Solved Ukash, danish version

TinaV · Jul 14, 2012

My computer have been infected with the danish ukash :-(. I have tried all sorts of different things (malwarebytes, rkill and tdsskiller among others) and sometimes it seems as it has disappered, but only for a short time (5 minutes), then it returns.
I can only work in safe mode else the Ukash blocks the computer.
I really hope you can help.
I have tried to follow the prework instructions and I hope it is correct.

Ezsystemrepairs · Jul 15, 2012

[Removed]

Sorry but only Malware removal staff and authorized helpers may give support in this forum.

- Mod Staff

Crush · Jul 15, 2012

Hi,

Can you attach the tdsskiller and MBAM log please?

TinaV · Jul 16, 2012

Hi
I couldnt find the old tdsskiller so I have made a new and attched that.
I have attached both an old and a new mbam log.

Crush · Jul 16, 2012

Hi,

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
Link 3

When saving ComboFix rename it to PCHelpForum.exe to prevent it from being blocked by malware.

Refer to this image:

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

Close any open windows and double click PCHelpForum.exe to run it.

You will see the following image:

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

TinaV · Jul 16, 2012

Ok, now I have run it 2 times, both times it said that I hadnt disabled the McAfee anti virus and spy defender (even though I had) and the first time there also was an issue with the user/administrater witch I sorted out for the second run.
I have attached both logs

Crush · Jul 16, 2012

What sort of issues?

TinaV · Jul 16, 2012

This computer was originally set up with more users, but I'm the only user now, and therefor is also administrater. But I really do not understand how Vista works, because I'm told that I do not have the administrater rights. Now I have disabled the control on the useraccounts. Then the problems disappered.

Crush · Jul 16, 2012

Ok. How is the machine running?

TinaV · Jul 16, 2012

So far fine
When Combofix restarted the computer I didnt get it into safemode, so the last hour I didnt see any problems

Crush · Jul 16, 2012

Ok. Give it a day or so and report back

TinaV · Jul 17, 2012

Hi again, I'm still not having any problems with the computer.
But I had a look at the logs from combifix. I noticed that this was the last file created before I had problems (about an hour later)
2012-07-12 19:52 . 2012-07-12 19:52 -------- d-----w- c:\users\Tina\AppData\Roaming\hellomoto
And now I can see a folder called hellomoto with 2 .DAT files in it.
I'm wondering if I should delete the folder?

Crush · Jul 17, 2012

What are the dat files named?

TinaV · Jul 17, 2012

BukF.DAT
TujP.DAT

Crush · Jul 17, 2012

Yeah if you can, delete that folder

Log in or Join Us

Solved Ukash, danish version

TinaV Bronze Member

Attached Files:

OTL.Txt

Extras.Txt

aswMBR.txt

Ezsystemrepairs New Member

Crush Administrator & Security Team Leader

Google Advertisement

TinaV Bronze Member

Attached Files:

tdsskiller.txt

mbam-log-2012-07-13 (22-03-16).txt

Crush Administrator & Security Team Leader

TinaV Bronze Member

Attached Files:

log.txt

log2.txt

Crush Administrator & Security Team Leader

TinaV Bronze Member

Crush Administrator & Security Team Leader

TinaV Bronze Member

Crush Administrator & Security Team Leader

TinaV Bronze Member

Crush Administrator & Security Team Leader

TinaV Bronze Member

Crush Administrator & Security Team Leader

Ukash, danish version

Solved Ukash, danish version

TinaV Bronze Member

Attached Files:

Ezsystemrepairs New Member

Crush Administrator & Security Team Leader

Google Advertisement

TinaV Bronze Member

Attached Files:

Crush Administrator & Security Team Leader

TinaV Bronze Member

Attached Files:

Crush Administrator & Security Team Leader

TinaV Bronze Member

Crush Administrator & Security Team Leader

TinaV Bronze Member

Crush Administrator & Security Team Leader

TinaV Bronze Member

Crush Administrator & Security Team Leader

TinaV Bronze Member

Crush Administrator & Security Team Leader

Ukash, danish version

Useful Searches