Bundes Polizei Ukash Ransom Virus

[Takel 1st MRB]

About 1 hr ago i got hit with this virus claiming i'd been caught by the german federal police for illegal activities including (and, seriously, get this shit) "viewing of pornographic material" (as if that's illegal), "child pornography, bestiality"./ The list goes on and threatens being reported to the local authorities unless you pay £100, (i've read that it's 100 euros in europe). Also, the screen is locked on this screen and you can't get off it, I tried the three fingered salute and logging off and on again + restarting and it just goes straight onto that screen, so i switched users and searched for a way to fuck it up. I didn't do anything of any importance except check the internet for some kind of solution but couldn't find one i was willing to trust (most seemed to be promoting some sort of anti-spyware stuff). However, now i don't get the screen and am runnig a full McAfee scan to get rid of any leftovers. Anyone have any ideas on a quicker way to get rid of this virus for good, i know some of you guys work as computer techies and stuff so i was hoping you'd have some kind of idea, i've checked the registries but am not familiar with them enough to risk changing shit (i've only used regedit once or twice under guidance) and the only tutorials for removing this virus i could find were all written for XP and i'm running Pissta.

Thanks in advance,

Jake

[Goodwin 1st MRB]

Sure.

First and foremost get rid of McAffee. Use Microsoft Security Essentials - it will save your system resources (a ton).

MSE: http://www.microsoft.com/security/pc-security/mse.aspx

Do not install MSE until AFTER we've cleaned up your PC.

Second.

Download the following utilities:

CCleaner: http://www.piriform.com/ccleaner

Combofix: http://www.bleepingcomputer.com/download/anti-virus/combofix

MalwareBytes: http://download.cnet.com/Malwarebytes-Anti...4-10804572.html

TDSSKiller: http://www.softpedia.com/get/Antivirus/TDSSKiller.shtml

If you can't get access to the internet from anything on your computer - you'll have to download these things and throw them on a thumb drive - then boot into safe mode so you can access the PC and work on it from there. Combofix can be ran in safemode without issue.

Place combofix.exe on the desktop (you'll use it straight from there)

Install CCleaner

Install MalwareBytes

place TDSSKiller.exe on the desktop (you'll use it straight from there as well)

Turn off all your Anti-virus programs (yes, all of it)

Run Combofix.exe - it will ask you if you want to install the system restore (if you don't have it installed you can click no)

It will run through a bunch of process - let it run. Eventually it will reboot your system - LET IT WORK!!

When it's finished it will produce a log file - if you want you can post that here, it will say what it deleted/found.

Once combofix has finished - open CCleaner

You should be on the cleaner tab; go to the very bottom of the menu at the left - select all of the unchecked boxes in the LAST group of settings (the bottom group in the left menu) except for the very last check box (leave it unchecked) - Run the cleaner

Close CCleaner

Run MalwareBytes - do a quick scan, then if it finds anything (yes, ANYTHING) run a full scan immediately following - reboot if prompted.

After your MalwareBytes scans finish close MalwareBytes

Open TDSSKiller; run the scan (close when done)

Open up CCleaner and select the "Registry" tab

Click to scan for issues - it will probably find a lot. Click to 'fix selected issues', create a backup of the registry and save it to C:\

Close CCleaner

Run Combofix again - this time it should come back clean.

Run MalwareBytes (quick scan) - again it should come back clean.

Install Microsoft Security Essentials - let it update and do a scan of your machine - if it finds ANYTHING, run a FULL scan immediately following (it may, but it's pretty unlikely it will find anything - but I have seen it happen)

You should be good to go at that point - and you'll be readily protected by Microsoft and their free anti-virus (that does a surprisingly good job of being easy on the resources, and actually protecting your machine).

Let us know if you run into hiccups or issues.

[Dillon 1st MRB]

Just quit looking at animal/midget/kiddie porn.

[Goodwin 1st MRB]

Just quit looking at animal/midget porn.

WORST ADVICE - EVER!

[Takel 1st MRB]

Thanks, i'll have to consult with my parents first though, they don't like me making any kind of change to the machine (even installing programs from disc). i'll do tommorrow during the day, won't have time this evening.

[Goodwin 1st MRB]

Thanks, i'll have to consult with my parents first though, they don't like me making any kind of change to the machine (even installing programs from disc). i'll do tommorrow during the day, won't have time this evening.

No problem, let them know these are quite 'standard' programs in use by IT companies worldwide :-P