No response from Avast regarding UKASH virus

[Archie881]

Hi all,
I am very disappointed with avast, I have tried to seek assistance to remove the UKASH virus, but my request has fallen on deaf ears.
I have tried to follow internet instructions online but my computer does not restart the same way as required.

Does anyone know how to get rid of this virus,
I,d really appreciate some help here,

Many thanks

Alan

[true indian]

this ransomware malware changes in daily basis...so all antiviruses are failing...

follow guide and attach all logs: http://forum.avast.com/index.php?topic=53253.0

[true indian]

you get help here....

follow this guide and attach (not copy and paste) logs from malwarebytes / OTL / aswMBR
http://forum.avast.com/index.php?topic=53253.0

better explanation...thanks pondus 

[essexboy]

Is this just a ransom demand or has it encrypted files ?

If it is encryption please do not run any other tools bar OTL and aswMBR

[Archie881]

Thanks for the replies .

I've read through some of the links, and they all ask me to download new software.......I would love to, unfortunately, on starting up, the virus locks up the pc and I can't do anything
It runs through the start up and when Avast tries to start the desktop is locked.

I've tried hitting f8 on startup, and After " safe ode with command prompts" I do not have a choice to anything other than windows XP

I'm getting rather frustrated, have called Avast a couple of times but get answer machine.

[essexboy]

Are you able to log in to safe mode ?

Do you have access to another computer to download some tools and either burn to CD or USB ?

What OS are you using XP, Vista, 7 (32 or 64bit)

[Archie881]

When I try safe mode, it goes back to offering me the option to start windows Xp and I have the same problem.

I think I can download something to a USB on a laptop, any suggestions?

Alan

[essexboy]

As you have XP I can only do it to a CD, do you have one available ?   I will look also to see if I can find a way of getting it on USB, imgBurn may have been updated to burn to USB 
 
Please print these instruction out so that you know what you are doing

• Download OTLPENet.exe to your desktop
  
• Download Farbar Recovery Scan Tool and save it to a flash drive.
  
• Ensure that you have a blank CD in the drive
• Double click OTLPENet.exe and this will then open imgburn  to burn the file to CD
  
• Reboot your system using the boot CD you just created.

Note : If you do not know how to set your computer to boot from CD follow the steps here

• As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads 
• Your system should now display a Reatogo desktop.

Note : as you are running from CD it is not exactly speedy

• Insert the flash drive with FRST on it
• Locate the flash drive and run FSRT
• The tool will start to run.

• When the tool opens click Yes to disclaimer.
• Press Scan button.
  
• It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

[Archie881]

Thanks for your help Essexboy I really appreciate it.

Have downloaded FRST to a disc. Started PC and hit f11, boot from CDROM  selected with disc in. But then it carried on loading up and did the same as before.

When it started after I'd hit start from CDROM, the " boot from cd" line flashed for a couple of seconds then carried on as normal, should I have tried to enter something at this point?

[Archie881]

Are you still there Essexboy? I'm still stuck.

[essexboy]

No it should have gone to the reatogo desktop after you pressed a key (the full line should have read press any key to boot from CD)
Retry again but press the space bar as soon as that appears

If not

OK from the safe mode are you able to select command prompt ?

If so insert the USB/CD and run the following command :

fsutil fsinfo drives

This will list the drives
Locate the CD/USB drive

e.g.  C will be the main drive so D or E should be the other drive (dependant on what partitions you have)

Then at the command prompt change to the other drive as follows:

cd D:   (or E if that is the case )

Then type:

FRST.exe

 

[Archie881]

Unfortunately, no luck.
 Can't seem to get the PC to start from CD.
When the start from cd prompt came up i hit loads of keys with no effect.

Have used the Internet and set the boot BIOS to CDROM, but still didn't work.

Could the virus have disabled the cd reader?

[seniors3]

managed to get rid i think using malwarebytes program - already found virus with the help of you tube - don't known a great deal about this sort of thing but seems to be ok now - also found other trojans avast let in
notepad info if it helps below - the ransomware is the WPD file
Folders Detected: 1
C:\sooi832.bin (Trojan.SpyEyes) -> Quarantined and deleted successfully.

Files Detected: 2
C:\$Recycle.Bin\S-1-5-21-2862853474-1884823709-71122443-1000\$R7SOL8L\WPDShextAutoplay.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\sooi832.bin\22A600CD222877F (Trojan.SpyEyes) -> Quarantined and deleted successfully.

[essexboy]

Were you able to get into safe mode with command prompt ? as per my previous

[essexboy]

One further thought... When you get to the ransom window
Could you press the windows key and R together
Does that produce a run dialogue