Download List Parts and save it to the flash drive also. save it to the flash drive with the window 7 .iso file.

I DO NOT FULLY UNDERSTAND THE COPYING PART BUT WILL ASSUME IT WILL BE MORE CLEAR WHEN I ACTUALLY DO IT.

 

[Fiery]

Sorry for the confusion. Download the Windows 7 home premium 64 bit .iso file on a clean PC. Save it to your desktop.

Then download the Microsoft tool: http://www.microsoftstore.com/store/msst...vd_dwnTool. Install it and open it.

Find a USB and follow the prompts of the microsoft tool. Locate the source file (which will be the Windows 7 home premium 64 bit .iso file on your desktop) It will guide you to create a bootable USB with window 7 on it.