Virus Locked My Computer - Help!

yoyo

These UKash viruses are not the kind to be too worried about, there is zero evidence that keyloggers or other associated software is installed alongside these viruses. These are essentially "ransomware" set out to employ scare tactics into making people hand over money, there is no evidence these viruses would require a full format to properly disinfect. In fact, viruses/malware that employ keyloggers generally stay quiet so as to not alert the user of a possible infection (which would be counter productive).
With regards to anti virus scanner ratings, take these tests with a pinch of salt. No AV no matter how fancy it is will be guaranteed to detect new zero day exploits. I only recently had to remove a ransomware off an "up to date" Kaspersky Internet Security protected computer.
The main source for these malware infections comes from insecure systems (I.e: Windows or Mac OS systems that are not kept up to date) or from browser plugins not kept up to date (Internet Browsers, Java, Flash, Acrobat Reader etc.). While infection is also possible from opening dodgy email attachments or downloaded files, these viruses seem to mainly originate due to flaws within the system/plugins.
From a network security point of view dealing with worms/spreading viruses a format may be no harm, but for these ransomwares it just adds more unnecessary time and effort to removing the virus. Newer versions of windows Vista upwards employ similar levels of security as seen in Linux and Mac (User Account Control) which restricts the viruses ability to heavily infect systems, so I would strongly advise user's leave UAC on at the default level as a result.
And lastly don't believe in the paranoia Anti virus companies keep spreading, the more paranoid they can make you, the more sales they make so .
Also with regards to rootkits, GMER is pretty good at picking them up,

Nick

Gonzovision

Download combofix from bleeping computer and put it on a usb stick or hard drive. Boot into safe mode with command prompt. Press ctrl, shift and escape. New task, browse to the usb and run combofix.

When the machine reboots into windows after the scan, run mlawarebytes and an eset online scan. I've done several of these over the last few weeks.

yoyo

yoyo wrote: »

These UKash viruses are not the kind to be too worried about, there is zero evidence that keyloggers or other associated software is installed alongside these viruses. These are essentially "ransomware" set out to employ scare tactics into making people hand over money, there is no evidence these viruses would require a full format to properly disinfect. In fact, viruses/malware that employ keyloggers generally stay quiet so as to not alert the user of a possible infection (which would be counter productive).
With regards to anti virus scanner ratings, take these tests with a pinch of salt. No AV no matter how fancy it is will be guaranteed to detect new zero day exploits. I only recently had to remove a ransomware off an "up to date" Kaspersky Internet Security protected computer.
The main source for these malware infections comes from insecure systems (I.e: Windows or Mac OS systems that are not kept up to date) or from browser plugins not kept up to date (Internet Browsers, Java, Flash, Acrobat Reader etc.). While infection is also possible from opening dodgy email attachments or downloaded files, these viruses seem to mainly originate due to flaws within the system/plugins.
From a network security point of view dealing with worms/spreading viruses a format may be no harm, but for these ransomwares it just adds more unnecessary time and effort to removing the virus. Newer versions of windows Vista upwards employ similar levels of security as seen in Linux and Mac (User Account Control) which restricts the viruses ability to heavily infect systems, so I would strongly advise user's leave UAC on at the default level as a result.
And lastly don't believe in the paranoia Anti virus companies keep spreading, the more paranoid they can make you, the more sales they make so .
Also with regards to rootkits, GMER is pretty good at picking them up,

Nick

I appreciate what you're saying but you can't be guarantee that the virus hasn't changed over time. I was reading a report on it from July and back then the ability to boot into safe mode was possible but since then it's advanced. It's the same with which countries it's targeting, again it started out small and Ireland was added later as it detects where you're located hence knowing who your local police are.

I can see a debate brewing up next time I visit you

yoyo

Deleted User wrote: »

I appreciate what you're saying but you can't be guarantee that the virus hasn't changed over time. I was reading a report on it from July and back then the ability to boot into safe mode was possible but since then it's advanced. It's the same with which countries it's targeting, again it started out small and Ireland was added later as it detects where you're located hence knowing who your local police are.

I can see a debate brewing up next time I visit you

This virus is based on a kit being sold underground (can't remember the name it was given) but the same virus can have stealth added/be modified and simply target users based on freely available geo ip locating lists. It's actually not that advanced or rocket science at all :P .
Anyways, this thread has gone far off topic so I think it's best put to rest . Thanks to the weekend hangover I didn't spot this thread in time and it should have been moved.
OP, if you are still having virus issues I recommend posting over at Virus & Malware Removal which is more suited for these topics.

Nick