As much as I hated my old job, the one thing I miss the most is discovering and killing computer viruses. It was my favourite part of the job. Seeing the first signs of a virus, detecting a new virus never seen before, figuring out how to disinfect it from a computer and then sharing the virus knowledge with the rest of the team. I loved being a super duper virus killing ninja.
Is it strange I get excited seeing the signs of a computer virus and working out how to fix it?
A few years ago I wrote about The Security Tool Virus & steps on how to fix it. It was a virus which was pretty new at the time & 60% of my working day was spent fixing it. I found that the computers were usually infected via p0rn sites, which of course was denied by the users involved. Unluckily for them, we had a tool to know exactly what websites they visited which left them rather red faced.
I miss that. Unfortunately, in my current job; viruses are dealt with the Operational Security Team and I never get to see any. I want to be in that team. It interests me and something I want to be involved in. I just need to figure out how to get my toes in the door. All part of my master plan….
Rewind to late last year and screams from my mother “The police have taken over my computer, they say there’s been illegal activity, they want Â£100 to unlock my computer. What have I done?”. As soon as I saw her laptop, I knew it was a virus. However, at the time I didn’t really know much about it after being out of the loop of Virus Killing.
This virus is aimed to scare people:
Attention! Illegal activity was revealed!
Your operational system is locked as a result of Great Britain law violation!
The following violations were revealed: your IP address (lists your actual IP) was detected on illegal pornographic sites including child pornography, zoophilia and violent scenes with children! Pornographic video with elements of violence and child pornography were revealed on your PC!
This lockout is intended to eliminate possible distribution of the above materials from your PC in the Internet.
For your PC to be unlocked you have to pay penalty equal to Â£100! The penalty is to be paid 24 hours from the moment when your PC was locked! If the penalty is not paid all the data will be removed from your PC!
The problem with this is that scaring people works right into their hands, my mother included. The page they show looks legit to those who don’t know much about computers and many people have no doubt fallen for it. Â£100 is a lot of money, but I have an incline that’s just the beginning.
In more technical terms, the virus modifies your Windows Registry and adds its malicious files to run at start-up, so when you try to boot your computer it will launch the bogus notification instead of your normal profile. Not pretty.
If you ever get this virus, don’t be scared. It looks nasty but it’s pretty easy to get rid of, albeit following a set of instructions & hopefully access to another computer to download some software. I actually keep a USB stick full of anti-spyware, virus scanners and other tech tools I normally use on Windows machines so I don’t need to re-download them all the time. It’s handy. Think about creating one for yourself (I’ll list the tools I use near the end).
Steps to follow to get rid of the Ukash Police Virus:
1. Press and tap the F8 key continuously before the Windows start-up logo appears until you get the Advanced Boot Options screen
2. On the Advanced Boot Options screen, use the arrow keys to highlight Safe Mode with Networking and then press ENTER.
3. If your computer has started in Safe Mode with Networking, you will need to perform a few scans to remove the malicious files from your machine (listed at the end)
If the Ukash Police virus didnâ€™t allow you to start the computer in Safe Mode with Networking, youâ€™ll need to follow different steps to get rid of its lock screen.
1. Press and tap the F8 key continuously before the Windows start-up logo appears like you did previously until you get the Advanced Boot Options screen
2. This time, use the arrow keys to highlight Safe Mode with Command Prompt and then press ENTER.
3. At the command prompt, type cd restore, and then press ENTER. Type the command rstrui.exe, and then press ENTER. This will then open System Restore. Click a restore point, one previous to when the infection was first known.
After System Restore has completed, you should be able to boot in Windows normal mode, you should then perform some scans to remove any malicious files which are yet to erupt.
All these steps given above are pretty idiot proof. Not that I’m calling any of you idiots, but they are a lot easier than giving you registry keys and values to edit & remove. If you have no idea what I’m talking about, just ignore me… lots of people do!
So… what’s in my handy Super Duper Virus Killing Ninja Toolkit? I’ve added the files to DropBox so you can easily download them HERE. The installation & use of these programs is pretty self explanatory. They can all be run in safe mode unlike some alternative applications.
I would run rKill first as it forces all processes to be killed, run Malware Bytes & Super Anti-Spyware simultaneously, then Stinger which blasts viruses away and lastly CCleaner which removes temp files amongst other things.
After you have ran these tools & cleared the infection from your computer, I’d recommend installing and running a good anti-virus software, here’s one option with Norton Anti-Virus but if you don’t want to pay for anti-virus software, there are good free alternatives such as Microsoft Security Essentials, AVG & Avast.
Hopefully I’ve helped a little bit again. If you have a virus on your computer, have no idea what to do & a little stuck, feel free to drop me an email. I love viruses even if you don’t!