how to get rid of UKASK ransome virus

[steve good]

QUOTE (Sportsman @ Apr 4 2012, 09:55 AM)

I have just got my PC back up and running after a particularly nasty ransomware trojan took it over. It was purporting to be from the French Gendarmerie and said that my computer had been blocked for downloading movies illegally. The only way I could unblock it was by sending them 100Euro.

The question is how do I stop it happening again?

 

I am running Windows 7 Home Premium

My normal virus protection is Microsoft Security Essentials which was running OK as far as I know.

I scan every week with Malwarebytes

Since this episode I have added Adaware antivirus and a firewall from Comodo.

Will this help or is there anything else I could be doing?

Thanks

Dave

 

 

 

This one is easy to get rid of.

 

Switch on computer tapping the F8 key to start up in safe mode

Select safe mode with Command Prompt

When that comes up type in using capitals MSCONFIG and press enter

You will then get another box and select the one marked START UP and click that tab

Look down the list of start up programmes and uncheck all the ones that look doddy, dont worry because you can turn them back

When you look down the list you will see what I mean, after selecting/unchecking the doddy ones click apply

You will be asked to restart your computer click ok and it will do it for you

when your computer restarts go on line and down load updates for Malwarebytes and run it

Its as simple as that

Edited June 24, 2012 by steve good

[Andy_1984]

the file name of those types of virus are usually random characters and digits like: ghw3f.exe so they are even easier to spot.

 

sometimes those type of virus dont hide in the startup menu in msconfig. there is another startup "folder"

 

to navigate to it you might need to enable "show hidden files and folders" in tools > folder options > view.

 

startup folder can be found here: C:\Users\your_account\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

 

 

if you do find it in msconfig and disable it its also best to find out its location and delete the file. msconfig shows you the folder location.

[peterpikefisher]

get some decent antivirus software like Eset Smart Suite (the one most Hackers use)

 

i have been using it for 6 years and ain't had any virus/trojans /spy-ware/malware etc.

[Andy_1984]

even with the best anti virus theres still the chance of virus getting through at some point.

[Steve Walker]

One of my machines got hit with ransomware a few months back, and it did a real number on it - machine wouldn't boot into safe mode, couldn't log in under any account other than the compromised one. I ended up using a bootable Linux DVD to move the data to a spare partition and then wiping it.

[corydoras]

One of my machines got hit with ransomware a few months back, and it did a real number on it - machine wouldn't boot into safe mode, couldn't log in under any account other than the compromised one. I ended up using a bootable Linux DVD to move the data to a spare partition and then wiping it.

You should have posted on here mate, then I could have told you about the Kaspersky Rescue Disk. Burn that ISO image onto a CD or USB memory stick, boot it up in text mode, select "unlock windows" from the menu, job done.

 

Youtube Video ->

[Steve Walker]

To be honest, it was still running XP and wouldn't run Win7. Sticking Linux on it was the best thing for it.

[Chris Goddard]

get some decent antivirus software like Eset Smart Suite (the one most Hackers use)

 

i have been using it for 6 years and ain't had any virus/trojans /spy-ware/malware etc.

 

 

Ditto!! The ONLY problem I have in act is when I come to re-new the damn thing!! I have to let EST have my PC and they do fix it. They also get rid of ANYTHING which should not be there too! DAMn good service.<And they still let me use the UK site to communicate as opposed to the French site for everything else!!