Jump to content

Ransomeware - Police Ukash


Recommended Posts

Despite presence of Malwarebytes, SpyBot, Avast, all updated regularly, I fell prey to this nasty. Couldn't run anything, by using task manager to browse for programs I could download but not run dds etc. In case you haven't seen it, it displays a notice telling you the government/Police have locked the PC and insists you pay via link to Ukash to get unlocked.

Malwarebytes helpdesk did their best, but I couldn't run Malwarebytes far enough to have a log to send them, or run the reporting tools they suggested. I eventually rolled back to an earlier Roxio backup and have been doing nothing but scanning for bugs since. Fortunately all data is stored on another drive and all seems clean there. I'm aware the Ukash bug could have been sneaking about in the background for some time, so live in fear of it coming back. Does anyone know whether latest Malwarebytes updates spot this one?

Odd thing is, it's widely publicised on the web, almost every such page including a link to a fix tool to download free. Yeah, well, it scans free and then wants payment to fix the bug, which was roughly where I came in. So is this a scam or a valid fix? It sets itself up as Spyware Doctor and refers to PC Tools, but is it a wolf in sheep's clothing? I'm not silly, so don't click on anything unless I trust it.

Anyone out there fixed this one? Without a rebuild, that is! I found some advice involving substituting explorer.exe but machine froze too soon for me to implement it - don't want to reboot during a regedit really.

Compaq Mini netbook running XP Home btw.

Link to post
Share on other sites

Malwarebytes helpdesk did their best, but I couldn't run Malwarebytes far enough to have a log to send them, or run the reporting tools they suggested.

Hi, Diana01410: :)

Until an MBAM staffer arrives to answer some of your specific questions...

If you already have an open support ticket at the MBAM helpdesk, the best bet would probably be to stick with your expert helper there.

(We cannot work on malware-related issues in this particular sub-section of the forums.)

Thanks for your patience and understanding,

daledoc1

Link to post
Share on other sites

  • Staff

Since you were able to roll back your system and tools are now running, I would suggest proceeding to perform the scans and get the logs requested to submit to Support. They will be able to use those to determine if any trace of the infection remains and then assist you in removing it if it does.

Link to post
Share on other sites

Thanks for swift response - hadn't thought the test results would be relevant now, but will run them and submit under existing ticket.

I'd still like to know if anyone else has had this and how they got on.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.