Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Virus Locked My Computer - Help!

  • 09-02-2013 11:23pm
    #1
    Registered Users, Registered Users 2 Posts: 10,796 ✭✭✭✭


    A virus called An Garda Siochana – Ukash Virus is after locking my computer and I can't access it to fix it. When I turn it on after doing the password etc the screen just goes white so can't see anything. Have tried safe mode but once dektop opens system shuts down.

    Help please lots of info I need for the morning.

    Thanks.


Comments

  • Registered Users, Registered Users 2 Posts: 2,604 ✭✭✭200motels


    Jamie2k9 wrote: »
    A virus called An Garda Siochana – Ukash Virus is after locking my computer and I can't access it to fix it. When I turn it on after doing the password etc the screen just goes white so can't see anything. Have tried safe mode but once dektop opens system shuts down.

    Help please lots of info I need for the morning.

    Thanks.
    IF you have access to another PC have a read of this it might help you.
    http://www.guidingtech.com/2083/avg-rescue-cd-virus-spyware-removal/


  • Registered Users, Registered Users 2 Posts: 159 ✭✭Poco90


    Hi,
    If you have antivirus and another user account on the pc, log in with the other account and run a scan. I've removed that particular virus like that. If not, get on another pc and download Microsoft security essentials offline and make a usb or CD and scan the pc. Link here explains how to make the bootable media and how to perform a scan. http://windows.microsoft.com/en-IE/windows/what-is-windows-defender-offline.
    Poco


  • Registered Users, Registered Users 2 Posts: 10,796 ✭✭✭✭Jamie2k9


    Thanks for the advise but I will not be able to see anything when I plug in the USB with the files on it.


  • Registered Users, Registered Users 2 Posts: 3,537 ✭✭✭SickBoy


    Jamie2k9 wrote: »
    Thanks for the advise but I will not be able to see anything when I plug in the USB with the files on it.

    You obviously didn't read the link that Poco90 posted...


  • Registered Users, Registered Users 2 Posts: 10,796 ✭✭✭✭Jamie2k9


    SickBoy wrote: »
    You obviously didn't read the link that Poco90 posted...

    I could be taking it up wrong but when i create the USB and insert it into the other computer will it do all the work itselt?


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 3,537 ✭✭✭SickBoy


    Jamie2k9 wrote: »
    I could be taking it up wrong but when i create the USB and insert it into the other computer will it do all the work itselt?

    It's a tool that creates a bootable device.
    The idea is you create the bootable device and power up your computer and choose boot via that drive, be it CD/DVD or USB, depending on what your system will allow you to boot from.
    Some computers will have an option to press F11 or F12 to access the boot menu and you would choose the desired device from there and follow the instructions to scan and hopefully repair your computer from the infection.


  • Registered Users, Registered Users 2 Posts: 10,796 ✭✭✭✭Jamie2k9


    SickBoy wrote: »
    It's a tool that creates a bootable device.
    The idea is you create the bootable device and power up your computer and choose boot via that drive, be it CD/DVD or USB, depending on what your system will allow you to boot from.
    Some computers will have an option to press F11 or F12 to access the boot menu and you would choose the desired device from there and follow the instructions to scan and hopefully repair your computer from the infection.

    Great thanks just downloading it now.


  • Registered Users, Registered Users 2 Posts: 10,796 ✭✭✭✭Jamie2k9


    So I have it on the USB
    When I go into system setup and boot I have 7 options when I start up it dson't seem to scan. I have moved the USB's to the top but still nothing working.


  • Registered Users, Registered Users 2 Posts: 3,537 ✭✭✭SickBoy


    Jamie2k9 wrote: »
    So I have it on the USB
    When I go into system setup and boot I have 7 options when I start up it dson't seem to scan. I have moved the USB's to the top but still nothing working.

    Is there any option on the boot screen like "F12 for boot options" ?


  • Registered Users, Registered Users 2 Posts: 10,580 ✭✭✭✭Riesen_Meal


    Ive seen this one a few times now, if you can get into safe mode, try rolling back your windows updates to the most recent date before you got the virus, it worked on my friends vista machine for me.....


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 10,796 ✭✭✭✭Jamie2k9


    Ive seen this one a few times now, if you can get into safe mode, try rolling back your windows updates to the most recent date before you got the virus, it worked on my friends vista machine for me.....

    Safe mode keeps shutting down once it opens.

    Anyway I kept turning on/off 4 times (by unpluging and the battery) and then it system went into driver repair mode. Came back saying system could not fix problems and sent a report to Microsoft. Anyway after that it gave me option to do a numer of default restores etc then I got the option to scan for affected files after doing it it restarted and worked. Thanks again for all the help.


  • Posts: 0 [Deleted User]


    WIPE your machine and re-install now


  • Registered Users, Registered Users 2 Posts: 276 ✭✭HelpWithIT


    You can also make a bootable cd which will probably be easier for you as most systems boot from cd-rom by default, if it doesn't then just change the boot up selection in the bios. There is another thread on the boards about this virus...Always good to search the Boards frist..saves your fingers (-;
    http://www.boards.ie/vbulletin/showthread.php?t=2056851486


  • Moderators, Technology & Internet Moderators Posts: 11,017 Mod ✭✭✭✭yoyo


    WIPE your machine and re-install now

    Helpful advice only please. These viruses can be easily removed usually without the need for such drastic measures.
    To help the OP, use a bootable rescue disk like Kaspersky which should pick up the rogue software. Then run Malwarebytes/Super AS to clear up any of the leftovers.

    Nick


  • Moderators, Business & Finance Moderators, Regional South Moderators Posts: 6,854 Mod ✭✭✭✭mp22


    Download trinity rescue kit burn it to a cd boot the pc from the cd drive use the winpass function,it enables the hidden admin acc,restart the pc use the new admin acc,you will be able to download anti malware ect and run it.


  • Posts: 0 [Deleted User]


    yoyo wrote: »
    Helpful advice only please. These viruses can be easily removed usually without the need for such drastic measures.
    To help the OP, use a bootable rescue disk like Kaspersky which should pick up the rogue software. Then run Malwarebytes/Super AS to clear up any of the leftovers.

    Nick

    Nick it's Niall - you know I work in Network Security.

    We ALWAYS advise our clients to wipe their machines after "removing" a virus. No matter what you do with anti-virus you can never be sure it's fully removed.

    Once he has access to his machine again he should take his files from the machine and REINSTALL THE OS anything could still be lurking within no matter what you do.


  • Moderators, Technology & Internet Moderators Posts: 11,017 Mod ✭✭✭✭yoyo


    Nick it's Niall - you know I work in Network Security.

    We ALWAYS advise our clients to wipe their machines after "removing" a virus. No matter what you do with anti-virus you can never be sure it's fully removed.

    Once he has access to his machine again he should take his files from the machine and REINSTALL THE OS anything could still be lurking within no matter what you do.

    Re-formatting is a fairly drastic measure to remove these viruses. From experience all they tend to do is drop a exe in the appdata folder/modify some shell startup items in the registry.
    Of course you could format and go along with the hassle, it entails, but the reality is that it would be overkill. Not to mention how sure would you be the virus didn't infect any of your files you will be restoring later on... (again a very very slim chance of this happening)

    Nick


  • Posts: 0 [Deleted User]


    A friend got this and the following sorted it out.

    Start machine in Safe Mode with networking
    Download Malware Anti Bytes
    Perform Full Scan in the above program
    Download CCleaner and bleech bit and clean any residue files
    This should clean your machine and back to normal

    Then consider about using Linux.


  • Registered Users, Registered Users 2 Posts: 276 ✭✭HelpWithIT


    yoyo wrote: »
    Re-formatting is a fairly drastic measure to remove these viruses. From experience all they tend to do is drop a exe in the appdata folder/modify some shell startup items in the registry.
    Of course you could format and go along with the hassle, it entails, but the reality is that it would be overkill. Not to mention how sure would you be the virus didn't infect any of your files you will be restoring later on... (again a very very slim chance of this happening)

    Nick

    I would have to agree with Nick on this...usually this virus comes from free software/film sites so I find that even after unlocking windows and removing the virus that due to user's previous browsing trends...there are always viruses/spyware of some description left and I would presume that the I.T guy or repair shop would take these steps anyway!! I removed this from a Printing Company's PC on Friday, and found that there were a lot of other viruses/spyware on the system after the Garda Virus removal, it took 4 and a half hours to completely clean the PC and I left him with trial Internet Security Package to use..I guarantee you he preferred this method than to having to reinstall windows from scratch and reinstall all his printing software (some of the cds which he no longer had) which would have taken much longer to do (-;


  • Registered Users, Registered Users 2 Posts: 36,170 ✭✭✭✭ED E


    I've cleared it by removing it from startup, one step. Obviously I cleaned the machine down afterwards, but formatting is a tin foil hat suggestion.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 10,299 ✭✭✭✭BloodBath


    Nick it's Niall - you know I work in Network Security.

    We ALWAYS advise our clients to wipe their machines after "removing" a virus. No matter what you do with anti-virus you can never be sure it's fully removed.

    Once he has access to his machine again he should take his files from the machine and REINSTALL THE OS anything could still be lurking within no matter what you do.

    You actually work in Network security and this is your advice? What if the files he takes from his machine are also infected?

    There are some great great Av's and anti spyware tools out there at the moment. Getting infected with anything nasty is pretty hard in the first place if you have them installed.

    I have not had a single virus or spyware on my pc since installing avast. It makes is pretty damn hard for you to infect your pc and I'd trust them 99.99% if the scans show up no infection.

    Avast is all you need really. If you want extra protection go with malwarebytes as well. They are both free and won't conflict with each other. At least the free versions won't.


  • Registered Users, Registered Users 2 Posts: 2,604 ✭✭✭200motels


    BloodBath wrote: »
    You actually work in Network security and this is your advice? What if the files he takes from his machine are also infected?

    There are some great great Av's and anti spyware tools out there at the moment. Getting infected with anything nasty is pretty hard in the first place if you have them installed.

    I have not had a single virus or spyware on my pc since installing avast. It makes is pretty damn hard for you to infect your pc and I'd trust them 99.99% if the scans show up no infection.

    Avast is all you need really. If you want extra protection go with malwarebytes as well. They are both free and won't conflict with each other. At least the free versions won't.
    In your opinion would Avast be better than Security Essentials?


  • Registered Users, Registered Users 2 Posts: 637 ✭✭✭Rabbo


    I removed this virus from a computer recently. The virus wouldn't allow me to work in Safe Mode so I did the following:

    1. On another computer, download Hitman Pro from the follwing site: http://www.surfright.nl/en/hitmanpro
    2. Insert an empty usb drive into computer and the HitMan software should create a bootable USB for you.
    3. Insert bootable usb into infected computer, turn on and repeatedly press F11 key to enter boot option (may be a different key on some computers).
    4. Select the USB drive to boot from
    5. Hitman dialog box should appear. Set it to scan and remove anything found.
    6. Restart computer and install MalwareBytes from here: http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html
    7. After it is installed, update Malwarebytes, do a full scan and remove any remaining threats
    8. Computer should be clean now but download Microsoft Security Essentials and set it to scan daily to reduce chances of reinfection.

    Note that Hitman Pro is an aggressive virus remover and has been known to accidentally delete important files so using it is not without risk. It's the only thing that I could find to remove the virus.


  • Closed Accounts Posts: 1,190 ✭✭✭Squeaky the Squirrel


    200motels wrote: »
    In your opinion would Avast be better than Security Essentials?
    Security Essentials BADLY failed another test this week, I'd go with Avast till Microsoft sort it out.


  • Closed Accounts Posts: 1,190 ✭✭✭Squeaky the Squirrel




  • Registered Users, Registered Users 2 Posts: 8,184 ✭✭✭riclad


    Avast is better, mse has failed various tests on pcpro.
    see www.pcpro.co.uk it has simply failed to detect certain virus, es .


  • Registered Users, Registered Users 2 Posts: 10,299 ✭✭✭✭BloodBath


    Avast is far superior to MSE. I'd say almost any AV is better than that.

    Avast is updated daily several times a day with the latest definitions and virus database. It automatically scans all downloaded files and all visited websites and blocks any threats.

    It opens all new programs in a sandbox, in case they are malicious, so they cannot infect the rest of the system.

    I have had 0 issues of any kind in 5 years of pc use since using avast. PC security is pretty important since I pay all my bills online and shop online. My personal and bank details get entered on a regular basis.

    There's no way I'd trust that to MSE.

    It's a joke in an age where microsoft are charging €80-100 for an os that still doesn't have a reliable av as standard.


  • Posts: 0 [Deleted User]


    It's amazing the response I'm getting from people here.

    Yes my advice is to wipe the system.

    Lets be realistic here, Antivirus is about 5% effective on new viruses, don't fool yourself.

    No wiping your system is not a drastic measure at all. This infection gains root access to your system, generally they will attempt to corrupt the system and leave a 'back door' or if you might know 'rootkit'.

    Again generally they attack the OS and not files, if you look at it this way - When attacking a system a hacker wants the most hits per infection (if the virus hits 5000 computers maybe only 10 or 20 will actually be infected).... they attack similarity's amongst systems this is why they look at OS level rather that files, they would be counting on every system having the same file type which is not guaranteed whereas have (for instance) Java installed is highly more likely.

    You can take your files off your computer onto an external hard drive.
    Now wipe your system, create an administrator account and a user account.
    Your daily account should be the user account and never use your admin account.

    This is a great level of protection as anything attempt to make system changes under your user account needs admin access and will prompt you for admin password.

    Scan your files and check the 'date last modified' again you can't be sure they files haven't been infected but they wont have root access under your new account. I'd generally say your personal files won't be affected (word docs, pdf's, mp3s etc) but as Nick pointed out they might be.






    There's a lesson to be learned here, you have to be more vigilant with your system. In the time you were infected somebody could have accessed your system remotely and copied all your files form the system... do you have bank statements on your pc? Do you have a document with personal information? This is unlikely due to the nature of the infection.

    At very least create a new account without admin privileges and use this account.... also change your passwords.



    The above advice is good... I could write a short document on best practices but I don't really have time at the moment.

    1 Patch
    2 Use complex passwords
    3 Don't use torrents
    4 Don't use an admin account for surfing the web
    5 Back up your files regularly to an external HDD


  • Advertisement
  • Posts: 0 [Deleted User]


    BloodBath wrote: »
    I have not had a single virus or spyware on my pc since installing avast. It makes is pretty damn hard for you to infect your pc and I'd trust them 99.99% if the scans show up no infection.

    :eek: Insane


  • Moderators, Technology & Internet Moderators Posts: 11,017 Mod ✭✭✭✭yoyo


    These UKash viruses are not the kind to be too worried about, there is zero evidence that keyloggers or other associated software is installed alongside these viruses. These are essentially "ransomware" set out to employ scare tactics into making people hand over money, there is no evidence these viruses would require a full format to properly disinfect. In fact, viruses/malware that employ keyloggers generally stay quiet so as to not alert the user of a possible infection (which would be counter productive).
    With regards to anti virus scanner ratings, take these tests with a pinch of salt. No AV no matter how fancy it is will be guaranteed to detect new zero day exploits. I only recently had to remove a ransomware off an "up to date" Kaspersky Internet Security protected computer.
    The main source for these malware infections comes from insecure systems (I.e: Windows or Mac OS systems that are not kept up to date) or from browser plugins not kept up to date (Internet Browsers, Java, Flash, Acrobat Reader etc.). While infection is also possible from opening dodgy email attachments or downloaded files, these viruses seem to mainly originate due to flaws within the system/plugins.
    From a network security point of view dealing with worms/spreading viruses a format may be no harm, but for these ransomwares it just adds more unnecessary time and effort to removing the virus. Newer versions of windows Vista upwards employ similar levels of security as seen in Linux and Mac (User Account Control) which restricts the viruses ability to heavily infect systems, so I would strongly advise user's leave UAC on at the default level as a result.
    And lastly don't believe in the paranoia Anti virus companies keep spreading, the more paranoid they can make you, the more sales they make so ;):) .
    Also with regards to rootkits, GMER is pretty good at picking them up,

    Nick


  • Moderators, Music Moderators Posts: 4,726 Mod ✭✭✭✭Gonzovision


    Download combofix from bleeping computer and put it on a usb stick or hard drive. Boot into safe mode with command prompt. Press ctrl, shift and escape. New task, browse to the usb and run combofix.

    When the machine reboots into windows after the scan, run mlawarebytes and an eset online scan. I've done several of these over the last few weeks.


  • Posts: 0 [Deleted User]


    yoyo wrote: »
    These UKash viruses are not the kind to be too worried about, there is zero evidence that keyloggers or other associated software is installed alongside these viruses. These are essentially "ransomware" set out to employ scare tactics into making people hand over money, there is no evidence these viruses would require a full format to properly disinfect. In fact, viruses/malware that employ keyloggers generally stay quiet so as to not alert the user of a possible infection (which would be counter productive).
    With regards to anti virus scanner ratings, take these tests with a pinch of salt. No AV no matter how fancy it is will be guaranteed to detect new zero day exploits. I only recently had to remove a ransomware off an "up to date" Kaspersky Internet Security protected computer.
    The main source for these malware infections comes from insecure systems (I.e: Windows or Mac OS systems that are not kept up to date) or from browser plugins not kept up to date (Internet Browsers, Java, Flash, Acrobat Reader etc.). While infection is also possible from opening dodgy email attachments or downloaded files, these viruses seem to mainly originate due to flaws within the system/plugins.
    From a network security point of view dealing with worms/spreading viruses a format may be no harm, but for these ransomwares it just adds more unnecessary time and effort to removing the virus. Newer versions of windows Vista upwards employ similar levels of security as seen in Linux and Mac (User Account Control) which restricts the viruses ability to heavily infect systems, so I would strongly advise user's leave UAC on at the default level as a result.
    And lastly don't believe in the paranoia Anti virus companies keep spreading, the more paranoid they can make you, the more sales they make so ;):) .
    Also with regards to rootkits, GMER is pretty good at picking them up,

    Nick


    I appreciate what you're saying but you can't be guarantee that the virus hasn't changed over time. I was reading a report on it from July and back then the ability to boot into safe mode was possible but since then it's advanced. It's the same with which countries it's targeting, again it started out small and Ireland was added later as it detects where you're located hence knowing who your local police are.

    I can see a debate brewing up next time I visit you ;):p


  • Moderators, Technology & Internet Moderators Posts: 11,017 Mod ✭✭✭✭yoyo


    I appreciate what you're saying but you can't be guarantee that the virus hasn't changed over time. I was reading a report on it from July and back then the ability to boot into safe mode was possible but since then it's advanced. It's the same with which countries it's targeting, again it started out small and Ireland was added later as it detects where you're located hence knowing who your local police are.

    I can see a debate brewing up next time I visit you ;):p

    This virus is based on a kit being sold underground (can't remember the name it was given) but the same virus can have stealth added/be modified and simply target users based on freely available geo ip locating lists. It's actually not that advanced or rocket science at all :P .
    Anyways, this thread has gone far off topic so I think it's best put to rest ;) . Thanks to the weekend hangover I didn't spot this thread in time and it should have been moved.
    OP, if you are still having virus issues I recommend posting over at Virus & Malware Removal which is more suited for these topics.

    Nick


This discussion has been closed.
Advertisement