Windows Error Recovery after Ukash Virus

Status
Not open for further replies.

Edwin

New Member
Thread author
Verified
Jan 21, 2013
18
Ok. Have downloaded windows 7 on DVD but could not download Farbar on the same DVD so downloaded it separately on USB. Space on USB was too small to install all on it.

Anyway I managed to get to 'repair your computer' and get to screen ' system recovery options'. Have selected command prompt and ran de Farber recovery scan tool. The file frst.txt is saved to same flash drive.

What should I do now?
 

Fiery

Level 1
Jan 11, 2011
2,007
Can you attach the FRST log?

Click "new reply" and scroll down to the attachment section and attach the log.
 

Edwin

New Member
Thread author
Verified
Jan 21, 2013
18
Attached the first.text file
 

Attachments

  • FRST.txt
    28.4 KB · Views: 152

Fiery

Level 1
Jan 11, 2011
2,007
Hi,

You got a very nasty rootkit on your PC. Let's try to remove it.

on a clean PC, open notepad and copy & paste the following:

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-1755182418-364454814-3322880254-1000\$c614d3bf243a3fd7a4fd36cd3756874b
HKU\Edwin\...\Winlogon: [Shell] explorer.exe,C:\Users\Edwin\AppData\Roaming\skype.dat [84992 2011-11-16] ()

and save it as fixlist.txt onto your flash drive.

Then, boot to system recovery, plug in your flash drive, open FRST and click fix. Post any generated log after.

Then pull out the DVD and see if you can boot now.
 

Edwin

New Member
Thread author
Verified
Jan 21, 2013
18
We got it solved!! WOW

Computer is starting up again normally and all seems to be working well. Who would have thought. You maybe..

Thank you!!
 

Attachments

  • Fixlog.txt
    453 bytes · Views: 109

Fiery

Level 1
Jan 11, 2011
2,007
Very good! We are NOT out of the woods yet, there's still work to do :) We need to run a few more scans to make sure your PC is clean. I have only got it to boot up, but there may still be infection.

Please download ComboFix from one of these locations:

<a title="External link" href="http://download.bleepingcomputer.com/sUBs/ComboFix.exe" rel="external"><>Link 1</></a>
<a title="External link" href="http://www.infospyware.net/antimalware/combofix/" rel="external"><>Link 2</></a>

<>* IMPORTANT !!! Save ComboFix to your Desktop as ComboFix.exe</>
<ul>
<li>Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See <a title="External link" href="http://www.bleepingcomputer.com/forums/topic114351.html" rel="external">HERE</a> for help</li>
<li>Double click on Combo-Fix & follow the prompts.</li>
<li>As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's ly recommended to have this pre-installed on your machine before doing any malware removal.  It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.</li>
<li>Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.</li>
</ul>
**Please note: (This applies to Windows XP systems only) If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

<img src="http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif" alt="Posted Image" />
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

<img src="http://img.photobucket.com/albums/v706/ried7/whatnext.png" alt="Posted Image" />
Click on <>Yes</>, to continue scanning for malware.

When finished, ComboFix will produce a log.

<>Note:</>
1. Do not mouseclick combofix's window while it's running. That may cause it to stall!
2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet.
 
Last edited by a moderator:

Edwin

New Member
Thread author
Verified
Jan 21, 2013
18
Done. Attached the log
 

Attachments

  • ComboFix.txt
    24.9 KB · Views: 143

Fiery

Level 1
Jan 11, 2011
2,007
PC looking much better. A few more things we need to remove.

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool(For Vista or Windows 7, right-click and select Run as Administrator to start)
  • Click delete
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt




Please download Malwarebytes' Anti-Malware from here to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • When it prompts you to try their 30-day trail, click decline
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
 

Edwin

New Member
Thread author
Verified
Jan 21, 2013
18
Attached both log files. Looks like we are getting there :)
 

Attachments

  • AdwCleaner[S1].txt
    3.7 KB · Views: 128
  • mbam-log-2013-01-27 (00-13-40).txt
    1.9 KB · Views: 97

Fiery

Level 1
Jan 11, 2011
2,007
One last scan, this might take a while because it will scan your entire system (Don't worry, it won't be as slow as the Kaspersky scan :p). Let me know how your PC is running after the scan.

Run Eset NOD32 Online AntiVirus

Note: You will need to use Internet Explorer for this scan.
Vista / 7 users: You will need to to right-click on the Internet Explorer icon and select Run as Administrator
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Disable your current antivirus software. You can usually do this with its Notfication Tray icon near the clock.
  • Click Start
  • Make sure that the option "Remove found threats" is Un-checked, and the following Advance Settings are Checked
    • Scan unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • Re-enable your antivirus software.
  • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
 

Edwin

New Member
Thread author
Verified
Jan 21, 2013
18
When I ran it first time there was a log file but it was dated when I downloaded it and did not contain the results

I ran it a second time. Then went to show results and then selected the option to save it as a text file. In the directory you mentioned there is still no log file.

Attached is the file I saved.
 

Attachments

  • log.txt
    570 bytes · Views: 104

Edwin

New Member
Thread author
Verified
Jan 21, 2013
18
McAfee did an automatic scan of my laptop. 2 items were detected and fixed. Not sure if I can create log file but have added screen shots of the results.
 

Attachments

  • screenshot 2.jpg
    screenshot 2.jpg
    48.8 KB · Views: 118
  • screenshot 1.jpg
    screenshot 1.jpg
    19.7 KB · Views: 117

Fiery

Level 1
Jan 11, 2011
2,007
Good, no new detection really. The skype.dat was already quarantined by Combofix and the other is from having Java on your PC.

Judging from your logs, if you are no longer experiencing any other issues, your PC seems to be clean!

Download OTL by Old Timer from here and save it to your Desktop. Double click on OTL to run it
  • Click on the Cleanup button at the top.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes
  • This will remove itself and other tools we may have used.

Also, open adwCleaner and click Uninstall




Now that your PC is clean, I recommend you to create a new System Restore point then purge the old ones after.

For XP
How to create a Restore Point in XP
Delete all restore points except the most recent one

For Vista
Create a restore point
Delete all but the most recent restore point

For Windows 7
Create a restore point
Delete all but the most recent restore point - Click the Delete all but the most recent restore point link




Keep your system updated
  • Keeping your programs (especially Adobe and Java products) updated is essential. Update Checker will notify you if any of your programs require an update.
  • Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office product bugs and vulnerabilities.
  • Please ensure you update your system regularly and have automatic updates on. You can learn how to turn Automatic Updates on here


I also recommend you to switch your antivirus program to a better one. Here are some suggestions:

In addition to your antivirus, you need additional protection such as a firewall and behavioural blocker.


Other steps that you may want to do to further protect your system/files:
  • Sandboxie - "Quarantines" your browser so anything that you do in it will be isolated from your system.
  • Backup important files regulary to an external hard-drive or USB

Here are only a few suggestions that will improve your system security. Should you wish to allow us to make full recommendations and set your PC up with maximum security, please start a thread here. Our community of PC enthusiasts and experts will give you feedback and help you secure your system from future malware infections.


Internet Explorer may be the most popular browser but it's definitely not the most secure browser. Consider using other browsers with addition add-ons to safeguard your system while browsing the internet.

Firefox is a more secure, faster browser than Internet Explorer. Firefox contains less vulnerabilities, reducing the risk of drive-by downloads. In addition, you can add the following add-ons to increase security.
  • KeyScramber - Encrypts your keystrokes to protect you against keyloggers that steals personal & banking information
  • AdBlock - Disable/blocks advertisements on websites so you won't accidentally click on a malicious ad.
  • NoScript - Disables Flash & Java contents to avoid exploits or drive-by attacks
  • Web of Trust - Shows the website rating by other users and blocks dangerous and poor-rated sites

Google Chrome is another good browser that is faster and more secure than Internet Explorer by having a sandbox feature. Additionally, you can add the following add-on to Chrome to heighten security.


Lastly, it is important to perform system maintenance on a regular basis. Here are a few tools and on-demand scanners that you should keep & use every 1-2 weeks to keep your system healthy.

Other than that, stay safe out there! If you have any other questions or concerns, feel free to ask :)
 

Edwin

New Member
Thread author
Verified
Jan 21, 2013
18
Thank you so much. Followed all last instructions and am glad all is working again. Now have to ensure I keep it clean as it is.... Cheers.
 

kuttus

Level 2
Verified
Oct 5, 2012
2,697
This thread is now closed.​
Reason:&nbsp;<span style="color: #ff0000;">Resolved</span>

<span style="color: #ff0000;"><>The procedures contained in this thread are for this user and this user only.&nbsp;&nbsp;Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair.&nbsp;&nbsp;</></span>

<span style="color: #ff0000;"><>DO NOT use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.</></span>

All members requesting Malware Removal Assistance are required to follow all procedures in the thread
 
Last edited by a moderator:
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top