# PC Locked by Ukash Police Virus



## Gibbo48 (Jun 2, 2012)

Hi. I was downloading some online football when I suddenly lost my screen and it was replaced by the Ukash Virus Poilce Notice. It states that is a West Yorkshire Police notice and asks for money to unlock my PC. I have had a similar notice before and I managed to find a solution online to erase it. This one seems more aggressive as I cannot access my desktop at all and also my safe mode seems to have been disabled as all I can see on the screen is a load of swiggly writing! I have a Dell 600 laptop with Windows XP. I found the Bleeping Computer web site which recommended the Combo Fix as a solution but also advised that I should seek assistance with using it. I need help as I think I may have to use another computer and download onto a CD so that I can fix my laptop? Please advise


----------



## kevinf80 (Mar 21, 2006)

Have you tried the fix available here http://www.microsoft.com/security/p...spx?Name=Trojan:Win32/Reveton.A#recovery_link Scroll down to "Recovery" follow the instructions.

If that does not work do you have access to a clean PC and a USB memory stick at least 250 MB. It will be formatted so should have no important files saved to it....

Kevin


----------



## Gibbo48 (Jun 2, 2012)

Hi Kevin and thanks for your reply. I would like to try your suggestion however I cannot bypass the Ukash pop up screen. When I reboot it bypasses the desktop completely and my safe mode screen is just full of squiggly writing?! I have been online talking to a couple of Tech support companies and explained everything. They both say I need to access a good computer download tools onto a CD and say they can fix it at a cost of £45. I have heard there is a free tool called Combi Fix have you heard of it?


----------



## Gibbo48 (Jun 2, 2012)

On the instructions you provided the first step says to press control +0 . At what stage of the boot up process am I meant to do that because I have tried? Also is it control + zero or control + the letter O? Thanks


----------



## kevinf80 (Mar 21, 2006)

Boot your PC as Normal, when stable select and hold the *Ctrl key* then select the letter *O* then follow the instructions from the link...

If that does not work it is possible to kill this virus from outside of windows, you need access to a clean PC and a USB stick with minimum size of 250 mb, it will be formatted during the procedure so has to have no important datea saved to it....

Let me know what you want to do..


----------



## Gibbo48 (Jun 2, 2012)

Thanks. I need to get a USB stick as advised which I will try and do today if I can? I will be back in touch once I am ready to go. I do have blank CD roms would I be able to use one of those instead?


----------



## kevinf80 (Mar 21, 2006)

Yes a blank CD is OK, the instructions I have are for USB stick, when you get to the point where you select media just use the CD option. Also when the CD is created you will be booting from that and not the USB stick, any problems; let me know...

Download the *Windows Defender Offline Tool* and save to your Desktop.
You will have to select the correct version for your system, either 32 or 64 bit










Double click







to run the tool, Windows 7 or Vista user right click and select "Run as Administrator"

Read the instructions in the new window and select "Next"










In the new window accept the agreement:










In the new window select your USB Flash Drive, then select "Next"










In the new window ensure you Flash drive is selected, if not click on "Refresh" then select "Next"










In the new window accept the formatting alert by selecting "Next"










Files will be Downloaded:










Files will be processed and created










Flash drive will be formatted and prepared










Files will be added to the Flash Drive and the tool will be created.










The procedure is finished and the Tool created, click on "Finish" to complete.










Plug the USB into the sick PC and boot up, if it does not boot from the flash drive change the boot options as required, Use F12 as it boots, change options...
As it boots you`ll see files being loaded and the windows splash screen, eventually the tool will run a "Quick Scan" follow the prompts and deal with what it finds. 
When complete do a full scan, deal with what it finds.
When finished, remove the USB stick then press the *Esc key* to boot into regular windows.
Navigate to the following file:
*"C:\windows\windows defender offline\support\mssWrapper.log"* Open with notepad and copy and paste it into a reply.

Kevin...


----------



## Gibbo48 (Jun 2, 2012)

That all sounds easy enough to follow Kevin thank you. I take it that everywhere it states usb flash drive I just read CD instead? The only other thing I'm not quite sure about is the very last instruction regarding navigating to the c drive and copying and pasting a reply? Is that some sort of confirmation for you that all is repaired? I will be doing this later on today hopefully so I will definitely confirm how I get on. Many thanks for your assistance so far! Kind regards Andy


----------



## kevinf80 (Mar 21, 2006)

Yes that is correct Andy regarding CD when you see USB stated, I ask for a log/confirmation so we can see what we need to do next.

I doubt very much that this will be a one scan fix, there will undoubtably be other malware on your system. This type of infection is not easy to fix.

If you have anything of extreme importance that you cannot afford to lose it should be backed up before you commence the cleansing procedure.

If you need to back stuff up have a look at the following instructions:

How to recover Data from a Dead System using Ubuntu Live Disc.

To recover data you will have to use a linux based system, it is quite straightforward. Go *Here* for the full instructions on how to use Ubuntu

You might also want to have a read through the following thread:

http://forums.techguy.org/virus-other-malware-removal/1052883-hello-need-help-please-reveton.html

I worked that thread here recently, it is the same infection that you have. Note also it has Zeroaccess Rootkit infection. That will give you an idea of what to expect....

Thanks,

Kevin...


----------



## Gibbo48 (Jun 2, 2012)

Hi Kevin. Just wanted to let you know I have fixed it but not using your advised method! I managed to get onto my desktop by accident as I was shutting the system down while logged into my guest account. This allowed me just enough time to log on to the Malware Antimalware which I already had installed from a while ago. After doing a quick scan the software detected 5 trojans and removed them. I have successfully used this before but this time it was much more difficult to access the desktop. Anyway I restarted as instructed and assumed I was cured; however when I logged back into my main account the pop up re-appeared! I rebooted and logged back into the guest account and repeated the process of the antimalware. This time instead of restarting I simply switched users to my main account and it allowed me onto the desktop where I ran the antimalware again. This time it detected 10 trojans and removed them all. This has cured the problem and I am fully operational again. However I want to really thank you and also want to ask is it still a good idea to download your fix onto a CD for future ref in case it happens again?


----------



## kevinf80 (Mar 21, 2006)

Good to hear you are fixed, regarding the Windows Offline scanner, no not worth keeping as it is updated at source, best to download when needed.

If your system is fixed can you mark this as solved so the thread is completed..

Thanks,

Kevin


----------

