Author Topic: Encrypted Files after Ukash attack  (Read 9054 times)

0 Members and 1 Guest are viewing this topic.

Offline John D W

  • Newbie
  • *
  • Join Date: Jan 2013
  • Posts: 3
  • Karma: 0
    • View Profile
Encrypted Files after Ukash attack
« on: January 22, 2013, 02:50:34 pm »
Hi,

My Laptop was recently the victim of the Ukash Virus (ransomware). My AVG antivirus didn't detect it. It was daft of me not to back up files. I eventally managed to get control of my PC by booting in safe mode and going to a restore point.

All looked good until I tried opening files. Jpeg,PDF,Word are all infected in some way and won't open.

I have Windows 7 (64 Bit). I've checked various forums and took advice which has included running all sorts of repairs software including the windows repair (tweeking). I still have the same problems. Also I notice the favourites don't open in IE 9. I also continuously get a pop up saying a program keeps trying to change my Internet settings. It's in a right mess. Any help/suggestions would be much appreciated.

JD

Offline Shane

  • Administrator
  • Hero Member
  • *****
  • Join Date: Sep 2011
  • Posts: 9281
  • Location: USA
  • Karma: 137
  • "Knowledge should be shared not hidden."
    • View Profile
Re: Encrypted Files after Ukash attack
« Reply #1 on: January 22, 2013, 04:48:00 pm »
You may still have a rootkit on the system

Have you ran these tools yet?

1. TDSSkiller.exe
2. Malwarebytes anti root kit beta
3. combofix.exe

Shane

Offline John D W

  • Newbie
  • *
  • Join Date: Jan 2013
  • Posts: 3
  • Karma: 0
    • View Profile
Re: Encrypted Files after Ukash attack
« Reply #2 on: January 23, 2013, 02:46:19 am »
Thanks for the advice Shane,

So Far I have tried Commodo Cleaning Essentials CCE, TDSS Killer and Rkill, Threats were found and I assume they were deleted. They advise to disable any antivirus programs, which I did although my antivirus automatically kicks back in on start up. Obviously this problem is in two stages. Finding and eliminating the threats and then repairing the damage done. I'll run the programs you suggested to make sure all is clean but then I need to be able to fix (if possible) the damaged files. All the various virus detection programs are building up on my PC. Can they effect each other. Should I remove them after trying them?

Offline John D W

  • Newbie
  • *
  • Join Date: Jan 2013
  • Posts: 3
  • Karma: 0
    • View Profile
Re: Encrypted Files after Ukash attack
« Reply #3 on: January 23, 2013, 05:03:23 am »
Hi Shane,
I've tried the programs you mentioned. Malwarebytes found threats and cleaned them. Combofix fix found a critical threat but wanted me to register and pay to get rid of it. These damn programs are a "virus" and a scam in themselves. Each find different threats and some scare you so you'll buy their product. Are there any genuine products available that work and don't charge. How do I know if a program has really found a threat when it could just be a sales scam ?

Offline Shane

  • Administrator
  • Hero Member
  • *****
  • Join Date: Sep 2011
  • Posts: 9281
  • Location: USA
  • Karma: 137
  • "Knowledge should be shared not hidden."
    • View Profile
Re: Encrypted Files after Ukash attack
« Reply #4 on: January 23, 2013, 03:59:26 pm »
Combofix is free and I never heard of a pro, did you get it from here? If not you may have grabbed the wrong one :wink:

http://www.bleepingcomputer.com/download/combofix/

Shane